No more typing reviews! Try our Samantha, our new voice AI agent.

Fortify Software Security Center vs Veracode comparison

OpenText and Veracode are both solutions in the Static Application Security Testing (SAST) category. OpenText is ranked #19 with an average rating of 9.0, while Veracode is ranked #3 with an average rating of 7.5. OpenText holds a 1.5% mindshare in SAST, compared to Veracode’s 4.8% mindshare. Additionally, 100% of OpenText users are willing to recommend the solution, compared to 89% of Veracode users who would recommend it.
Fortify Software Security C...
Read 8 Fortify Software Security Center reviews
  • 2,178 Views
  • 2,091 Comparison Views
100% willing to recommend
Veracode
Read 208 Veracode reviews
  • 24,557 Views
  • 13,752 Comparison Views
89% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

Veracode and Fortify Software Security Center are leading competitors in the application security solutions market. Users express higher satisfaction with Veracode in support and pricing, while Fortify is preferred for its extensive features, aligning with its higher costs.

Features: Veracode is known for its scanning capabilities, offering efficient integrations and comprehensive coverage across many languages. It supports automation for CI/CD pipelines. Fortify provides an extensive range of security checks with in-depth static analysis, beneficial for complex security needs, and is favored for its configurability.

Room for Improvement: Veracode users want better reporting functionalities and more customization in scan profiles. Fortify users suggest improving its learning curve and scan performance, especially for large applications.

Ease of Deployment and Customer Service: Veracode is recognized for its straightforward cloud-based deployment and requires minimal configuration. Users value its proactive and responsive support. Fortify's deployment can be resource-intensive, with complex on-premise setups, but offers specialized technical assistance in customer service.

Pricing and ROI: Veracode provides competitive pricing that appeals to budget-conscious users, delivering strong ROI through reduced security risks. Fortify's higher setup costs are justified by its capabilities, offering significant ROI for enterprises needing thorough security coverage. Veracode is often more appealing to smaller organizations, while Fortify is an investment for larger firms prioritizing security comprehensiveness.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Fortify Software Security Center vs. Veracode Report (Updated: June 2026).
Buyer's Guide
Fortify Software Security Center vs. Veracode
June 2026
Download the complete report
Helped 900,747 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortify Software Security C...
Ranking in Static Application Security Testing (SAST)
19th
Average Rating
8.0
Reviews Sentiment
4.6
Number of Reviews
8
Ranking in other categories
No ranking in other categories
Veracode
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
208
Ranking in other categories
Application Security Tools (3rd), Container Security (12th), Software Composition Analysis (SCA) (2nd), Static Code Analysis (1st), Dynamic Application Security Testing (DAST) (1st), Application Security Posture Management (ASPM) (1st)
 

Mindshare comparison

As of June 2026, in the Static Application Security Testing (SAST) category, the mindshare of Fortify Software Security Center is 1.5%, up from 0.4% compared to the previous year. The mindshare of Veracode is 4.8%, down from 8.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Mindshare Distribution
ProductMindshare (%)
Veracode4.8%
Fortify Software Security Center1.5%
Other93.7%
Static Application Security Testing (SAST)
 

