No more typing reviews! Try our Samantha, our new voice AI agent.
Veracode Logo

Veracode pros and cons

Vendor: Veracode
4.0 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

Veracode delivers fast, comprehensive scanning to quickly detect software vulnerabilities, enhancing application security. Its cloud-based platform integrates with various tools for automated vulnerability management. Static and dynamic analysis identifies vulnerabilities early, ensuring secure deployments. Developers gain insight into vulnerabilities and effective remediation strategies. Technical support offers expert guidance. However, improved programming language support, reduced false positives, better pipeline integration, optimized scan times, and enhanced documentation are needed enhancements.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Veracode provides fast and comprehensive scanning capabilities that help detect a wide range of software vulnerabilities quickly, improving application security.
Veracode's cloud-based platform supports seamless integration with multiple tools and platforms, enabling automated vulnerability management in the software development lifecycle.
Veracode's robust static and dynamic analysis aids in identifying and mitigating vulnerabilities early in development, ensuring secure code deployment.
Veracode enables developers to comprehend vulnerabilities and apply remediation strategies effectively, reducing the risk of insecure software in production environments.
Veracode's technical support and security consultation services are highly regarded for providing timely assistance and expert guidance to enhance developers' security practices.

CONS

Veracode needs to improve its support for more programming languages and frameworks.
Veracode reports a high number of false positives, which should be reduced.
Better integration with development pipelines and more flexible APIs are required for Veracode.
Veracode's scanning process is time-consuming, especially for large applications, and should be optimized.
Documentation and technical support from Veracode need enhancements for better user assistance.
 

Veracode Pros review quotes

it_user335091 - PeerSpot reviewer
it_user335091
Senior Security Consultant at a retailer with 1,001-5,000 employees
Oct 31, 2015
We were able to easily integrate static code testing into the SDLC process.
Read full review
it_user542859 - PeerSpot reviewer
it_user542859
Security Consultant at a tech company with 501-1,000 employees
Oct 30, 2016
Reduced dependency on the security team to run scans.
Read full review
GG
Gustavo_Gonzalez
Technical Program Manager at a engineering company with 10,001+ employees
Jan 19, 2017
The coverage of the last vulnerabilities reported.
Read full review
Buyer's Guide
Veracode
March 2026
Free Report: Veracode Reviews and More
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
DOWNLOAD NOW
886,077 professionals have used our research since 2012.
it_user697020 - PeerSpot reviewer
it_user697020
Software Developer/Architect at a insurance company with 201-500 employees
Jul 5, 2017
Static, dynamic, and manual scan features were all very useful for us and helped us fix many security flaws.
Read full review
it_user712167 - PeerSpot reviewer
it_user712167
General Manager - Application Security at a tech consulting company with 51-200 employees
Oct 8, 2017
Wide range of platforms and technology assessments.
Read full review
it_user778905 - PeerSpot reviewer
it_user778905
Technical Director at a financial services firm with 1,001-5,000 employees
Nov 26, 2017
The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future.
Read full review
it_user779082 - PeerSpot reviewer
it_user779082
Senior Information Security Program Manager at a financial services firm with 10,001+ employees
Nov 26, 2017
The ability on static scans to be able to do sandbox scans which do not generate metrics.
Read full review
it_user797976 - PeerSpot reviewer
it_user797976
Global Application Security at a pharma/biotech company with 10,001+ employees
Jan 7, 2018
It has the ability to scale, and the fact that it doesn't produce a lot of false positives.
Read full review
it_user802140 - PeerSpot reviewer
it_user802140
Product Manager at GMS
Jan 15, 2018
It helps me to detect vulnerabilities.
Read full review
it_user831864 - PeerSpot reviewer
it_user831864
Application & Product Security Manager at a insurance company with 1,001-5,000 employees
Mar 6, 2018
Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester.
Read full review
Show 10 more reviews (out of 202)
 

