We performed a comparison between ReShaper and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Veracode, OpenText, JetBrains and others in Static Code Analysis."It comes with many features and supports almost all of the coding languages available."
"The most valuable feature of ReShaper is that it provides continuously scanning of the data in real-time. ReShaper has a really good mechanism and process, they have a decent system."
"Veracode enables us to build a strong data security layer in our platforms. We can increase customer confidence in data security. Some PCI/HIPAA compliance issues were impossible to resolve without Veracode."
"In terms of application security best practices and guidance to our teams, their engineering staff is really excellent. They provide our developers with suggestions and they take those to heart. They've learned from the recommended remediation strategies provided by the Veracode security engineers. That makes all of their future code better."
"I have found the user interface extremely helpful in prioritizing issues."
"I appreciate the integration provided by Veracode that seamlessly integrates with our CI/CD tools and allows us to integrate with IPA as well."
"The capability to identify vulnerable code is the most valuable feature of Veracode."
"We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle."
"I like Veracode's static analysis. It was one of the core development tools when I worked with a telecommunication company where we were delivering new features for various applications and purposes each week, such as CRM, data channels, compliance, traffic data, etc."
"It has the ability to scale, and the fact that it doesn't produce a lot of false positives."
"ReShaper could improve by increasing the performance of the scans. Their application is taking too much CPU. The processing is taking too many CPU resources which causes the system to slow down."
"When it's integrated with a weak server machine, the performance isn't that great. It starts up slowly and even crashes at times."
"Ideally, I would like better reporting that gives me a more concise and accurate description of what my pain points are, and how to get to them."
"It should include more informational, low level, vulnerability summaries and groupings. Large related groups of low level vulnerabilities may amount to a design flaw or another avenue for attack."
"The policies you have, where you can tune the findings you get, don't allow you not to file tickets about certain findings. It will always report the findings, even if you know you're not that concerned about a library writing to a system log, for example. It will keep raising them, even though you may have a ticket about it. The integration will keep updating the ticket every time the scan runs."
"Veracode doesn't really help you so much when it comes to fixing things. It is able to find our vulnerabilities but the remediation activities it does provide are not a straight out-of-the-box kind of model. We need to work on remediation and not completely rely on Veracode."
"It would be ideal if it was able to demonstrate higher levels of cybersecurity certifications like becoming FedRAMP compliant or working in those areas."
"Improve Mobile Application Dynamic Scanning DAST - .ipa and .apk"
"They should improve on the static scanning time."
"Veracode is costly, and there is potential for improvement in its pricing."
ReShaper is ranked 3rd in Static Code Analysis with 2 reviews while Veracode is ranked 1st in Static Code Analysis with 193 reviews. ReShaper is rated 8.6, while Veracode is rated 8.2. The top reviewer of ReShaper writes "Detects, analyzes, and fixes any coding issues". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". ReShaper is most compared with Whole Tomato Visual Assist and Fortify Static Code Analyzer, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap.
See our list of best Static Code Analysis vendors.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
