No more typing reviews! Try our Samantha, our new voice AI agent.

Veracode vs Virsec Security Platform comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Veracode
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
208
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Container Security (12th), Software Composition Analysis (SCA) (1st), Static Code Analysis (1st), Dynamic Application Security Testing (DAST) (1st), Application Security Posture Management (ASPM) (1st)
Virsec Security Platform
Average Rating
7.0
Reviews Sentiment
5.9
Number of Reviews
1
Ranking in other categories
Vulnerability Management (104th), Continuous Threat Exposure Management (CTEM) (29th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Veracode is designed for Application Security Tools and holds a mindshare of 4.3%, down 9.1% compared to last year.
Virsec Security Platform, on the other hand, focuses on Vulnerability Management, holds 0.4% mindshare, up 0.1% since last year.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Veracode4.3%
SonarQube12.4%
Checkmarx One8.2%
Other75.1%
Application Security Tools
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Virsec Security Platform0.4%
Wiz4.4%
Qualys VMDR3.9%
Other91.3%
Vulnerability Management
 

Featured Reviews

reviewer2753535 - PeerSpot reviewer
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
Integrates security into the development process and improves team collaboration
Veracode helps organizations develop software by reducing the risk of security vulnerabilities through developer enablement and applications focused on governance. You can utilize different levels of processes to achieve better performance or a more scalable service. Since I started working with it in 2022, I’ve found it to be cost-effective as well. Overall, Veracode is a user-friendly security tool. It includes features such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). During the development phase, we can identify vulnerabilities in the application. This process occurs in the staging environment during development. When we're ready to go to production, we conduct a final check. Essentially, this tool helps identify vulnerabilities during the code development stage, including both high-level vulnerabilities and those related to open-source software composition. We utilize specific methodologies for this purpose. Additionally, it offers a feature that allows us to set up policies based on client requirements. This means we can customize the tool to meet the specific needs of our clients, ensuring that they receive the appropriate level of security in their applications. Veracode is user-friendly as well. Compared to other tools, their scans take 15 minutes or under. If you have a large scale of libraries or data, it might take longer, but based on my personal experience, the scan usually runs within fifteen minutes. For my case study using the Veracode tool, I worked on an internal project following industry standards. We used Veracode to improve our security posture and speed up the time to market by streamlining the development process. This enhanced collaboration between developers, operations, and security teams. The automated scanning process helped identify and fix vulnerabilities earlier in the development process. We maintained compliance with regulatory requirements, avoided fines, and built customer trust by integrating security into the development process. When we conduct this scan, we receive data on a list of vulnerabilities. This information improved our communication and increased transparency, which leads to better reports about the efforts being put in. This results in a more effective and efficient collaboration process, making it user-friendly for all involved. When considering costs, if we resort to manual processes, it can be time-consuming. Therefore, we utilize automated scans to identify and fix security issues. This allows us to address vulnerabilities early in the development process, as we discussed previously. This applies both to our in-house code and third-party libraries, using Software Composition Analysis (SCA) agent-based scans. In the future, we will also implement SCA agent-based scans as a separate feature within Veracode, which can help organizations avoid the expensive and time-consuming consequences of security issues. Furthermore, we have seen an increase in compliance, helping to maintain adherence to regulatory requirements and industry standards, thereby avoiding fines and reputational damage associated with noncompliance. Additionally, by integrating security into the development process, we enhance customer trust in our organization and its products.
KevinMcCarthy - PeerSpot reviewer
Security Manager at Klearnow
Helps with Zero-day protection
We use the solution for Zero-day protection.  The solution stops any kind of remote code execution.  The tool's dashboard needs to load since it is not responsive and takes time to load.  I have been using the product for a year.  I would rate the tool's stability a six out of ten.  I would…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Informs me of code security vulnerabilities. Bamboo build automation with Veracode API calls are used.​"
"It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that."
"It does software composition analysis, discovering open source software weaknesses."
"Veracode's most valuable aspect is continuous integration. It helps us integrate with other applications so that it can monitor the security process."
"When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them."
"I don't have much experience with the solution yet. We're looking at integrating Manual Penetration Testing with JIRA and Bamboo and then building that into a CICD model, so the integration is the most valuable feature so far."
"Veracode has improved my organization's ability to fix flaws because before Veracode, we did not even know about issues from the security side."
"My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople are fabulous."
"We use the solution for Zero-day protection."
 

Cons

"Searching for applications in Veracode is a little bit difficult. We have to minimize the length of an application's name to 47 characters. It would be good if this limit could be increased so that an application's name can be properly reflected in Veracode."
"It will be beneficial for developers if Veracode Greenlight includes Python."
"I found that there were far too many warnings and some false positives."
"Mitigation review isn't always super easy."
"We have not had much free expert support from the vendor. We have had to have a team of highly skilled individuals to make the solution work."
"We have encountered occasional issues with scalability."
"The UI is not user-friendly and can be improved."
"The number of false positives could be reduced a lot. For each good result, we are getting somewhere around 15 to 20 false positives."
"The tool's dashboard needs to load since it is not responsive and takes time to load."
 

Pricing and Cost Advice

"Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward."
"For the value we get out of it, coupled with the live defect review sessions, we find it an effective value for the money. We are a larger organization."
"The price of Veracode Static Analysis could improve."
"Veracode is expensive. But the solution is worth it."
"We pay based on the number of developers working on a particular project."
"Its pricing is fair."
"I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
"Veracode has been fair. We use their SaaS solution and it's just an annual subscription."
"I would rate the solution's pricing an eight out of ten."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
903,996 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Manufacturing Company
11%
Computer Software Company
9%
Construction Company
6%
Manufacturing Company
26%
Construction Company
14%
Financial Services Firm
10%
Comms Service Provider
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise46
Large Enterprise114
No data available
 

Questions from the Community

Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed AppSec platform with strong focus on ease of use, it is SaaS delivery, and provide...
What is your experience regarding pricing and costs for Veracode Static Analysis?
My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.
Ask a question
Earn 20 points
 

Also Known As

Crashtest Security , Veracode Detect
Virsec
 

Overview

 

Sample Customers

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Broadcom, Allstate, Department of Homeland Security
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools. Updated: June 2026.
903,996 professionals have used our research since 2012.