Veracode Cons review quotes

it_user335091 - PeerSpot reviewer
it_user335091
Senior Security Consultant at a retailer with 1,001-5,000 employees
Oct 31, 2015
It's been over a year since I used the product. But when I did, I found there were too many false positives.
Read full review
it_user542859 - PeerSpot reviewer
it_user542859
Security Consultant at a tech company with 501-1,000 employees
Oct 30, 2016
I would like to see the following: Correction of the regularly received false positives, options to manage comments and mitigations, and better UI functionality.
Read full review
GG
Gustavo_Gonzalez
Technical Program Manager at a engineering company with 10,001+ employees
Jan 19, 2017
To be able to upload source codes without being compiled. That’s one feature that drives us to see other sources.
Read full review
Buyer's Guide
Veracode
March 2026
Free Report: Veracode Reviews and More
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
DOWNLOAD NOW
886,077 professionals have used our research since 2012.
it_user697020 - PeerSpot reviewer
it_user697020
Software Developer/Architect at a insurance company with 201-500 employees
Jul 5, 2017
Although reports are well documented, it was difficult for us to understand them at first.
Read full review
it_user712167 - PeerSpot reviewer
it_user712167
General Manager - Application Security at a tech consulting company with 51-200 employees
Oct 8, 2017
It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share.
Read full review
it_user778905 - PeerSpot reviewer
it_user778905
Technical Director at a financial services firm with 1,001-5,000 employees
Nov 26, 2017
I'd like to see an improved component of it work in a DevOps world, where the scanning speed does not impede progress along the AppSec pipeline.
Read full review
it_user779082 - PeerSpot reviewer
it_user779082
Senior Information Security Program Manager at a financial services firm with 10,001+ employees
Nov 26, 2017
I would love to be able to do a dynamic sandbox scan. I think that that would allow us to really get a lot more buy-in from the software development teams.
Read full review
it_user797976 - PeerSpot reviewer
it_user797976
Global Application Security at a pharma/biotech company with 10,001+ employees
Jan 7, 2018
It does nearly everything, but penetration testing.
Read full review
it_user802140 - PeerSpot reviewer
it_user802140
Product Manager at GMS
Jan 15, 2018
All areas of the solution could use some improvement.
Read full review
it_user831864 - PeerSpot reviewer
it_user831864
Application & Product Security Manager at a insurance company with 1,001-5,000 employees
Mar 6, 2018
It needs better APIs, reporting that I can easily query through the APIs and, preferably, a license model that I can predict.
Read full review
Show 10 more reviews (out of 202)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Container Security
Software Composition Analysis (SCA)
Static Code Analysis
Dynamic Application Security Testing (DAST)
Application Security Posture Management (ASPM)

Popular Comparisons

Popular Comparisons
SonarQube vs Veracode Logo
SonarQube vs Veracode
Wiz vs Veracode Logo
Wiz vs Veracode
Snyk vs Veracode Logo
Snyk vs Veracode
Microsoft Defender for Cloud vs Veracode Logo
Microsoft Defender for Cloud vs Veracode
Prisma Cloud by Palo Alto Networks vs Veracode Logo
Prisma Cloud by Palo Alto Networks vs Veracode
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
GitLab vs Veracode Logo
GitLab vs Veracode
CrowdStrike Falcon Cloud Security vs Veracode Logo
CrowdStrike Falcon Cloud Security vs Veracode
Orca Security vs Veracode Logo
Orca Security vs Veracode
Coverity Static vs Veracode Logo
Coverity Static vs Veracode
JFrog Xray vs Veracode Logo
JFrog Xray vs Veracode
Black Duck SCA vs Veracode Logo
Black Duck SCA vs Veracode
Acunetix vs Veracode Logo
Acunetix vs Veracode
Mend.io vs Veracode Logo
Mend.io vs Veracode
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Container Security
Software Composition Analysis (SCA)
Static Code Analysis
Dynamic Application Security Testing (DAST)
Application Security Posture Management (ASPM)

Popular Comparisons

Popular Comparisons
SonarQube vs Veracode Logo
SonarQube vs Veracode
Wiz vs Veracode Logo
Wiz vs Veracode
Snyk vs Veracode Logo
Snyk vs Veracode
Microsoft Defender for Cloud vs Veracode Logo
Microsoft Defender for Cloud vs Veracode
Prisma Cloud by Palo Alto Networks vs Veracode Logo
Prisma Cloud by Palo Alto Networks vs Veracode
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
GitLab vs Veracode Logo
GitLab vs Veracode
CrowdStrike Falcon Cloud Security vs Veracode Logo
CrowdStrike Falcon Cloud Security vs Veracode
Orca Security vs Veracode Logo
Orca Security vs Veracode
Coverity Static vs Veracode Logo
Coverity Static vs Veracode
JFrog Xray vs Veracode Logo
JFrog Xray vs Veracode
Black Duck SCA vs Veracode Logo
Black Duck SCA vs Veracode
Acunetix vs Veracode Logo
Acunetix vs Veracode
Mend.io vs Veracode Logo
Mend.io vs Veracode
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
See all alternatives
Related questions
  • 54
What is the biggest difference between Veracode and Checkmarx?
  • 71
Which gives you more for your money - SonarQube or Veracode?
  • 68
Checkmarx or Veracode. Which should we choose?
  • 22
Would you recommend Veracode? What are some of your use cases?
  • 103
Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode
  • 19
What do I scan when changing code in Veracode?
  • 192
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 110
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 219
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 175
What are the Top 5 cybersecurity trends in 2022?