No more typing reviews! Try our Samantha, our new voice AI agent.

Veracode vs Virsec Security Platform comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Veracode
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
208
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Container Security (12th), Software Composition Analysis (SCA) (1st), Static Code Analysis (1st), Dynamic Application Security Testing (DAST) (1st), Application Security Posture Management (ASPM) (1st)
Virsec Security Platform
Average Rating
7.0
Reviews Sentiment
5.9
Number of Reviews
1
Ranking in other categories
Vulnerability Management (104th), Continuous Threat Exposure Management (CTEM) (29th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Veracode is designed for Application Security Tools and holds a mindshare of 4.3%, down 9.1% compared to last year.
Virsec Security Platform, on the other hand, focuses on Vulnerability Management, holds 0.4% mindshare, up 0.1% since last year.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Veracode4.3%
SonarQube12.4%
Checkmarx One8.2%
Other75.1%
Application Security Tools
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Virsec Security Platform0.4%
Wiz4.4%
Qualys VMDR3.9%
Other91.3%
Vulnerability Management
 

Featured Reviews

reviewer2753535 - PeerSpot reviewer
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
Integrates security into the development process and improves team collaboration
Veracode helps organizations develop software by reducing the risk of security vulnerabilities through developer enablement and applications focused on governance. You can utilize different levels of processes to achieve better performance or a more scalable service. Since I started working with it in 2022, I’ve found it to be cost-effective as well. Overall, Veracode is a user-friendly security tool. It includes features such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). During the development phase, we can identify vulnerabilities in the application. This process occurs in the staging environment during development. When we're ready to go to production, we conduct a final check. Essentially, this tool helps identify vulnerabilities during the code development stage, including both high-level vulnerabilities and those related to open-source software composition. We utilize specific methodologies for this purpose. Additionally, it offers a feature that allows us to set up policies based on client requirements. This means we can customize the tool to meet the specific needs of our clients, ensuring that they receive the appropriate level of security in their applications. Veracode is user-friendly as well. Compared to other tools, their scans take 15 minutes or under. If you have a large scale of libraries or data, it might take longer, but based on my personal experience, the scan usually runs within fifteen minutes. For my case study using the Veracode tool, I worked on an internal project following industry standards. We used Veracode to improve our security posture and speed up the time to market by streamlining the development process. This enhanced collaboration between developers, operations, and security teams. The automated scanning process helped identify and fix vulnerabilities earlier in the development process. We maintained compliance with regulatory requirements, avoided fines, and built customer trust by integrating security into the development process. When we conduct this scan, we receive data on a list of vulnerabilities. This information improved our communication and increased transparency, which leads to better reports about the efforts being put in. This results in a more effective and efficient collaboration process, making it user-friendly for all involved. When considering costs, if we resort to manual processes, it can be time-consuming. Therefore, we utilize automated scans to identify and fix security issues. This allows us to address vulnerabilities early in the development process, as we discussed previously. This applies both to our in-house code and third-party libraries, using Software Composition Analysis (SCA) agent-based scans. In the future, we will also implement SCA agent-based scans as a separate feature within Veracode, which can help organizations avoid the expensive and time-consuming consequences of security issues. Furthermore, we have seen an increase in compliance, helping to maintain adherence to regulatory requirements and industry standards, thereby avoiding fines and reputational damage associated with noncompliance. Additionally, by integrating security into the development process, we enhance customer trust in our organization and its products.
KevinMcCarthy - PeerSpot reviewer
Security Manager at Klearnow
Helps with Zero-day protection
We use the solution for Zero-day protection.  The solution stops any kind of remote code execution.  The tool's dashboard needs to load since it is not responsive and takes time to load.  I have been using the product for a year.  I would rate the tool's stability a six out of ten.  I would…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"My point is that Veracode is very good, and I would strongly recommend it."
"One thing that I like about Veracode is that it is quite a good tool for dynamic application testing."
"To me, the principal feature is the CLI (command-line interface) because I put together a lot of implementations using it. Another important aspect is the low false-positive rate because the solution is very configurable. It is as low as 1 percent and that is a huge difference compared to competitors."
"What I can tell others who are looking into implementing Veracode Static Analysis is that it is a platform that provides good features."
"Static Scanning is the most valuable feature of Veracode."
"Veracode Fix is a new feature that functions similarly to auto-remediation for low or medium flaw codes."
"The product helped improve our organization by helping us to identify potential problems in applications and fix them before they were used in a way that they should not be, and in essence, it helped enhance our security."
"By using Veracode, the code is secure, and there are no issues that will stop the release later on in the SDLC."
"We use the solution for Zero-day protection."
 

Cons

"There is room for improvement in the speed of the system. Sometimes, the servers are very busy and slow... Also, the integration with SonarQube is very weak, so we had to implement a custom solution to extend it."
"The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved."
"Sometimes, the scans halt or drop for some reason, and we need to get help from Veracode to fix it."
"I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."
"One of the most important areas that need improvement for Veracode is its DaaS. Veracode's DAST engines are primitive."
"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."
"The reporting was detailed, but there were some things that were missing. It showed us on which line an error was found, but it could have been more detailed."
"Scalability is the main issue with Veracode."
"The tool's dashboard needs to load since it is not responsive and takes time to load."
 

Pricing and Cost Advice

"I don't have firsthand knowledge of Veracode pricing, but based on client feedback, it seems to be expensive with additional fees for certain features."
"The pricing is fair."
"It is expensive. It depends on the use case, but it is very hard to find a pricing page on their website. Instead, they need to analyze your use case, but without knowing the entire project and how you're going to be using Veracode, how many scans you're going to do, if yours is a small business, it is very expensive and it affects ROI."
"The pricing is reasonable compared to other tools."
"Regarding licensing, pay very close attention to what applications you're going to need to do dynamic scanning for, versus static. Right now, the way the licensing is set up, if you don't have any static elements for a website, you can certainly avoid some costs by doing more dynamic licenses. You need to pay very close attention to that, because if you find out later that you have static code elements - like Java scripts, etc. - that you want to have scanned statically, having the two licenses bundled together will actually save you money."
"Veracode's pricing is on the higher end, but it is acceptable."
"Without getting too specific, I'd say the average yearly cost is around $50,000. The costs include licensing and maintenance support."
"The pricing and licensing are reasonable, and relatively straightforward, and different licensing and subscription models are available."
"I would rate the solution's pricing an eight out of ten."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
904,054 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Manufacturing Company
11%
Computer Software Company
9%
Construction Company
6%
Manufacturing Company
26%
Construction Company
14%
Financial Services Firm
10%
Comms Service Provider
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise46
Large Enterprise114
No data available
 

Questions from the Community

Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed AppSec platform with strong focus on ease of use, it is SaaS delivery, and provide...
What is your experience regarding pricing and costs for Veracode Static Analysis?
My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.
Ask a question
Earn 20 points
 

Also Known As

Crashtest Security , Veracode Detect
Virsec
 

Overview

 

Sample Customers

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Broadcom, Allstate, Department of Homeland Security
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools. Updated: June 2026.
904,054 professionals have used our research since 2012.