2020-03-09T08:07:51Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 8

What is your experience regarding pricing and costs for Veracode Software Composition Analysis?

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

9
PeerSpot user
9 Answers
Muhammed Shabreen - PeerSpot reviewer
CTO at RIZEK
Real User
Top 10
2022-05-12T16:57:00Z
May 12, 2022

For enterprises, Veracode has done a fairly good job, but its pricing is not suitable for startups. The microservice distributed architecture for a startup is very small. I had to do a lot of discussions on the pricing initially. I previously worked in an enterprise organization where I used Veracode, and that's how I got to know about Veracode, but that was a big organization with more than a thousand employees. So, the cost is very different for them because the size of the application is different. Its pricing makes sense there, but when we try to onboard this solution for the startup ecosystem, pricing is not friendly. Because I knew the product and I knew its value, I onboarded it, but I don't think any other startup at our scale will onboard it. Its pricing should be based on the size of the application or organization. For a startup organization, they can provide credit-based pricing. They don't need to reduce the price. AWS, Google, and other vendors do the same where they don't reduce the price, but they give credits. I have been in the industry for 15 years, and I have seen that people don't like to change technologies for many reasons. For the first year or the first 18 months, customers can explore the product completely free. If the first year is free and you are onboarded, you would stay with it if it does the job. If the product is doing its job and adding security value, there is no reason to change it in the second year, and you are also ready to pay because, in the first year, you have tested that it is working fine. A company that has used it for the first year would definitely need it in the second year because they keep adding code to the codebase. Another option is that, like Cloudflare, they provide a very slashed rate. Cloudflare onboards everyone at a very cheap price, but when you start exploring the actual use cases, they start adding.

Search for a product comparison
Fiorina Liberta - PeerSpot reviewer
Principal SRE Engineer at AIA Singapore
Real User
Top 10
2022-04-25T09:34:00Z
Apr 25, 2022

It has good, fair licensing. If the price could depend on the scope of its scanning or the languages supported, then that would be better. It is quite important to have fixed or static costs because it is easier for our financing. Compared to other solutions, Veracode is more expensive but offers a lot for free.

Evan Gertis - PeerSpot reviewer
Penetration Tester at NetFoundry
Real User
Top 10
2021-09-14T17:39:00Z
Sep 14, 2021

The thing that I'll go back to is when one of my mentors said to me "Evan, security is a critical aspect of any organization. People don't always believe in it. And the best way to sell it is to explain what could go wrong." So when we compare what could go wrong, having a third-party vulnerability, like a graph library, such as the one that Equifax used, which led to a $3 million lawsuit, and their reputation was destroyed. When you compare that to paying $8,000 for an application, it's a no-brainer. Once the reputation of an organization has been tarnished, that's it. The whole thing is completely over. Really everyone loses faith and once people lose trust, it's almost impossible to get people to believe in a vision. It's definitely worth it considering what could go wrong. The DevOps Mantra is to always be prepared for what could go wrong. Most things are going to go wrong. Having a static cost gives people confidence. And once people start using it, if the price changes, then that's going to be dependent on how much they're getting out of it.

Jagusztin Laszlo - PeerSpot reviewer
Chief Technology Architect at Alerant Zrt.
Real User
Top 10
2021-09-13T11:17:00Z
Sep 13, 2021

It's too expensive for the European market. That is why, in a big bank with 400 applications, we are able to use it for only 10 of them. But the other solutions are also expensive, so it wasn't a differentiator. The static cost model is not that important. Veracode works on a subscription model, so we have to pay for it every year.

AB
Principle Consultant at a tech services company with 11-50 employees
Consultant
Top 10
2020-12-20T08:24:00Z
Dec 20, 2020

Checkmarx is a very good solution and probably a better solution than Veracode, but it costs four times as much as Veracode. You need an entire team to maintain Checkmarx. You also need on-premise servers. So, it is a solution more for an enterprise customer. If you have a small- to medium-sized company, Checkmarx is very hard to use, because it takes so many resources. From this point of view, I would certainly recommend for now, Veracode for small- to medium-sized businesses. Compared to other similar products, the licensing and pricing are definitely competitive. If you see Checkmarx as the market leader, then we are talking about Veracode being a fraction of the cost. You also have to consider your hidden costs: you need a team to maintain it, a server, and resources. From that point of view, Veracode is great because the cost is really a fraction of many competitors. Veracode provides a very good balance between a working solution and cost.

DavidJellison - PeerSpot reviewer
Senior Director, Quality Engineering at Everbridge, Inc.
Real User
2020-11-20T11:13:00Z
Nov 20, 2020

The Veracode price model is based on application profiles, which is how you package your components for scanning. Veracode recently included SCA pricing and support pricing as a factor of the SAST scan count cost. When using microservices, you may need to negotiate pricing based on actual application counts where microservices are usually a portion of an application.

Learn what your peers think about Veracode Software Composition Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
657,849 professionals have used our research since 2012.
AldrineEinsteen - PeerSpot reviewer
Enterprise Architect at a computer software company with 1-10 employees
Real User
2020-03-16T06:56:15Z
Mar 16, 2020

I have no idea what the licensing costs on the solution are. Our IT team handles the details.

CG
Enterprise Architect, VP at a financial services firm with 501-1,000 employees
Real User
2020-03-16T06:56:00Z
Mar 16, 2020

I do not remember the licensing costs off hand. I would probably estimate it to be between 50,000 to 75,000 in our case.

HJ
Sr Director at a non-profit with 51-200 employees
Real User
2020-03-09T08:07:51Z
Mar 9, 2020

The solution recently doubled in price over the past year, which is why I've decided to move away from it. The price jump doesn't make sense. It's not like there was a sudden influx in new features or advancements. Without getting too specific, I'd say the average yearly cost is around $50,000. The costs include licensing and maintenance support.

Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Dec 20, 2020
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 5 answers
HJ
Sr Director at a non-profit with 51-200 employees
Mar 9, 2020
The solution recently doubled in price over the past year, which is why I've decided to move away from it. The price jump doesn't make sense. It's not like there was a sudden influx in new features or advancements. Without getting too specific, I'd say the average yearly cost is around $50,000. The costs include licensing and maintenance support.
CG
Enterprise Architect, VP at a financial services firm with 501-1,000 employees
Mar 16, 2020
I do not remember the licensing costs off hand. I would probably estimate it to be between 50,000 to 75,000 in our case.
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
May 12, 2022
Please share with the community what you think needs improvement with Veracode Software Composition Analysis. What are its weaknesses? What would you like to see changed in a future version?
2 out of 12 answers
AC
Associate Consultant at a comms service provider with 201-500 employees
Feb 9, 2020
A high number of false positives are reported and this should be reduced.
HJ
Sr Director at a non-profit with 51-200 employees
Mar 9, 2020
The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified. The solution needs to be more flexible. It needs to work with clients more effectively. Right now, the licensing model is based on the number of applications as opposed to being flexible and based on the number of developers or based on some other parameters. This constrains our company in terms of defining what an application is and doing the scans. We have an application with multiple deposit rates, but Veracode has a hard time recognizing the different components sitting in different depositories as one application. The solution is pretty similar to others. There wasn't anything that was so startlingly different it would make us want to stay.
Download Free Report
Download our free Veracode Software Composition Analysis Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
657,849 professionals have used our research since 2012.