Veracode Reviews

Name: Veracode
Brand: Veracode
Rating: 4.0 (203 reviews)

4.0 out of 5

203 reviews
90% willing to recommend

What is Veracode?

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Get the Veracode Buyer's Guide and find out what your peers are saying about Veracode, SonarQube Server (formerly SonarQube), Wiz and more!

Veracode is the #1 ranked solution in top Static Code Analysis solutions, #2 ranked solution in application security solutions, #2 ranked solution in AST tools, #2 ranked solution in top Application Security Posture Management (ASPM) solutions, #3 ranked solution in top Software Composition Analysis (SCA) solutions, and #8 ranked solution in Container Security Solutions. PeerSpot users give Veracode an average rating of 8.0 out of 10. Veracode is most commonly compared to SonarQube Server (formerly SonarQube): Veracode vs SonarQube Server (formerly SonarQube). Veracode is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 16% of all views.

Helped 866,088 peers since 2012

Featured Veracode reviews

reviewer2703864

Head of Security Architecture at a healthcare company with 5,001-10,000 employees

One of the aspects I appreciate most about Veracode is that even though we have a license for developers, we don't get charged by the users who don't develop code but are only trying to access the platform to see the reports or the dashboard, such as architects who do some code reviews but don't develop. That's a nice feature that doesn't happen on other platforms that we analyzed. Another feature that we appreciate significantly is Veracode Fix and how it's integrated with Visual Studio Code. Even though it has some room for improvement, the key usage for us is to be able to solve everything. The developers also learn how and why they have to solve the security vulnerabilities detected. At the same time, they are developing the feature. Veracode Fix has affected our time to remediate security flaws in cases where we've been able to use it correctly because the proposals were on point, and it's been great.

Read full review

SrikanthRaghavan

Principal Architect at a consultancy with 11-50 employees

Veracode provides visibility into application status at every phase of development, as it's how we stitch it together, allowing us to introduce it at various phases to gain fast feedback. This capability increases the velocity in DevSecOps processes as developers receive feedback on vulnerabilities before committing, reducing the overall rework. It helps developers save time significantly. For instance, if I take a library and assume it's going to work until it reaches QA or UAT, where we find out there's a vulnerability, that can require extensive effort for code refactoring or redesigning; Veracode helps prevent that before the pull request is merged. Veracode impacts the overall security posture by maintaining data integrity, ensuring we are not exposed to threats from third-party libraries with known vulnerabilities. From my perspective as a SecDevOps evangelist, Veracode is crucial for an organization's shift-left security strategy. Veracode's SCA perspective offers tools that facilitate shift-left security by providing feedback before failures occur in the development process.

Read full review

Himadri Subudhi

Works

Veracode has a significant impact on my security posture. Without these tools, we would not know which libraries are vulnerable or what kind of attacks might occur, so at least from a security point of view, we can be assured we are using all non-vulnerable versions, providing a level of safety from the project team's perspective. The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins. The policy reporting does assist us with compliance. There are certain rules where fixing vulnerabilities is part of the policy. We have guidelines and we need to resolve them before putting something into a higher environment. It helps with that. Veracode provides visibility into application status at every phase of development, including static analysis. Without this tool it will be difficult for the developers or the testers in a large-scale production system go through hundreds or thousands of APIs and libraries. It helps us quickly go through and understand what needs to be fixed. It sees everything, finds all versions, and gives us a list of all of the vulnerabilities and which versions have vulnerabilities.

