• Home
  • CAST Application Intelligence Platform vs. Veracode

CAST Application Intelligence Platform vs Veracode comparison

Cancel
You must select at least 2 products to compare!
CAST Logo
CAST Application Intelligence Platform
Read 4 CAST Application Intelligence Platform reviews
987 views|667 comparisons
83% willing to recommend
Veracode Logo
Veracode
Read 194 Veracode reviews
24,547 views|16,538 comparisons
90% willing to recommend
Featured Review
Vishal-Goyal
Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry
Deepak Naik
It's a solution our customers trust, so when we share the report they know we've done our due diligence
The main benefit of Veracode is that we can deliver better, more secure software. Our customers also trust Veracode. When we share the Veracode... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Used for controlling the technical debt and code quality.""CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform.""It supports most programming languages.""Our clients use CAST Highlight for cloud migration. This allows them to remove or remediate the blockers which are highlighted. This part of the solution shows improvement in quality and captures feedback for our clients.""The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some of the leading frameworks in the industry, such as ISO 5055, OWASP, CWE Top 25, and NIST security guidelines. I find the security dashboard of the solution and the information it provides pretty useful. The security dashboard of the CAST Application Intelligence Platform is a feature that stands out."

More CAST Application Intelligence Platform Pros →

"The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities.""The static scan is the feature that we use the most, as it gives us insight into our source code. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly.""Regarding Software Composition Analysis, an exceptional feature is that during a SAST scan, SCA is seamlessly conducted in the background.""The best feature is definitely the detailed reports. It provides code-related queries in the order of high, medium, and low depending on what we need to do. Veracode is user-friendly as well.""The Static and Dynamic Analysis capabilities are very valuable to us. They've improved the speed of the inspection process.""It does software composition analysis, discovering open source software weaknesses.""We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes.""The main feature, and one of the most important, is the static code analysis. We are able to complete an analysis of the security flaws with this platform. It's very good at helping us find and fix flaws."

More Veracode Pros →

Cons
"It has very few plugins to access different code repositories, so source code has to be fed.""The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the CAST Application Intelligence Platform. The solution also covers some NIST rules, but it does not cater to all rules. An additional feature I'd like to see in the next update of the CAST Application Intelligence Platform is for it to provide source code developer and contributor details, especially information on which areas of code were touched. This would be a good insight as the CAST Application Intelligence Platform looks into the source code.""The integration of this solution could be improved.""Implementation could be made more simpler as it is complex.""Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering issues."

More CAST Application Intelligence Platform Cons →

"While Veracode is way ahead of its competitors on Gartner Magic Quadrant, it's a bit more expensive than Fortify. It's a good solution for the cost, but if we had a high budget, we would go with Checkmarx, which is much better than Veracode.""The solution does take a bit more time when we use it for multiple processes.""Searching for applications in Veracode is a little bit difficult. We have to minimize the length of an application's name to 47 characters. It would be good if this limit could be increased so that an application's name can be properly reflected in Veracode.""It would help if there were a training module that would explain how to more effectively integrate the SAST product into the build tool, Jenkins or Bamboo.""There were some additional manual steps or work involved that we should not have needed to do.""Veracode should provide more flexibility in its pricing and licensing modules so that it could be more affordable for all types of projects and not only for very active mission-critical projects.""The ideal situation in terms of putting the results in front of the developers would be with Veracode integration into the developer environment (IDE). They do have a plugin, which we've used in the past, but we were not as positive about it.""One area for improvement is the navigation in the UI. For junior developers or newcomers to the team, it can be confusing. The UI doesn't clearly bundle together certain elements associated with a scan. While running a scan, there are various aspects linked to it, but in the UI, they appear separate. It would be beneficial if they could redesign the UI to make it more intuitive for users."

More Veracode Cons →

Pricing and Cost Advice
  • "I do know how the CAST Application Intelligence Platform is licensed, but I'm not able to give the cost because the price is not listed. My company works with individual vendors, so pricing is on a case-to-case basis, but the vendors give specialized pricing because of the enterprise deployment, though my team is aware of product pricing based on lines of code, based on the number of applications, etc., I'm unable to give the exact licensing costs of the CAST Application Intelligence Platform. My company doesn't have to pay extra for some features or services because all are included as part of the enterprise license. On a scale of one to five, with five being very cheap and one being very expensive, I would rate the CAST Application Intelligence Platform as three out of five."

    • More CAST Application Intelligence Platform Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Software Development Analytics solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about CAST Application Intelligence Platform?
    Top Answer:CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform… more »
    Read all 3 answers   →
    What needs improvement with CAST Application Intelligence Platform?
    Top Answer:Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering… more »
    Read all 3 answers   →
    What is your primary use case for CAST Application Intelligence Platform?
    Top Answer:CAST AIP is a valuable solution for quality metrics and application security. It is beneficial for software architecture detection.
    Read all 3 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    3rd
    out of 10 in Software Development Analytics
    Views
    987
    Comparisons
    667
    Reviews
    2
    Average Words per Review
    860
    Rating
    7.5
    2nd
    out of 75 in Application Security Tools
    Views
    24,547
    Comparisons
    16,538
    Reviews
    94
    Average Words per Review
    989
    Rating
    8.1
    Comparisons
    Also Known As
    CAST AIP
    Crashtest Security , Veracode Detect
    Learn More
    CAST
    Veracode
    Overview

    CAST Application Intelligence Platform (AIP), a result of over $130M in R&D investment over two decades, is an enterprise-grade software measurement and quality analysis solution designed to analyze multi-tiered, multi-technology applications for technical vulnerabilities and adherence to architectural and coding standards and then provide business relevant information to the IT organization through various dashboards and products built with end users in mind.

    • Application Analytics Dashboard (CAST AAD): Provides IT executives with accurate business relevant analytics to drive their organization
    • Application Engineering Dashboard (CAST AED): Provides engineering and QA teams with powerful code and system level structural flaw insight and remediation guidance
    • Enlighten: Delivers to developers a powerful deep understanding of their application’s structure
    • Architecture Checker: Gives architects a reliable, automated solution to enforce architectures that deliver stability and performance of their critical applications

    CAST’s underlying system-level analysis technology assesses both the health of an application, as measured through numerous health factors, as well as specific structural and system-level defects that drive performance and stability issues providing true system level analysis.

    Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

    Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

    Sample Customers
    Steria, T-Systems MMS, Atos Origin, Accenture, Capgemini
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm26%
    Computer Software Company15%
    Manufacturing Company12%
    Insurance Company9%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    VISITORS READING REVIEWS
    Small Business12%
    Midsize Enterprise11%
    Large Enterprise77%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise14%
    Large Enterprise69%
    Buyer's Guide
    CAST Application Intelligence Platform vs. SonarQube
    May 2024
    Free Report: CAST Application Intelligence Platform vs. SonarQube
    Find out what your peers are saying about CAST Application Intelligence Platform vs. SonarQube and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    CAST Application Intelligence Platform is ranked 3rd in Software Development Analytics with 4 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. CAST Application Intelligence Platform is rated 7.0, while Veracode is rated 8.2. The top reviewer of CAST Application Intelligence Platform writes "Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". CAST Application Intelligence Platform is most compared with SonarQube, Fortify Application Defender, Fortify on Demand, Checkmarx One and BlueOptima, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer.

    We monitor all Software Development Analytics reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.