Veracode and Checkmarx One are prominent players in the application security testing domain. Veracode appears to have an advantage with its extensive cloud integration, while Checkmarx One offers superior on-premises support, making it preferable for organizations with these specific needs.
Features: Veracode offers comprehensive static, dynamic, and software composition analysis, extensive language support, and advanced features like vulnerability management, remediation recommendations, and sandbox scans. Checkmarx One provides static code analysis with flexible rule creation, detailed vulnerability tracking, extensive language support, and customizable reporting and security compliance frameworks.
Room for Improvement: Veracode faces challenges with false positives, complex configuration, UI limitations, and requires better integration with modern development frameworks. Checkmarx One shares similar concerns with false positives, complex licensing, and high costs for additional functionalities. Enhancements in DAST capabilities and improved UI flexibility are also needed.
Ease of Deployment and Customer Service: Veracode's cloud-based architecture ensures simplified deployment, appealing to hybrid and public cloud users. It receives positive support feedback but can occasionally have delayed resolutions. Checkmarx One's on-premises deployment supports internal hosting, and users appreciate knowledgeable support with room for faster resolutions.
Pricing and ROI: Veracode is seen as expensive, particularly for smaller enterprises and microservices, yet larger organizations find its features justify the cost. The ROI is typically realized through streamlined processes. Checkmarx One users have similar cost concerns due to high licensing fees, though cost-effectiveness becomes apparent in larger organizations.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
The responsiveness and quality of documentation from Veracode are notable compared to other tools we are currently using.
They are very responsive and quick to help with queries within our scope.
They respond very quickly since security is something critical.
It has a good capacity to scale effectively.
Cloud solutions are easier to scale than on-premise solutions.
If the Veracode server is down, we experience many issues during the scan.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
Veracode can improve the licensing model as it is a bit confusing.
It's not the most expensive solution.
Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode.
If there's a security gap, you'll never know the cost or effect.
Veracode provides visibility into application status at every phase of development, including static analysis.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
If there are any security flaws or vulnerabilities identified, they are able to provide sufficient justification or details about the security flaws.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.
What are the key features of Veracode?
What benefits should users consider in Veracode reviews?
Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.
Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.