We performed a comparison between Trustwave App Scanner [EOL] and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."The stability is great. We haven't had any issues at all with it."
"Veracode Fix is a new feature that functions similarly to auto-remediation for low or medium flaw codes."
"The ability on static scans to be able to do sandbox scans which do not generate metrics."
"The product provides guidance to develop secure software."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
"The CI/CD integration is the most valuable feature of Veracode."
"It is a cloud-based platform, so every organization or every security team in the organization is concerned about uploading their code because ultimately the code is intellectual property. The most useful thing about Veracode is that if you want to upload the code, they accept only byte code. They do not accept the plain source code as an input. The code is converted into binary code, and it is uploaded to Veracode. So, it is quite secure. It also has the automation feature where you can integrate security during the initial stages of your software development life cycle. It is pretty much easy with Veracode. Veracode provides integration with multiple tools and platforms, such as Visual Studio, Java, and Eclipse. Developers can integrate with those tools by using Jenkins. The security consultation or the support that they provide is also really good. Its user management is also good. You can restrict the users for a particular application so that only certain developers will be able to see the code that has been scanned. Their reporting model is really good. For each customer, they provide a program manager. Every quarter, they have their reviews about how much it has scanned. They also ensure that the tool has been used efficiently."
"I like the static scanning, and Veracode's interface is excellent. The dashboard is easy to navigate."
"We like the fact that all the issues are identified and that Veracode provides sufficient information on how to resolve them."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
"Veracode's SAST, DAST, and SCA are pretty good with respect to industry standards, but with regard to container security, they are in either beta or alpha testing. They need to get that particular feature up and running so that they take care of the container security part."
"I would like Veracode to add more language support."
"A high number of false positives are reported and this should be reduced."
"I would like to see these features: entering comments for internal tracking; entering a priority; reports that show the above."
"Third-party library scanning would be very useful to have. When I was researching this a year ago, there was not a third-party library scan available. This would be a nice feature to have because we are now running through some assessments and finding out which tool can do it since this information needs to be captured. Since Veracode is a security solution, this should be related."
"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."
"An area for improvement in Veracode is the time that it takes to scan large projects, as that makes it difficult to fit into our CI/CD pipelines."
"It's very expensive for a small organization."
Earn 20 points
Trustwave App Scanner [EOL] doesn't meet the minimum requirements to be ranked in Application Security Testing (AST) while Veracode is ranked 2nd in Application Security Testing (AST) with 194 reviews. Trustwave App Scanner [EOL] is rated 7.6, while Veracode is rated 8.2. The top reviewer of Trustwave App Scanner [EOL] writes "It helps us troubleshoot failed scans and incomplete statuses". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Trustwave App Scanner [EOL] is most compared with , whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap.
See our list of best Application Security Testing (AST) vendors and best Application Security Tools vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.