We performed a comparison between HCL AppScan and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can easily find particular features and functions through the UI."
"The most valuable feature of the solution is the scanning or security part."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"It provides a better integration for our ecosystem."
"The most valuable feature of HCL AppScan is scanning QR codes."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"I like the recording feature."
"I like Veracode's ease of integration with various cloud platforms and tools."
"One thing that I like about Veracode is that it is quite a good tool for dynamic application testing."
"That it is a cloud-based solution is very valuable to us. We don't need that hardware running our scans and hosting the environment to be scanned. Also, the technology, the static scanning versus dynamic scanning produces a much better result, a more accurate result."
"Regarding Software Composition Analysis, an exceptional feature is that during a SAST scan, SCA is seamlessly conducted in the background."
"From a developer's perspective, Veracode's greenlight feature on the IDE is helpful. It helps the developer to be more proactive in secure coding standards. Apart from that, static analysis scanning is definitely one of the top features of Veracode."
"The article scanning is excellent."
"The most important features, I would say, are the scanning abilities and the remediation abilities within the product. Scanning because, obviously, we want to make sure that our application code is flaw-free. And the remediation tools are helpful to the developers to help them track and manage their flaws."
"The integration capabilities with our existing development tools are very good."
"The pricing has room for improvement."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"There is room for improvement in the pricing model."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"Sometimes it doesn't work so well."
"It has crashed at times."
"The databases for HCL are small and have room for improvement."
"I think for us the biggest improvement would be to have an indicator when there's something wrong with a scan."
"The pricing for qualified startups such as Neo4j could be improved."
"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."
"Veracode doesn't really help you so much when it comes to fixing things. It is able to find our vulnerabilities but the remediation activities it does provide are not a straight out-of-the-box kind of model. We need to work on remediation and not completely rely on Veracode."
"The feature that allows me to read which mitigation answer was submitted, and to approve it, requires me to use do so in different screens. That makes it a little bit more complicated because I have to read and then I have to go back and make sure it falls under the same number ID number. That part is a little bit complicated from my perspective, because that's what I use the most."
"Static scanning takes a long time, so you need to patiently wait for the scan to achieve. I also think the software could be more accurate. It isn't 100 percent, so you shouldn't completely rely on Veracode. You need to manually verify its findings."
"The sandbox could use some improvement; when creating a sandbox, it requires us to put the application name in twice, which seems unnecessary."
"The language version support could be improved."
HCL AppScan is ranked 15th in Application Security Tools with 40 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. HCL AppScan is rated 7.6, while Veracode is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". HCL AppScan is most compared with SonarQube, Acunetix, OWASP Zap, PortSwigger Burp Suite Professional and Checkmarx One, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and GitLab. See our HCL AppScan vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.