Featured Reviews

Diego Caicedo Lescano - PeerSpot reviewer
Diego Caicedo Lescano
Chief Innovation Officer at SAGGA
Enables centralized analysis and improves governance through seamless tool integration
The main use case for Fortify Software Security Center is exceptional because we have governance and control through that console. You can centralize both static analysis and dynamic analysis, and correlate both analyses in one tool to get better results by combining those independent results from each solution. That is outstanding, and there is no tool I have seen on the market that offers these capabilities. I appreciate the interoperability with other solutions from Fortify Software Security Center. Because we are using Kiuwan, you can run Kiuwan analyses and integrate them with Fortify Software Security Center to get those results in a single console. That is a good console for centralizing things in one point. That is one of the best features of the on-premises Fortify.
Read full review
reviewer2753535 - PeerSpot reviewer
reviewer2753535
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
Integrates security into the development process and improves team collaboration
Veracode helps organizations develop software by reducing the risk of security vulnerabilities through developer enablement and applications focused on governance. You can utilize different levels of processes to achieve better performance or a more scalable service. Since I started working with it in 2022, I’ve found it to be cost-effective as well. Overall, Veracode is a user-friendly security tool. It includes features such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). During the development phase, we can identify vulnerabilities in the application. This process occurs in the staging environment during development. When we're ready to go to production, we conduct a final check. Essentially, this tool helps identify vulnerabilities during the code development stage, including both high-level vulnerabilities and those related to open-source software composition. We utilize specific methodologies for this purpose. Additionally, it offers a feature that allows us to set up policies based on client requirements. This means we can customize the tool to meet the specific needs of our clients, ensuring that they receive the appropriate level of security in their applications. Veracode is user-friendly as well. Compared to other tools, their scans take 15 minutes or under. If you have a large scale of libraries or data, it might take longer, but based on my personal experience, the scan usually runs within fifteen minutes. For my case study using the Veracode tool, I worked on an internal project following industry standards. We used Veracode to improve our security posture and speed up the time to market by streamlining the development process. This enhanced collaboration between developers, operations, and security teams. The automated scanning process helped identify and fix vulnerabilities earlier in the development process. We maintained compliance with regulatory requirements, avoided fines, and built customer trust by integrating security into the development process. When we conduct this scan, we receive data on a list of vulnerabilities. This information improved our communication and increased transparency, which leads to better reports about the efforts being put in. This results in a more effective and efficient collaboration process, making it user-friendly for all involved. When considering costs, if we resort to manual processes, it can be time-consuming. Therefore, we utilize automated scans to identify and fix security issues. This allows us to address vulnerabilities early in the development process, as we discussed previously. This applies both to our in-house code and third-party libraries, using Software Composition Analysis (SCA) agent-based scans. In the future, we will also implement SCA agent-based scans as a separate feature within Veracode, which can help organizations avoid the expensive and time-consuming consequences of security issues. Furthermore, we have seen an increase in compliance, helping to maintain adherence to regulatory requirements and industry standards, thereby avoiding fines and reputational damage associated with noncompliance. Additionally, by integrating security into the development process, we enhance customer trust in our organization and its products.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Fortify Analytics' AI function helps scan and provides more detailed explanations and recommendations about vulnerabilities."
"The overall rating for this tool is ten out of ten."
"You can easily download the tool's rule packs and update them."
"I like the explanation of issues provided by Fortify Software Security Center."
"The reporting is very useful because you can always view an entire list of the issues that you have."
"The main use case for Fortify Software Security Center is exceptional because we have governance and control through that console."
"This is a stable solution at the end of the day."
"It's very important because they want to scan their source code every day, so we provide CICD integration to our customers so they can auto build and auto test every day, get reports, and fix issues."
More Fortify Software Security Center pros
"When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them."
"We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing."
"We used Veracode to improve our security posture and speed up the time to market by streamlining the development process, which enhanced collaboration between developers, operations, and security teams."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
"Veracode provides visibility into application status at every phase of development through static analysis."
"The coding standards in our development group have improved. From scanning our code we've learned the patterns and techniques to make our code more secure. An example would be SQL injection. We have mitigated all the SQL injection in our applications."
"Reduced dependency on the security team to run scans."
"Using Veracode has helped to improve our organization in that we now have discipline in terms of periodically scanning our systems."
More Veracode pros
 

Cons

"The product's overlap feature is restrictive and requires more customization efforts, which can be expensive."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"The initial setup of this solution is very complex. Specifically, the integration between other parts of the solution is difficult."
"Fortify Software Security Center's setup is really painful."
"I am not satisfied with the percentage of false positives, which is around eighteen percent."
"Improvements needed for Software Security Center include better aggregation views of datasets."
"We are having issues with false positives that need to be resolved."
"The support for Fortify on-premises is the same as for the other products. I would say the support is not good and I would rate it a three out of ten."
"Software developers are always thinking about the next big thing but lose sight of what's happening right now. If you have an idea for a feature request, you must submit it to be voted on by the Veracode community. I don't like this. No one will look at it unless enough people vote for it."
"The number of false positives could be reduced a lot. For each good result, we are getting somewhere around 15 to 20 false positives."
"Veracode's false positives have room for improvement."
"The only areas that I'm concerned with are some of the newer code libraries, things that we're starting to see people dabble with. They move quickly enough to get them into the Analysis Engine, so I wouldn't even say it is a complaint. It is probably the only thing I worry about: Occasionally hitting something that is built in some other obscure development model, where we either can't scan it or can't scan it very well."
"The scanning on the UI portion of our applications is straightforward, but folks were having challenges with scans that involved microservices. They had to rope in an expert to have it sorted."
"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."
"I think for us the biggest improvement would be to have an indicator when there's something wrong with a scan."
"The solution has issues with scanning. It tries to decode the binaries that we are trying to scan."
More Veracode cons
 

Pricing and Cost Advice

"This is a costly solution that could be cheaper."
"As a Fortify partner company providing technical support, I find the product expensive in our country, where local, inexpensive products are available."
"The solution is priced fair."
"Its pricing is fair."
"The price of Veracode Static Analysis could improve."
"I have not examined Veracode's pricing in detail, but from an industry perspective, I see that there is a tendency toward Veracode, which suggests competitive pricing."
"The pricing is a bit high."
"The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
"I don't have firsthand knowledge of Veracode pricing, but based on client feedback, it seems to be expensive with additional fees for certain features."
"Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode."
"For enterprises, Veracode has done a fairly good job, but its pricing is not suitable for startups. The microservice distributed architecture for a startup is very small. I had to do a lot of discussions on the pricing initially. I previously worked in an enterprise organization where I used Veracode, and that's how I got to know about Veracode, but that was a big organization with more than a thousand employees. So, the cost is very different for them because the size of the application is different. Its pricing makes sense there, but when we try to onboard this solution for the startup ecosystem, pricing is not friendly. Because I knew the product and I knew its value, I onboarded it, but I don't think any other startup at our scale will onboard it."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
900,747 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
13%
Financial Services Firm
11%
Government
8%
Comms Service Provider
7%
Financial Services Firm
16%
Manufacturing Company
11%
Computer Software Company
9%
Construction Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise1
Large Enterprise3
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise46
Large Enterprise114
 