Read full review

Veracode mindshare

Product category:

As of August 2025, the mindshare of Veracode in the Application Security Tools category stands at 8.8%, down from 10.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools Market Share Distribution
Product	Market Share (%)
Veracode	8.8%
SonarQube Server (formerly SonarQube)	22.4%
Checkmarx One	10.3%
Other	58.5%

Application Security Tools

PeerResearch reports based on Veracode reviews

Type	Title	Date
Category	Application Security Tools	Aug 28, 2025	Download
Product	Reviews, tips, and advice from real users	Aug 28, 2025	Download
Comparison	Veracode vs SonarQube Server (formerly SonarQube)	Aug 28, 2025	Download
Comparison	Veracode vs Checkmarx One	Aug 28, 2025	Download
Comparison	Veracode vs GitHub Advanced Security	Aug 28, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	22.4%	81%	116 interviews Add to research
Wiz	4.5	N/A	95%	22 interviews Add to research

Valuable Features

Veracode's most valuable features include static and dynamic code analysis, ease of integration, and support for multiple languages. Its ability to identify vulnerabilities before code deployment and offer remediation guidance is praised by users. Veracode is integrated with IDEs and CI/CD pipelines, allowing automated scans and comprehensive reporting. The platform's low false positive rate and extensive documentation ensure confidence in addressing security flaws.

"The integrated IDE tool enables users to get instant feedback in real-time on the code itself, rather than waiting for it to go through the CI/CD pipeline and get the result."
"Veracode has impacted our overall security posture because we are from a security background."
"Veracode has impacted our overall security posture because we are from a security background. Every week, we review the dashboards of open findings."

Room for Improvement

Veracode needs improvement in reducing false positives, enhancing language support, and integrating better with development pipelines. The user interface and API capabilities require refinement for seamless navigation and better usability. Users express concerns about the scanning speed, reliability, and accuracy, which can affect productivity. Pricing models also need adjustment to be more accommodating for various organization sizes. Training and documentation could be expanded to better support user understanding and efficient adoption of Veracode's features.

"Veracode needs to shift to a more modern approach because it still feels traditional in its way of doing code scanning compared with others, such as Snyk."
"The scanning process could be more streamlined as it has certain limitations when performing manual scans. It has some checks when the content is in ZIP format or other formats, which takes two or three more steps than Fortify does."
"The scanning process could be more streamlined as it has certain limitations when performing manual scans."

ROI

Organizations using Veracode report improved code security and time savings. They find flaws earlier, reducing costly production fixes. Veracode aids compliance, enhancing client trust and sales potential. Some users estimate ROI between 25% to 60%, while others quantify avoided breaches as significant. Automation reduces manual effort, and the integration of tests into development leads to streamlined processes. Enhanced security awareness among developers also contributes positively to ROI perceptions.

Pricing

Veracode pricing is generally considered high, reflecting its comprehensive capabilities and support. Many enterprise users find the cost justified by the value it provides, though some note scalability issues and suggest negotiation for better deals. Licensing models can be complex, with recent changes like per-megabyte charges. While its pricing can challenge smaller businesses, larger organizations often view it as competitively priced compared to alternatives, achieving substantial security benefits relative to cost.

"The pricing is reasonable compared to other tools."
"I have not examined Veracode's pricing in detail, but from an industry perspective, I see that there is a tendency toward Veracode, which suggests competitive pricing."
"Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode."

Popular Use Cases

Veracode is used for application security, including static and dynamic code analysis. Organizations employ it for static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA). It helps identify vulnerabilities in custom-developed software, assess third-party libraries, and ensure secure code practices. Development teams integrate Veracode into CI/CD pipelines, utilizing features like Greenlight for real-time feedback, improving code security and compliance in fast-paced environments.

Service and Support

Veracode's customer service is highly rated, with many finding it responsive, knowledgeable, and quick to resolve issues. Users appreciate the technical support, noting the availability of consultations and the expertise of engineers. Some challenges include response times and occasional communication barriers, but most users rate their service positively, valuing dedicated support managers and the proactive nature of Veracode's support team. Premier support offers enhanced problem resolution and guidance.

Deployment

Veracode's initial setup is mixed. Some found it straightforward and quick, benefiting from clear documentation and support. Others experienced complexity, especially when integrating with existing systems, requiring technical expertise and time. The cloud-based nature eased some processes, eliminating local installations. Many relied on Veracode's assistance for a smooth transition. While some teams experienced challenges, especially with initial configurations and CI/CD integrations, others appreciated its ease of use and the ongoing support provided.

