Try our new research platform with insights from 80,000+ expert users
Veracode Logo

Veracode pros and cons

Vendor: Veracode
4.0 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

Veracode provides comprehensive security scanning, offering static, dynamic, and software composition analysis to identify vulnerabilities early. It integrates with tools like Jenkins, supporting automation and integration within workflows. With outstanding technical support and extensive remediation guidance, developers can quickly address security issues. Its cloud-based approach ensures scalability, but improvements in scanning speed and support for newer languages are needed. High pricing and frequent false positives may affect its appeal for smaller organizations.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Veracode provides comprehensive security scanning, offering static, dynamic, and software composition analysis to identify vulnerabilities early in the development cycle.
Veracode's integration with various tools and platforms, including Jenkins and APIs, supports automation and seamless integration within development workflows.
The platform's technical support is outstanding, offering quick and knowledgeable assistance to users.
Veracode offers extensive remediation guidance, enabling developers to quickly address and fix security vulnerabilities with expert consultation.
Its cloud-based approach allows for scalability, easy deployment, and efficient management of application security.

CONS

Veracode scanning speed needs improvement, particularly for large applications, as it can take a long time to complete.
False positives are reported frequently, leading to unnecessary manual verification of findings.
Lack of support for newer programming languages and frameworks affects usability and effectiveness.
APIs and integration capabilities can be richer to better support development pipelines.
Veracode's pricing can be high for smaller organizations or projects with a limited budget.
 

Veracode Pros review quotes

GG
Gustavo_Gonzalez
Technical Program Manager at a engineering company with 10,001+ employees
Jan 19, 2017
The coverage of the last vulnerabilities reported.
Read full review
it_user712167 - PeerSpot reviewer
it_user712167
General Manager - Application Security at a tech consulting company with 51-200 employees
Oct 8, 2017
Wide range of platforms and technology assessments.
Read full review
it_user778905 - PeerSpot reviewer
it_user778905
Technical Director at a financial services firm with 1,001-5,000 employees
Nov 26, 2017
The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future.
Read full review
Buyer's Guide
Veracode
December 2025
Free Report: Veracode Reviews and More
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
879,425 professionals have used our research since 2012.
it_user779082 - PeerSpot reviewer
it_user779082
Senior Information Security Program Manager at a financial services firm with 10,001+ employees
Nov 26, 2017
The ability on static scans to be able to do sandbox scans which do not generate metrics.
Read full review
it_user797976 - PeerSpot reviewer
it_user797976
Global Application Security at a pharma/biotech company with 10,001+ employees
Jan 7, 2018
It has the ability to scale, and the fact that it doesn't produce a lot of false positives.
Read full review
it_user802140 - PeerSpot reviewer
it_user802140
Product Manager at GMS
Jan 15, 2018
It helps me to detect vulnerabilities.
Read full review
it_user831864 - PeerSpot reviewer
it_user831864
Application & Product Security Manager at a insurance company with 1,001-5,000 employees
Mar 6, 2018
Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester.
Read full review
SK
Siddharth Kundalkar
Director Software Engineering at a tech services company with 51-200 employees
Mar 7, 2018
All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing).
Read full review
it_user833550 - PeerSpot reviewer
it_user833550
VP of Services at a tech vendor with 51-200 employees
Mar 8, 2018
We use it to get our scan results and see where our software is vulnerable or not vulnerable.
Read full review
it_user833553 - PeerSpot reviewer
it_user833553
CISSP, CISM at a tech services company with 1,001-5,000 employees
Mar 8, 2018
For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE.
Read full review
Show 10 more reviews (out of 195)
 