Questions from the Community

What is your experience regarding pricing and costs for Micro Focus Software Security Center?
The pricing for the on-premises Fortify is expensive.
See all answers
What needs improvement with Micro Focus Software Security Center?
In my opinion, there are no areas that could be improved with Fortify Software Security Center. I would say it is a good product and a mature product. However, the SAST has many improvement areas. ...
See all answers
What is your primary use case for Micro Focus Software Security Center?
We have installed Fortify Static Code Analysis, SAST, in Ecuador in two customers. The Fortify ScanCentral includes three components: SAST, Fortify Software Security Center, and the WebInspect.
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed AppSec platform with strong focus on ease of use, it is SaaS delivery, and provide...
See all answers
What is your experience regarding pricing and costs for Veracode Static Analysis?
My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.
See all answers
 

Comparisons

Checkmarx One vs Fortify Software Security Center Logo
Checkmarx One vs Fortify Software Security Center
Compared 22% of the time
Checkmarx IaC Security / KICS vs Fortify Software Security Center Logo
Checkmarx IaC Security / KICS vs Fortify Software Security Center
Compared 12% of the time
SonarQube vs Fortify Software Security Center Logo
SonarQube vs Fortify Software Security Center
Compared 7% of the time
OpenText Core Application Security vs Fortify Software Security Center Logo
OpenText Core Application Security vs Fortify Software Security Center
Compared 7% of the time
Coverity Static vs Fortify Software Security Center Logo
Coverity Static vs Fortify Software Security Center
Compared 7% of the time
More Fortify Software Security Center Competitors
SonarQube vs Veracode Logo
SonarQube vs Veracode
Compared 6% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 5% of the time
HCL AppScan vs Veracode Logo
HCL AppScan vs Veracode
Compared 3% of the time
Coverity Static vs Veracode Logo
Coverity Static vs Veracode
Compared 3% of the time
Invicti vs Veracode Logo
Invicti vs Veracode
Compared 3% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
Static Application Security Testing (SAST)
May 2026
Fortify Software Security Center reportDownload Fortify Software Security Center product report
Buyer's Guide
Veracode
May 2026
Veracode reportDownload Veracode product report
 

Also Known As

Micro Focus Software Security Center, Application Security Center, HPE Application Security Center, WebInspect
Crashtest Security , Veracode Detect
 

Overview

Fortify Software Security Center offers comprehensive application security through a centralized console that integrates static and dynamic analysis, making it essential for organizations focused on robust security operations.

Fortify Software Security Center delivers extensive capabilities that facilitate application security testing, code audits, and bug fixes. Its centralized console enhances governance and control, while its interoperability with tools like Kiuwan and Azure strengthens its functionality. The dashboard's intuitive data customization, along with the ability to store and report data on-premises, further complements its integration capabilities. Although improvements in dataset aggregation, integration with tools like Jira, and resolution of false positives are required, its ability to scan and analyze source code to identify security violations is acknowledged.

What are the key features of Fortify Software Security Center?
  • Centralized Console: Streamlines governance and control through combined static and dynamic analysis.
  • Interoperability: Enhances functionality with tools like Kiuwan for comprehensive testing.
  • Customizability: Tailors vulnerability testing to standards such as OWASP Top Ten.
  • Macro Recording: Facilitates multi-factor authentication processes.
  • CI/CD Integration: Ensures seamless integration with development workflows.
  • Collaboration Module: Supports teamwork with clarification on issues.
  • Daily Scanning: Elevates code quality through regular evaluations.
Why should users consider Fortify Software Security Center for ROI?
  • Code Quality Enhancement: Improves coding practices through continuous deployment and daily scanning.
  • Seamless Deployment: Enhances implementation success and mitigates security threats effectively.
  • Customization Flexibility: Offers tailored solutions for overlapping features despite increased costs.
  • Collaboration Efficiency: Boosts teamwork through detailed issue explanations and analysis.

Fortify Software Security Center is adopted in software-driven industries for its robust application security capabilities. Users in technology sectors rely on its static code analysis for auditing and security testing. Its on-premises deployment model and integration with platforms like Azure make it ideal for storing and reporting data, providing customization that aligns with industry standards.

OpenText

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

  • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
  • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
  • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
  • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
  • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

  • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
  • Scalability - Supports organizations with large-scale application portfolios.
  • Compliance support - Ensures applications meet various security standards and regulations.
  • Developer training - Provides tools for educating developers on secure coding practices.
  • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode
 

Sample Customers

Neosecure, Acxiom, Skandinavisk Data Center A/S, Parkeon
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
Fortify Software Security Center vs. Veracode
June 2026
Free Report: Fortify Software Security Center vs. Veracode
Find out what your peers are saying about Fortify Software Security Center vs. Veracode and other solutions. Updated: June 2026.
DOWNLOAD NOW
900,747 professionals have used our research since 2012.
See our Fortify Software Security Center vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.