Veracode Reviews

Name: Veracode
Brand: Veracode
Rating: 4.0 (202 reviews)

4.0 out of 5

202 reviews
89% willing to recommend

What is Veracode?

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Get the Veracode Buyer's Guide and find out what your peers are saying about Veracode, SonarQube Server (formerly SonarQube), Wiz and more!

Veracode is the #1 ranked solution in top Static Code Analysis solutions, #2 ranked solution in application security solutions, #2 ranked solution in AST tools, #2 ranked solution in top Application Security Posture Management (ASPM) solutions, #3 ranked solution in top Software Composition Analysis (SCA) solutions, and #8 ranked solution in Container Security Solutions. PeerSpot users give Veracode an average rating of 8.0 out of 10. Veracode is most commonly compared to SonarQube Server (formerly SonarQube): Veracode vs SonarQube Server (formerly SonarQube). Veracode is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Helped 862,514 peers since 2012

Featured Veracode reviews

reviewer2703864

Head of Security Architecture at a healthcare company with 5,001-10,000 employees

One of the aspects I appreciate most about Veracode is that even though we have a license for developers, we don't get charged by the users who don't develop code but are only trying to access the platform to see the reports or the dashboard, such as architects who do some code reviews but don't develop. That's a nice feature that doesn't happen on other platforms that we analyzed. Another feature that we appreciate significantly is Veracode Fix and how it's integrated with Visual Studio Code. Even though it has some room for improvement, the key usage for us is to be able to solve everything. The developers also learn how and why they have to solve the security vulnerabilities detected. At the same time, they are developing the feature. Veracode Fix has affected our time to remediate security flaws in cases where we've been able to use it correctly because the proposals were on point, and it's been great.

Read full review

Brintha Prabakar

Lead Automation Quality Engineer in Leading UK Bank at Tata Consultancy

Veracode helped with policy compliance. We have proposed Veracode for SAST to our stakeholder in the banking plarform. They have specific security policies that the code needs to accommodate. We have two sets of policies defined: one is the default policy in Veracode, and the other is provided by stakeholders from the chief security team, who have imported policies relevant to the banking platform. The default policy is not sufficient to ensure the code is secure, so stakeholders provided more security policies relevant to their domain and the platform. Our actual application code was a CAT-A application, meaning it had to pass SAST and DAST testing for deployment into production. This was a mandatory check from our perspective to get the code deployed into production. We have internal strategies to implement Veracode in different phases of our application deployment. Before going into production, we do SAST testing in lower environments and then one round of testing in higher environments based on bug-fixing code. We are cautious about deploying directly into production after completing security testing in Veracode because we continually receive bug-fixing code from different applications. So, we defined our strategy this way. Veracode provided visibility into application status at every phase of development, including static analysis, dynamic analysis, composition, and penetration. Most of the fixes relate to password encryption or some kind of SQL injections. If there are any security flaws verified against the policies defined by our stakeholders, as well as Veracode's, and if they pose a potential risk of breaches, Veracode provides excellent recommendations for fixing those security flaws. This detail helps us address the issues efficiently, as it specifies where fixes need to be applied and the implications of ignoring them. The options for developers to provide false positive comments or justification through Jira tickets if a fix cannot be implemented for a particular release are also very useful. These features in Veracode significantly aid developers in addressing security flaws in the code. Because scanning takes a long time for uploading any kind of large application code, I would estimate we saved around 30% to 40%. After implementing our strategy for SAST within our platform, we started doing SAST scanning in Veracode for every sprint. This frequency is crucial because, without Veracode, it could be very difficult to implement such a strategy in the earliest stages of application development. Veracode had a positive impact on our security posture.

Read full review

SrikanthRaghavan

Principal Architect at a consultancy with 11-50 employees

Veracode provides visibility into application status at every phase of development, as it's how we stitch it together, allowing us to introduce it at various phases to gain fast feedback. This capability increases the velocity in DevSecOps processes as developers receive feedback on vulnerabilities before committing, reducing the overall rework. It helps developers save time significantly. For instance, if I take a library and assume it's going to work until it reaches QA or UAT, where we find out there's a vulnerability, that can require extensive effort for code refactoring or redesigning; Veracode helps prevent that before the pull request is merged. Veracode impacts the overall security posture by maintaining data integrity, ensuring we are not exposed to threats from third-party libraries with known vulnerabilities. From my perspective as a SecDevOps evangelist, Veracode is crucial for an organization's shift-left security strategy. Veracode's SCA perspective offers tools that facilitate shift-left security by providing feedback before failures occur in the development process.

Read full review

Veracode mindshare

Product category:

As of July 2025, the mindshare of Veracode in the Application Security Tools category stands at 9.0%, down from 10.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

PeerResearch reports based on Veracode reviews

Type	Title	Date
Category	Application Security Tools	Jul 20, 2025	Download
Product	Reviews, tips, and advice from real users	Jul 20, 2025	Download
Comparison	Veracode vs SonarQube Server (formerly SonarQube)	Jul 20, 2025	Download
Comparison	Veracode vs Checkmarx One	Jul 20, 2025	Download
Comparison	Veracode vs GitHub Advanced Security	Jul 20, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	22.7%	81%	116 interviews Add to research
Wiz	4.5	N/A	95%	22 interviews Add to research

Valuable Features

Veracode's most valuable features include static code analysis for detecting vulnerabilities, integration with CI/CD pipelines, comprehensive scanning capabilities like SAST, DAST, and SCA, and user-friendly reporting. It supports multiple languages and provides security insights and guidance, helping teams fix flaws efficiently. The scalability and SaaS model reduce infrastructure overhead. The robust API, low false positives, and policy compliance features enhance security and streamline workflows, simplifying regulatory adherence and vulnerability management.

