OpenText Static Application Security Testing vs Veracode comparison

OpenText Static Application...

Read 207 Veracode reviews

18,784 Views
3,569 Comparison Views

90% willing to recommend

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Dec 28, 2025

Veracode and OpenText Static Application Security Testing compete in the application security testing market. Veracode seems to have the upper hand due to its comprehensive feature set and strong integration support.

Features: Veracode offers static and dynamic analysis, supports multiple programming languages and platforms, and has strong integration capabilities. OpenText, on the other hand, lacks the breadth of features that Veracode provides, particularly in integration support and user training.

Room for Improvement: Veracode could reduce false positives, enhance reporting and analytics, accelerate scan speeds, and expand language support. OpenText needs to enhance its features to better compete with rivals like Checkmarx, especially in supporting the latest programming languages and improving user experience.

Ease of Deployment and Customer Service: Veracode offers flexible deployment options like public cloud environments and is praised for its customer service with quick responses. OpenText primarily offers on-premises or hybrid cloud setups, limiting deployment flexibility, and although its customer service receives solid ratings, users note some response time and issue resolution improvements are needed.

Pricing and ROI: Veracode's comprehensive solution comes at a premium price, often justified by its features and support, sometimes being costly for smaller enterprises. OpenText also has a high price point, catering to larger enterprises with competitive market pricing, but it may not match Veracode in feature richness.

To learn more, read our detailed OpenText Static Application Security Testing vs. Veracode Report (Updated: December 2025).

OpenText Static Application Security Testing vs. Veracode

Download the complete report

Helped 879,259 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

ROI

Sentiment score

6.8

OpenText Static Application Security Testing received mixed reviews, praising cost savings and partnerships, but highlighting challenges in quantifying ROI.

Sentiment score

6.6

Veracode enhances code security and quality, saves time and costs, supports compliance, and boosts client trust and retention.

No quotes available

For more quotes and insights, download the OpenText Static Application Security Testing report

The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.

AlejandroMosso

Senior Solutions Architect at IDS Comercial

Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.

reviewer2703864

Head of Security Architecture at a healthcare company with 5,001-10,000 employees

We did see a return on investment with Veracode, as we segregated our remediation efforts, which reduced our time to delivery as well as the number of engineers needed to help us in delivering a secure solution.

reviewer2774562

DevSecOps Engineer at a tech services company with 11-50 employees

For more quotes and insights, download the Veracode report

Customer Service

Sentiment score

6.7

Generally positive with dedicated teams, though some seek improvements in ticket system and responsiveness for OpenText support.

Sentiment score

7.2

Veracode support is praised for expertise and responsiveness, but some users report delays and unhelpful interactions with complex issues.

The customer service and support for Fortify Static Code Analyzer are better than those for LoadRunner.

For more quotes and insights, download the OpenText Static Application Security Testing report

CTO at Marco Technology

The technical support has been good because we always received answers to our questions.

EvgenGulak

Manager at DTEK

Access to the engineering team is crucial for faster feedback on the product fix process.

SrikanthRaghavan

Principal Architect at a consultancy with 11-50 employees

I have communicated with the technical support of Veracode a couple of times, and this was a really great experience because these professionals know their material.

Andrei Kriukov

Application Security Specialist at Herrenknecht

They share detailed information via email, including screenshots or further clarification about the issue.

reviewer2753535

DevSecOps Engineer at a tech services company with 1,001-5,000 employees

For more quotes and insights, download the Veracode report

Scalability Issues

Sentiment score

7.8

OpenText SAST is scalable for various project sizes but needs improvement in speed and infrastructure management.

Sentiment score

7.5

Veracode offers impressive scalability, efficiently handling growth and multiple applications, despite some licensing challenges, earning high user ratings.

Fortify Static Code Analyzer integrates well and is scalable.

For more quotes and insights, download the OpenText Static Application Security Testing report

CTO at Marco Technology

Cloud solutions are easier to scale than on-premise solutions.

AlejandroMosso

Senior Solutions Architect at IDS Comercial

It has a good capacity to scale effectively.

Brintha Prabakar

Lead Automation Quality Engineer in Leading UK Bank at a consultancy with 10,001+ employees

Implementing these features into our normal CI/CD was good, so I can say that scalability is really good.

Andrei Kriukov

Application Security Specialist at Herrenknecht

For more quotes and insights, download the Veracode report

Stability Issues

Sentiment score

7.5

OpenText Static Application Security Testing is reliable and stable, with improvements since version 19.10, and benefits from proper training.

Sentiment score

7.8

Veracode is highly reliable with minimal downtime and issues, though occasional scan speed and false positive concerns exist.

The stability of Fortify Static Code Analyzer is generally good.

CTO at Marco Technology

I would rate the product stability as an eight.

For more quotes and insights, download the OpenText Static Application Security Testing report

Lead Information Security Analyst at a financial services firm with 10,001+ employees

If the Veracode server is down, we experience many issues during the scan.

Brintha Prabakar

Lead Automation Quality Engineer in Leading UK Bank at a consultancy with 10,001+ employees

It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.

reviewer2703864

Head of Security Architecture at a healthcare company with 5,001-10,000 employees

For more quotes and insights, download the Veracode report

Room For Improvement

OpenText SAST faces high costs, complex use, false positives, and needs better integration, language support, and feature enhancements.

