No more typing reviews! Try our Samantha, our new voice AI agent.
Veracode Logo

Veracode pros and cons

Vendor: Veracode
4.0 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

Veracode offers comprehensive static and dynamic scanning capabilities, integrating with development tools to identify vulnerabilities across platforms. Software Composition Analysis ensures secure use of third-party libraries, while automation supports CI/CD processes. Users benefit from technical support despite its high cost, false positives, and penetration testing gaps. Static and dynamic analyses impact productivity with slow scans, and support responsiveness requires improvement, affecting engagement and customer satisfaction.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Veracode offers valuable static and dynamic scanning capabilities, enabling users to identify and prioritize security vulnerabilities effectively.
It seamlessly integrates with existing development tools, supporting a wide range of platforms and technologies for efficient security practices.
Software Composition Analysis provides insights into vulnerabilities within third-party libraries, helping to maintain a secure development environment.
Users benefit from robust technical support and consultation services that aid in remediation and enhance security knowledge among developers.
The platform excels in automation, allowing continuous integration and delivery processes to include comprehensive security testing without manual intervention.

CONS

Veracode's pricing is considered expensive, with significant increases from previous years.
False positives occur frequently, leading to more time and effort in handling vulnerabilities.
Veracode lacks penetration testing features and has difficulty scanning C or C++ models.
Support services could improve responsiveness and engagement with customers.
Static analysis and dynamic scans are slow, impacting productivity and CI/CD pipeline integration.
 

Veracode Pros review quotes

reviewer2753535 - PeerSpot reviewer
reviewer2753535
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
Aug 28, 2025
We used Veracode to improve our security posture and speed up the time to market by streamlining the development process, which enhanced collaboration between developers, operations, and security teams.
Read full review
YS
Yash Shende
Software Development Engineer II at Rocket Software
Jan 6, 2026
One benefit is that we have automated the scanning process.
Read full review
reviewer2780568 - PeerSpot reviewer
reviewer2780568
Senior Infrastructure Specialist at a media company with 10,001+ employees
Nov 24, 2025
Veracode saves us a lot in terms of security, ensuring that external users or others cannot easily hack our system, which is the main motive for using Veracode.
Read full review
Buyer's Guide
Veracode
May 2026
Free Report: Veracode Reviews and More
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.
DOWNLOAD NOW
899,283 professionals have used our research since 2012.
reviewer2703864 - PeerSpot reviewer
reviewer2703864
Head of Security Architecture at a healthcare company with 5,001-10,000 employees
May 8, 2025
Veracode Fix has affected our time to remediate security flaws in cases where we've been able to use it correctly because the proposals were on point, and it's been great.
Read full review
reviewer2731785 - PeerSpot reviewer
reviewer2731785
Information Security Strategy at a insurance company with 10,001+ employees
Jun 30, 2025
The integrated IDE tool enables users to get instant feedback in real-time on the code itself, rather than waiting for it to go through the CI/CD pipeline and get the result.
Read full review
reviewer2776002 - PeerSpot reviewer
reviewer2776002
Lead Application Security Engineer at a university with 501-1,000 employees
Nov 12, 2025
Veracode has positively impacted my organization by helping secure our critical applications, and it has impacted very well.
Read full review
SR
SrikanthRaghavan
Principal Architect at a consultancy with 11-50 employees
May 19, 2025
All three of Veracode's offerings are valuable: SCA, SAST, and DAST. It helps identify security loopholes right in the development phase, allowing developers to get feedback around what kind of vulnerabilities exist as soon as they check in the code or even before that in their IDE.
Read full review
HS
Himadri Subudhi
Works
Apr 2, 2025
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
Read full review
reviewer2774562 - PeerSpot reviewer
reviewer2774562
DevSecOps Engineer at a tech services company with 11-50 employees
Nov 4, 2025
Veracode has positively impacted our organization by giving us a good chance to focus on development as we don't need to focus as much on compliance-related matters after we have ensured this level of security on the security posture management for our application.
Read full review
VT
VivekT
Sr. Manager at Diconium
May 13, 2026
The product was great.
Read full review
Show 10 more reviews (out of 202)
 