"The integrated IDE tool enables users to get instant feedback in real-time on the code itself, rather than waiting for it to go through the CI/CD pipeline and get the result."
"Veracode has impacted our overall security posture because we are from a security background."
"Veracode has impacted our overall security posture because we are from a security background. Every week, we review the dashboards of open findings."

Room for Improvement

Veracode requires improvements in handling false positives and reducing scan times, which users find time-consuming. Its user interface is seen as outdated and lacks intuition. The reporting features also need enhancement for clearer insights and better data visualization. Users express the desire for expanded support for various programming languages and better integration capabilities. The pricing structure is considered high, posing challenges for smaller organizations. Veracode could also improve API integration and offer more robust support and training resources.

"Veracode needs to shift to a more modern approach because it still feels traditional in its way of doing code scanning compared with others, such as Snyk."
"The scanning process could be more streamlined as it has certain limitations when performing manual scans. It has some checks when the content is in ZIP format or other formats, which takes two or three more steps than Fortify does."
"The scanning process could be more streamlined as it has certain limitations when performing manual scans."

ROI

Veracode has generated positive returns, primarily by reducing costs associated with vulnerability management and enhancing security measures. Increased efficiency resulted from automated scanning, reducing reliance on manual processes. Users highlight enhanced code quality and minimized downtime while cutting development time. It mitigates risks of security breaches, maintains compliance, and improves customer relationships. Experiences show savings of up to 70% in resources and 50% in costs, although precise financial figures are often unspecified.

Pricing

Veracode is viewed as expensive, with varying opinions on its value for money. Many users find the pricing justified given the comprehensive security features and support offered, whereas others highlight its high cost, especially for small businesses. Some organizations benefit from flexible licensing models and find value in collaborating closely with Veracode on pricing and implementation. Overall, the cost is a significant consideration, and enterprises are advised to negotiate terms that align with their specific needs.

"The pricing is reasonable compared to other tools."
"I have not examined Veracode's pricing in detail, but from an industry perspective, I see that there is a tendency toward Veracode, which suggests competitive pricing."
"Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode."

Popular Use Cases

Veracode is primarily used for static and dynamic application security testing, software composition analysis, and manual penetration tests. Companies enhance application security by analyzing source code for vulnerabilities, ensuring compliance, and maintaining secure development lifecycles. The cloud-based platform offers scalable security assessments, emphasizing static analysis, while dynamic scans and penetration tests complement the process. Organizations integrate Veracode into CI/CD pipelines to identify security flaws, improve code hygiene, and monitor application security status.

Service and Support

Veracode's customer service and support are praised for their knowledge and rapid response. Many users find it helpful and competent, with quick answers to inquiries. However, some experience delays, particularly in higher-tier escalations, citing response times as a concern, especially across time zones. Users report variability in the quality of assistance, with some needing multiple interactions to resolve issues, while others receive prompt, effective support.

Deployment

The setup of Veracode is generally described as straightforward, especially for cloud-based services. Many agree it is easy when guided by Veracode experts. Some find it moderately complex, often requiring technical knowledge or additional training. Documented instructions are praised, while occasional confusion with APIs and integration challenges are noted. The deployment time varies, but its SaaS nature minimizes infrastructure concerns. Veracode's support receives positive mentions for overcoming setup hurdles.

Scalability

Users find Veracode scalable, especially in cloud environments with diverse applications. Small teams benefit from its flexibility, while larger enterprises may face challenges with network complexities and costs. Some users report no issues, while others experience performance slowdowns with large scales. Integration is straightforward for DevOps environments and SaaS models. Veracode adapts well to expanding needs, with its scalability highly rated by many users for cost-effective management of various application sizes.

Stability

Users report high stability with Veracode, experiencing minimal downtime and consistent performance. Most users affirm it is reliable, with occasional updates scheduled to avoid disruptions. Some users did mention rare instances of scanning issues or network-related slowdowns, but these were resolved quickly. A few mentioned a need for improvement in handling false positives, and some experienced delays due to maintenance, yet they acknowledge communication regarding scheduled downtimes is proactive and well-managed.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Veracode Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

16%

Manufacturing Company

Insurance Company

Government

Healthcare Company

Comms Service Provider

Retailer

Educational Organization

University

Media Company

Energy/Utilities Company

Construction Company

Real Estate/Law Firm

Non Profit

Performing Arts

Transportation Company

Legal Firm

Wholesaler/Distributor

Outsourcing Company

Logistics Company

Consumer Goods Company

Hospitality Company

Recreational Facilities/Services Company

Pharma/Biotech Company

Aerospace/Defense Firm

Compare Veracode with alternative products

Learn more about Veracode

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode was previously known as Crashtest Security , Veracode Detect.

Veracode customers

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.