No more typing reviews! Try our Samantha, our new voice AI agent.

Veracode vs Virsec Security Platform comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Veracode
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
208
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Container Security (12th), Software Composition Analysis (SCA) (1st), Static Code Analysis (1st), Dynamic Application Security Testing (DAST) (1st), Application Security Posture Management (ASPM) (1st)
Virsec Security Platform
Average Rating
7.0
Reviews Sentiment
5.9
Number of Reviews
1
Ranking in other categories
Vulnerability Management (104th), Continuous Threat Exposure Management (CTEM) (29th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Veracode is designed for Application Security Tools and holds a mindshare of 4.3%, down 9.1% compared to last year.
Virsec Security Platform, on the other hand, focuses on Vulnerability Management, holds 0.4% mindshare, up 0.1% since last year.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Veracode4.3%
SonarQube12.4%
Checkmarx One8.2%
Other75.1%
Application Security Tools
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Virsec Security Platform0.4%
Wiz4.4%
Qualys VMDR3.9%
Other91.3%
Vulnerability Management
 

Featured Reviews

reviewer2753535 - PeerSpot reviewer
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
Integrates security into the development process and improves team collaboration
Veracode helps organizations develop software by reducing the risk of security vulnerabilities through developer enablement and applications focused on governance. You can utilize different levels of processes to achieve better performance or a more scalable service. Since I started working with it in 2022, I’ve found it to be cost-effective as well. Overall, Veracode is a user-friendly security tool. It includes features such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). During the development phase, we can identify vulnerabilities in the application. This process occurs in the staging environment during development. When we're ready to go to production, we conduct a final check. Essentially, this tool helps identify vulnerabilities during the code development stage, including both high-level vulnerabilities and those related to open-source software composition. We utilize specific methodologies for this purpose. Additionally, it offers a feature that allows us to set up policies based on client requirements. This means we can customize the tool to meet the specific needs of our clients, ensuring that they receive the appropriate level of security in their applications. Veracode is user-friendly as well. Compared to other tools, their scans take 15 minutes or under. If you have a large scale of libraries or data, it might take longer, but based on my personal experience, the scan usually runs within fifteen minutes. For my case study using the Veracode tool, I worked on an internal project following industry standards. We used Veracode to improve our security posture and speed up the time to market by streamlining the development process. This enhanced collaboration between developers, operations, and security teams. The automated scanning process helped identify and fix vulnerabilities earlier in the development process. We maintained compliance with regulatory requirements, avoided fines, and built customer trust by integrating security into the development process. When we conduct this scan, we receive data on a list of vulnerabilities. This information improved our communication and increased transparency, which leads to better reports about the efforts being put in. This results in a more effective and efficient collaboration process, making it user-friendly for all involved. When considering costs, if we resort to manual processes, it can be time-consuming. Therefore, we utilize automated scans to identify and fix security issues. This allows us to address vulnerabilities early in the development process, as we discussed previously. This applies both to our in-house code and third-party libraries, using Software Composition Analysis (SCA) agent-based scans. In the future, we will also implement SCA agent-based scans as a separate feature within Veracode, which can help organizations avoid the expensive and time-consuming consequences of security issues. Furthermore, we have seen an increase in compliance, helping to maintain adherence to regulatory requirements and industry standards, thereby avoiding fines and reputational damage associated with noncompliance. Additionally, by integrating security into the development process, we enhance customer trust in our organization and its products.
KevinMcCarthy - PeerSpot reviewer
Security Manager at Klearnow
Helps with Zero-day protection
We use the solution for Zero-day protection.  The solution stops any kind of remote code execution.  The tool's dashboard needs to load since it is not responsive and takes time to load.  I have been using the product for a year.  I would rate the tool's stability a six out of ten.  I would…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I like Veracode's ease of integration with various cloud platforms and tools."
"What I found most valuable in Veracode Static Analysis is that it categorizes security vulnerabilities."
"Scanning of .war and .jar is key for us."
"We used Veracode to improve our security posture and speed up the time to market by streamlining the development process, which enhanced collaboration between developers, operations, and security teams."
"The integration of static testing with our Azure DevOps CI pipeline was easy."
"The article scanning is excellent, the composition analysis and common CBEs attached to it are quite good, and the solution offers a lot of really great analysis with lots of good data support."
"It does software composition analysis, discovering open source software weaknesses."
"What I can tell others who are looking into implementing Veracode Static Analysis is that it is a platform that provides good features."
"We use the solution for Zero-day protection."
 

Cons

"The GUI requires significant simplification, as its current complexity creates a steep learning curve for new users."
"There is much to be desired of UI and user experience. The UI is very slow. With every click, it just takes a lot of time for the pages to load. We have seen this consistently since getting this solution. The UI and UX are very disjointed."
"The scanning could be a little faster. The process around three or four minutes, but it would help if it could be further reduced."
"The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there."
"Some important languages are not supported."
"We have not had much free expert support from the vendor. We have had to have a team of highly skilled individuals to make the solution work."
"Their scanning engine is sometimes a little bit slow. They can improve the scan time."
"It needs better APIs, reporting that I can easily query through the APIs and, preferably, a license model that I can predict."
"The tool's dashboard needs to load since it is not responsive and takes time to load."
 

Pricing and Cost Advice

"Pricing/licensing is complicated."
"Costs are reasonable. No special infrastructure is required and the license model is good."
"I found Veracode very expensive, though I'm not the person paying for it. I was surprised to find out how much the subscription costs and that the executive board approved it, but it was a no-brainer because now my company has better security scans."
"No issues, the pricing seems reasonable."
"For enterprises, Veracode has done a fairly good job, but its pricing is not suitable for startups. The microservice distributed architecture for a startup is very small. I had to do a lot of discussions on the pricing initially. I previously worked in an enterprise organization where I used Veracode, and that's how I got to know about Veracode, but that was a big organization with more than a thousand employees. So, the cost is very different for them because the size of the application is different. Its pricing makes sense there, but when we try to onboard this solution for the startup ecosystem, pricing is not friendly. Because I knew the product and I knew its value, I onboarded it, but I don't think any other startup at our scale will onboard it."
"Veracode's price is high. I would like them to better optimize their pricing."
"It has good, fair licensing. If the price could depend on the scope of its scanning or the languages supported, then that would be better."
"Negotiate some, but their prices are reasonable."
"I would rate the solution's pricing an eight out of ten."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
903,067 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Manufacturing Company
11%
Computer Software Company
9%
Construction Company
6%
Manufacturing Company
26%
Construction Company
14%
Financial Services Firm
10%
Comms Service Provider
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise46
Large Enterprise114
No data available
 

Questions from the Community

Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed AppSec platform with strong focus on ease of use, it is SaaS delivery, and provide...
What is your experience regarding pricing and costs for Veracode Static Analysis?
My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.
Ask a question
Earn 20 points
 

Also Known As

Crashtest Security , Veracode Detect
Virsec
 

Overview

 

Sample Customers

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Broadcom, Allstate, Department of Homeland Security
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools. Updated: June 2026.
903,067 professionals have used our research since 2012.