Veracode Cons review quotes

reviewer2753535 - PeerSpot reviewer
reviewer2753535
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
Aug 28, 2025
When we implement a policy, it can be very difficult to locate.
Read full review
YS
Yash Shende
Software Development Engineer II at Rocket Software
Jan 6, 2026
In my opinion, Veracode lacks significantly in most parts, including its UI, its reporting, ease of use, and the features that it provides.
Read full review
reviewer2780568 - PeerSpot reviewer
reviewer2780568
Senior Infrastructure Specialist at a media company with 10,001+ employees
Nov 24, 2025
Veracode has areas for improvement in that the scan takes some time for each Jar depending on the size.
Read full review
Buyer's Guide
Veracode
May 2026
Free Report: Veracode Reviews and More
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.
DOWNLOAD NOW
899,283 professionals have used our research since 2012.
reviewer2703864 - PeerSpot reviewer
reviewer2703864
Head of Security Architecture at a healthcare company with 5,001-10,000 employees
May 8, 2025
I have contacted the technical support and customer support. With Veracode's technical support, for some issues, it has been really difficult for them to understand the problem, and they ask us to do some tests we've already told them we completed in the first ticket.
Read full review
reviewer2731785 - PeerSpot reviewer
reviewer2731785
Information Security Strategy at a insurance company with 10,001+ employees
Jun 30, 2025
Veracode needs to shift to a more modern approach because it still feels traditional in its way of doing code scanning compared with others, such as Snyk.
Read full review
reviewer2776002 - PeerSpot reviewer
reviewer2776002
Lead Application Security Engineer at a university with 501-1,000 employees
Nov 12, 2025
Veracode can be improved with more integrations, more automations, enhanced API features, and more advanced analytics.
Read full review
SR
SrikanthRaghavan
Principal Architect at a consultancy with 11-50 employees
May 19, 2025
It would be better if we had a channel for direct communication with the engineering team to speed up the process of providing feedback.
Read full review
HS
Himadri Subudhi
Works
Apr 2, 2025
I noticed there is no integration with Bamboo.
Read full review
reviewer2774562 - PeerSpot reviewer
reviewer2774562
DevSecOps Engineer at a tech services company with 11-50 employees
Nov 4, 2025
Veracode could be improved in terms of the UI platform as it could be more seamless, and if they allow different sessions in different browsers at the same time or in different tabs that would help tremendously.
Read full review
VT
VivekT
Sr. Manager at Diconium
May 13, 2026
There were many issues when we were uploading code. The size restrictions that you enforce, the way the results are presented, and the difficulty in finding details for C and C++ all forced us to move off of it.
Read full review
Show 10 more reviews (out of 202)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Container Security
Software Composition Analysis (SCA)
Static Code Analysis
Dynamic Application Security Testing (DAST)
Application Security Posture Management (ASPM)

Popular Comparisons

Popular Comparisons
SonarQube vs Veracode Logo
SonarQube vs Veracode
Wiz vs Veracode Logo
Wiz vs Veracode
Snyk vs Veracode Logo
Snyk vs Veracode
Microsoft Defender for Cloud vs Veracode Logo
Microsoft Defender for Cloud vs Veracode
Prisma Cloud by Palo Alto Networks vs Veracode Logo
Prisma Cloud by Palo Alto Networks vs Veracode
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
GitLab vs Veracode Logo
GitLab vs Veracode
Orca Security vs Veracode Logo
Orca Security vs Veracode
CrowdStrike Falcon Cloud Security vs Veracode Logo
CrowdStrike Falcon Cloud Security vs Veracode
JFrog Xray vs Veracode Logo
JFrog Xray vs Veracode
PortSwigger Burp Suite Professional vs Veracode Logo
PortSwigger Burp Suite Professional vs Veracode
Acunetix vs Veracode Logo
Acunetix vs Veracode
Coverity Static vs Veracode Logo
Coverity Static vs Veracode
Black Duck SCA vs Veracode Logo
Black Duck SCA vs Veracode
FortiCNAPP vs Veracode Logo
FortiCNAPP vs Veracode
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Container Security
Software Composition Analysis (SCA)
Static Code Analysis
Dynamic Application Security Testing (DAST)
Application Security Posture Management (ASPM)

Popular Comparisons

Popular Comparisons
SonarQube vs Veracode Logo
SonarQube vs Veracode
Wiz vs Veracode Logo
Wiz vs Veracode
Snyk vs Veracode Logo
Snyk vs Veracode
Microsoft Defender for Cloud vs Veracode Logo
Microsoft Defender for Cloud vs Veracode
Prisma Cloud by Palo Alto Networks vs Veracode Logo
Prisma Cloud by Palo Alto Networks vs Veracode
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
GitLab vs Veracode Logo
GitLab vs Veracode
Orca Security vs Veracode Logo
Orca Security vs Veracode
CrowdStrike Falcon Cloud Security vs Veracode Logo
CrowdStrike Falcon Cloud Security vs Veracode
JFrog Xray vs Veracode Logo
JFrog Xray vs Veracode
PortSwigger Burp Suite Professional vs Veracode Logo
PortSwigger Burp Suite Professional vs Veracode
Acunetix vs Veracode Logo
Acunetix vs Veracode
Coverity Static vs Veracode Logo
Coverity Static vs Veracode
Black Duck SCA vs Veracode Logo
Black Duck SCA vs Veracode
FortiCNAPP vs Veracode Logo
FortiCNAPP vs Veracode
See all alternatives
Related questions
  • 83
What is the biggest difference between Veracode and Checkmarx?
  • 135
Which gives you more for your money - SonarQube or Veracode?
  • 123
Checkmarx or Veracode. Which should we choose?
  • 36
Would you recommend Veracode? What are some of your use cases?
  • 127
Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode
  • 40
What do I scan when changing code in Veracode?
  • 275
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 212
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 341
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 307
What are the Top 5 cybersecurity trends in 2022?