Veracode Cons review quotes

GG
Gustavo_Gonzalez
Technical Program Manager at a engineering company with 10,001+ employees
Jan 19, 2017
To be able to upload source codes without being compiled. That’s one feature that drives us to see other sources.
Read full review
it_user712167 - PeerSpot reviewer
it_user712167
General Manager - Application Security at a tech consulting company with 51-200 employees
Oct 8, 2017
It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share.
Read full review
it_user778905 - PeerSpot reviewer
it_user778905
Technical Director at a financial services firm with 1,001-5,000 employees
Nov 26, 2017
I'd like to see an improved component of it work in a DevOps world, where the scanning speed does not impede progress along the AppSec pipeline.
Read full review
Buyer's Guide
Veracode
December 2025
Free Report: Veracode Reviews and More
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
879,425 professionals have used our research since 2012.
it_user779082 - PeerSpot reviewer
it_user779082
Senior Information Security Program Manager at a financial services firm with 10,001+ employees
Nov 26, 2017
I would love to be able to do a dynamic sandbox scan. I think that that would allow us to really get a lot more buy-in from the software development teams.
Read full review
it_user797976 - PeerSpot reviewer
it_user797976
Global Application Security at a pharma/biotech company with 10,001+ employees
Jan 7, 2018
It does nearly everything, but penetration testing.
Read full review
it_user802140 - PeerSpot reviewer
it_user802140
Product Manager at GMS
Jan 15, 2018
All areas of the solution could use some improvement.
Read full review
it_user831864 - PeerSpot reviewer
it_user831864
Application & Product Security Manager at a insurance company with 1,001-5,000 employees
Mar 6, 2018
It needs better APIs, reporting that I can easily query through the APIs and, preferably, a license model that I can predict.
Read full review
SK
Siddharth Kundalkar
Director Software Engineering at a tech services company with 51-200 employees
Mar 7, 2018
We use Ruby on Rails and we still don't have any support for that from Veracode.
Read full review
it_user833550 - PeerSpot reviewer
it_user833550
VP of Services at a tech vendor with 51-200 employees
Mar 8, 2018
The user interface can sometimes be a little challenging to work with, and they seem to be changing their algorithm on what is an issue. I understand why they do it, but it sometimes causes more work on our end.
Read full review
it_user833553 - PeerSpot reviewer
it_user833553
CISSP, CISM at a tech services company with 1,001-5,000 employees
Mar 8, 2018
It would help if there were a training module that would explain how to more effectively integrate the SAST product into the build tool, Jenkins or Bamboo.
Read full review
Show 10 more reviews (out of 195)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Container Security
Software Composition Analysis (SCA)
Static Code Analysis
Dynamic Application Security Testing (DAST)
Application Security Posture Management (ASPM)

Popular Comparisons

Popular Comparisons
SonarQube vs Veracode Logo
SonarQube vs Veracode
Wiz vs Veracode Logo
Wiz vs Veracode
Snyk vs Veracode Logo
Snyk vs Veracode
Microsoft Defender for Cloud vs Veracode Logo
Microsoft Defender for Cloud vs Veracode
Prisma Cloud by Palo Alto Networks vs Veracode Logo
Prisma Cloud by Palo Alto Networks vs Veracode
GitLab vs Veracode Logo
GitLab vs Veracode
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Coverity Static vs Veracode Logo
Coverity Static vs Veracode
Black Duck SCA vs Veracode Logo
Black Duck SCA vs Veracode
CrowdStrike Falcon Cloud Security vs Veracode Logo
CrowdStrike Falcon Cloud Security vs Veracode
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
JFrog Xray vs Veracode Logo
JFrog Xray vs Veracode
Orca Security vs Veracode Logo
Orca Security vs Veracode
OWASP Zap vs Veracode Logo
OWASP Zap vs Veracode
OpenText Core Application Security vs Veracode Logo
OpenText Core Application Security vs Veracode
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Container Security
Software Composition Analysis (SCA)
Static Code Analysis
Dynamic Application Security Testing (DAST)
Application Security Posture Management (ASPM)

Popular Comparisons

Popular Comparisons
SonarQube vs Veracode Logo
SonarQube vs Veracode
Wiz vs Veracode Logo
Wiz vs Veracode
Snyk vs Veracode Logo
Snyk vs Veracode
Microsoft Defender for Cloud vs Veracode Logo
Microsoft Defender for Cloud vs Veracode
Prisma Cloud by Palo Alto Networks vs Veracode Logo
Prisma Cloud by Palo Alto Networks vs Veracode
GitLab vs Veracode Logo
GitLab vs Veracode
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Coverity Static vs Veracode Logo
Coverity Static vs Veracode
Black Duck SCA vs Veracode Logo
Black Duck SCA vs Veracode
CrowdStrike Falcon Cloud Security vs Veracode Logo
CrowdStrike Falcon Cloud Security vs Veracode
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
JFrog Xray vs Veracode Logo
JFrog Xray vs Veracode
Orca Security vs Veracode Logo
Orca Security vs Veracode
OWASP Zap vs Veracode Logo
OWASP Zap vs Veracode
OpenText Core Application Security vs Veracode Logo
OpenText Core Application Security vs Veracode
See all alternatives
Related questions
  • 61
What is the biggest difference between Veracode and Checkmarx?
  • 50
Which gives you more for your money - SonarQube or Veracode?
  • 39
Checkmarx or Veracode. Which should we choose?
  • 10
Would you recommend Veracode? What are some of your use cases?
  • 98
Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode
  • 10
What do I scan when changing code in Veracode?
  • 130
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 38
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 91
What are the Top 5 cybersecurity trends in 2022?
  • 118
What are the threats associated with using ‘bogus’ cybersecurity tools?