Scalability

Veracode demonstrates high scalability, consistently handling growth without issues. Many users highlight its efficient cloud-based architecture that supports extensive usage across various organizational sizes. Although some note that large-scale implementations may impact performance or require license adjustments, most find it flexible and adaptable. Users appreciate its ability to manage numerous applications swiftly and efficiently, making it a trusted choice for diverse development teams seeking reliable scaling capabilities.

Stability

Veracode is highly stable with minimal issues. Users frequently highlight its reliable performance, with many noting no downtime. While a few report occasional maintenance-related outages, these are usually well-communicated. Some mention challenges with response times or false positives, but these don't significantly impact stability. The platform has improved over time, becoming more consistent and dependable. Users appreciate its cloud-based nature, reducing concerns about disruptions.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Veracode Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	56
Midsize Enterprise	34
Large Enterprise	93

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	843
Midsize Enterprise	679
Large Enterprise	2437

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

16%

Manufacturing Company

Insurance Company

Government

Healthcare Company

Comms Service Provider

Retailer

Educational Organization

University

Media Company

Construction Company

Energy/Utilities Company

Performing Arts

Real Estate/Law Firm

Non Profit

Transportation Company

Legal Firm

Outsourcing Company

Consumer Goods Company

Logistics Company

Wholesaler/Distributor

Hospitality Company

Recreational Facilities/Services Company

Pharma/Biotech Company

Aerospace/Defense Firm

Compare Veracode with alternative products

Learn more about Veracode

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode was previously known as Crashtest Security , Veracode Detect.

Veracode customers

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Author info	Rating	Review Summary
Head of Security Architecture at a healthcare company with 5,001-10,000 employees	4.0	Veracode enhances our code development by integrating SSA and SAST, significantly improving security with features like Veracode Fix. While onboarding requires specific configurations, the platform proves cost-effective, offering a balance of detection accuracy and minimal false positives.
Principal Architect at a consultancy with 11-50 employees	4.0	I assist clients in various industries with Veracode’s SCA, SAST, and DAST, which efficiently identify vulnerabilities early in development. Improvements needed include enhanced communication with the engineering team and container scanning features. Veracode excels in SCA compared to Mend and Polaris.
Works	4.0	I use Veracode for vulnerability scanning in our development process. It efficiently detects vulnerable APIs and libraries, enhancing security. Although integration with code repositories could improve, its static analysis and early detection capabilities positively impact our DevSecOps processes.
Lead Information Security Analyst at a financial services firm with 10,001+ employees	3.5	I primarily use Veracode for third-party library scans and regularly review its findings to improve security posture, though its reporting and scanning process could be more efficient compared to Fortify. Overall, it is a helpful tool.
Lead Automation Quality Engineer in Leading UK Bank at a consultancy with 10,001+ employees	4.0	We initially used Veracode for SAST in our transformation projects, appreciating its role in our shift-left security strategy. While its scanning times and costs need improvement, it significantly reduced security flaws and saved us 60%-70% of resources.
IT App Security Senior Analyst at a transportation company with 10,001+ employees	4.0	Veracode offers a comprehensive enterprise solution providing an excellent developer experience, regulator exposure, and DevOps pipeline integration, improving remediation times. While IDE integrations are standard, adding custom cleansers would enhance its capabilities. Other options, like Checkmarx, were considered before choosing Veracode.
Manager at a government with 10,001+ employees	2.0	I've used Veracode mainly as a user but found it too complex, hard to configure, and not user-friendly, with limited integration and automation, poor support, and unclear results that make adoption and training across teams difficult.
Senior Solutions Architect at IDS Comercial	4.0	I use Veracode in the banking sector to enhance security through flexible rule definition and real-time updates. Its ability to identify network vulnerabilities reduces costs and risks. While effective, the customization of its interface could be improved.

Veracode Reviews

What is Veracode?

Featured Veracode reviews

Veracode mindshare

PeerResearch reports based on Veracode reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Veracode with alternative products

Learn more about Veracode

Veracode customers

Related questions

Product Categories

Popular Comparisons