We performed a comparison between Rapid7 AppSpider and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"The setup is usually straightforward."
"I would say that it is stable, as I am not aware of any major issues."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"It scans all the components developed within a web application."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"The most valuable feature is the reporting, which is compliant with international standards."
"The most valuable feature is the efficiency of the tool in finding vulnerabilities."
"The most valuable feature is the SAST capability and its integration into the Veracode pipelines."
"I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them."
"Static analysis scanning engine is a key feature."
"To me, the principal feature is the CLI (command-line interface) because I put together a lot of implementations using it. Another important aspect is the low false-positive rate because the solution is very configurable. It is as low as 1 percent and that is a huge difference compared to competitors."
"Veracode Fix is a new feature that functions similarly to auto-remediation for low or medium flaw codes."
"The ability on static scans to be able to do sandbox scans which do not generate metrics."
"It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail."
"There are some glitches with stability, and it is an area for improvement."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"The dashboard and interface are crucial and they need some improvement."
"The enterprise interface is too simple. It should be more customizable."
"It needs better integration with mobile applications."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"AppSpider has some problems with the RAM needed while scanning."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"Veracode Static Analysis can improve the false positive. There are always improvements that can be done to the false positive rate. There are some things that get flagged that are not an issue. However, it is not a huge concern."
"The UI could be better. Also, there are some scenarios where there is no security flaw, but the report indicates that there is a security flaw. The report is not perfectly accurate. So, the accuracy of the scanning reports needs improvement."
"Veracode scans provide a higher number of false positives."
"The reports on offer are too verbose."
"The area with the most room for improvement is the speed and responsiveness of the query, as it is usually very slow."
"It would help to have more training for developers to help them set it up."
"I would like to see improvement on the analytics side, and in integrations with different tools. Also, the dynamic scanning takes time."
"Another thing I need is continued support for the new languages today that are popular. Most of them are scripting languages more so than real, fourth-generation, commercial grade stuff; we're evolving. Most applications are using so much open-source that, quite frankly, it would be great to see Veracode, or anybody else, extend their platform to where they are able to help secure open-source platforms or repositories."
Rapid7 AppSpider is ranked 25th in Static Application Security Testing (SAST) with 13 reviews while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. Rapid7 AppSpider is rated 7.8, while Veracode is rated 8.2. The top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix and Invicti, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Rapid7 AppSpider vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.