SonarCloud vs Veracode comparison

You must select at least 2 products to compare!
Sonar Logo
8,118 views|5,651 comparisons
Veracode Logo
30,242 views|20,584 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between SonarCloud and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed SonarCloud vs. Veracode Report (Updated: September 2023).
735,432 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The most valuable feature of SonarCloud is its overall performance.""The reports from SonarCloud are very good.""I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is.""The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions.""The solution can be installed locally.""The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."

More SonarCloud Pros →

"Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful.""The capability to identify vulnerable code is the most valuable feature of Veracode.""The static scan is the feature that we use the most, as it gives us insight into our source code. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly.""Veracode offers various security features.""Veracode's most valuable aspect is continuous integration. It helps us integrate with other applications so that it can monitor the security process.""The best feature is definitely the detailed reports. It provides code-related queries in the order of high, medium, and low depending on what we need to do. Veracode is user-friendly as well.""The most valuable feature is the static scan that checks for security issues.""The static scan and the detailed reports, which include issue information and permissions, are the most valuable features."

More Veracode Pros →

"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit.""We had some issues with the scanner.""It would be helpful if notifications could go out to an extra person.""SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive.""CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling.""The solution needs to improve its customization and flexibility."

More SonarCloud Cons →

"The training lab is not very user-friendly and takes a long time to set up.""Veracode can improve the price model and how they bill the final offer to customers. It's based on the amount of traffic. For example, you can buy 1 gigabyte distributed across various applications, and each one can consume part of the whole allotment of traffic data.""The support team could be more responsive, and the dependency of users on the support team is too high and should be reduced.""It will be beneficial for developers if Veracode Greenlight includes Python.""The scanning on the UI portion of our applications is straightforward, but folks were having challenges with scans that involved microservices. They had to rope in an expert to have it sorted.""It does not have a reporting structure for an OS-based vulnerability report, whereas its peers such as Fortify and Checkmarx have this ability. Checkmarx also provides a better visibility of the code flow.""I've found that Veracode is not particularly suitable for Dynamic Application Security Testing.""It's taking too much time to do a quality scan."

More Veracode Cons →

Pricing and Cost Advice
  • "The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
  • "The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
  • "I am using the free version of the solution."
  • More SonarCloud Pricing and Cost Advice →

  • "From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."
  • "The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."
  • "It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as compared to the other competitors, and any small, medium, or big company can easily adopt Veracode. Its cost includes deployment, training, and support for one year."
  • "The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."
  • "There is a fee to scale up the solution which I consider expensive."
  • "I know that Veracode is a semi-pricey solution. If you are serious about security, I would recommend that you use an open-source option to learn how the scanning process works and then look into Veracode if you want to really step up your game and have an all-in-one solution."
  • "I wouldn't really recommend Veracode for a small firm, because it might be a little pricey for them. But for a large organization, with more than 1,000 applications in the enterprise, there are tiered levels of pricing."
  • "There are no setup or implementation charges. They offer a free trial and free consulting services... The price depends on your requirements, your source code sizes, and how complicated your source code is."
  • More Veracode Pricing and Cost Advice →

    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    735,432 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false… more »
    Top Answer:The solution needs to improve its customization and flexibility.
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Top Answer:The SAST and DAST modules are great.
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Average Words per Review
    Average Words per Review
    SonarQube logo
    Compared 35% of the time.
    Checkmarx logo
    Compared 15% of the time.
    Fortify on Demand logo
    Compared 6% of the time.
    OWASP Zap logo
    Compared 5% of the time.
    Snyk logo
    Compared 4% of the time.
    Learn More
    Video Not Available

    SonarCloud is the leading online service to catch Bugs and Security Vulnerabilities in your Pull Requests and throughout your code repositories. Totally free for open-source projects (paid plan for private projects), SonarCloud pairs with existing cloud-based CI/CD workflows, and provides clear resolution guidance for any Code Quality or Code Security issue it detects. With more than 1 billion lines of code analyzed every week, SonarCloud empowers development teams of all sizes to write cleaner and safer code, across 24 programming languages.

    Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

    Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

    Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

    Here are some of the benefits of using Veracode:

    • Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
    • Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application. 
    • Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.
    Learn more about SonarCloud
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Sample Customers
    Microsoft, Apache, Wikimedia foundation, Brave
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    Computer Software Company19%
    Financial Services Firm9%
    Manufacturing Company8%
    Healthcare Company5%
    Financial Services Firm27%
    Computer Software Company18%
    Insurance Company9%
    Comms Service Provider5%
    Financial Services Firm18%
    Computer Software Company16%
    Manufacturing Company8%
    Company Size
    Small Business23%
    Midsize Enterprise19%
    Large Enterprise58%
    Small Business29%
    Midsize Enterprise19%
    Large Enterprise52%
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise71%
    Buyer's Guide
    SonarCloud vs. Veracode
    September 2023
    Find out what your peers are saying about SonarCloud vs. Veracode and other solutions. Updated: September 2023.
    735,432 professionals have used our research since 2012.

    SonarCloud is ranked 10th in Application Security Testing (AST) with 6 reviews while Veracode is ranked 2nd in Application Security Testing (AST) with 70 reviews. SonarCloud is rated 8.4, while Veracode is rated 8.2. The top reviewer of SonarCloud writes "It helps us detect vulnerabilities, but the integration with other tools in the CI/CD pipeline could be better". On the other hand, the top reviewer of Veracode writes "Good reporting, comprehensive interface, and integrates well into our build pipeline". SonarCloud is most compared with SonarQube, Checkmarx, OWASP Zap, GitLab and Fortify on Demand, whereas Veracode is most compared with SonarQube, Checkmarx, Fortify on Demand, OWASP Zap and Snyk. See our SonarCloud vs. Veracode report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.