Veracode users face false positives, outdated UI, integration issues, slow scans, and desire flexible pricing and improved support.

We would appreciate if the AI could give us more information about improvements and reduce the number of false positives, but this solution doesn't have this function yet.

EvgenGulak

Manager at DTEK

It should be easier to install, perhaps through a container-based approach where everything is combined into one image or pack of containers.

CTO at Marco Technology

It would be really helpful to include trending vulnerabilities and how to manage them.

For more quotes and insights, download the OpenText Static Application Security Testing report

Lead Information Security Analyst at a financial services firm with 10,001+ employees

If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.

Himadri Subudhi

Works

We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.

Brintha Prabakar

Lead Automation Quality Engineer in Leading UK Bank at a consultancy with 10,001+ employees

A nice addition would be if it could be extended for scenarios with custom cleansers.

reviewer2700198

IT App Security Senior Analyst at a transportation company with 10,001+ employees

For more quotes and insights, download the Veracode report

Setup Cost

Enterprise users find OpenText Static Application Security Testing's pricing high but consider it economical compared to other major solutions.

Veracode's pricing is costly, but its features suit large enterprises; smaller businesses should consider alternatives due to budget constraints.

The pricing of Fortify Static Code Analyzer is good, with a flexible model that allows customers to choose a setup that suits their needs.

CTO at Marco Technology

My experience with the pricing, setup costs, and licensing has been good.

For more quotes and insights, download the OpenText Static Application Security Testing report

Lead Information Security Analyst at a financial services firm with 10,001+ employees

It's not the most expensive solution.

AlejandroMosso

Senior Solutions Architect at IDS Comercial

Overall, Veracode's pricing is lower and more scalable than many alternatives in the market.

reviewer2753535

DevSecOps Engineer at a tech services company with 1,001-5,000 employees

If there's a security gap, you'll never know the cost or effect.

Himadri Subudhi

Works

For more quotes and insights, download the Veracode report

Valuable Features

OpenText SAST enhances security by automating vulnerability detection, integrating across tools, and providing detailed remediation and compliance guidance.

Veracode provides comprehensive code analysis, vulnerability management, and integration tools, enhancing security and supporting complex project needs efficiently.

Fortify Static Code Analyzer has the capability of giving fewer false positives compared to other tools.

Lead Information Security Analyst at a financial services firm with 10,001+ employees

The most valuable feature of Fortify Static Code Analyzer is its extensive language support, covering many languages from legacy ones to the newest.

For more quotes and insights, download the OpenText Static Application Security Testing report

CTO at Marco Technology

The most impactful feature of Fortify Static Code Analyzer in identifying vulnerabilities is the ratio of total number of vulnerabilities to false positives.

EvgenGulak

Manager at DTEK

It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.

Kv Rao

Site Leader (India) at Industrial Scientific

The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.

Himadri Subudhi

Works

It fixes issues directly in the IDE while you're doing it.

reviewer2700198

IT App Security Senior Analyst at a transportation company with 10,001+ employees

For more quotes and insights, download the Veracode report

Categories and Ranking

OpenText Static Application...

Ranking in Static Code Analysis

3rd

Average Rating

8.2

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

No ranking in other categories

Veracode

Ranking in Static Code Analysis

1st

Average Rating

8.0

Reviews Sentiment

6.9

Number of Reviews

207

Ranking in other categories

Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Dynamic Application Security Testing (DAST) (1st), Application Security Posture Management (ASPM) (1st)

Mindshare comparison

As of December 2025, in the Static Code Analysis category, the mindshare of OpenText Static Application Security Testing is 8.3%, down from 10.9% compared to the previous year. The mindshare of Veracode is 16.5%, down from 30.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Code Analysis Market Share Distribution
Product	Market Share (%)
Veracode	16.5%
OpenText Static Application Security Testing	8.3%
Other	75.2%

Static Code Analysis

Featured Reviews

Focuses on detailed scans to find critical vulnerabilities while ensuring minimal false positives

Lead Information Security Analyst at a financial services firm with 10,001+ employees

I think Fortify Static Code Analyzer could be improved by updating the number of rule packs according to the latest vulnerabilities we find each year. We have updated to a version that is one less than the current latest version. It would be really helpful to include trending vulnerabilities and how to manage them. While it includes all the OWASP top factors, AI has come into the picture, so those updates should also be considered. I haven't thought much about additional features for improvement since I am using it daily. Most of our work revolves around scanning and providing the results, which sometimes feels like a crunch. However, I believe rule pack updates should be implemented. It feels easy to upgrade to the latest version as well.

Read full review

reviewer2703864

Head of Security Architecture at a healthcare company with 5,001-10,000 employees

Onboarding developers successfully while improving code security through IDE integration

Regarding room for improvement, we have some problems when onboarding new projects because the build process has to be done in a certain way, as Veracode analyzes the binaries and not the code by itself alone. If the process is not configured correctly, it doesn't work. That's one of the things that we are discussing with Veracode. Something positive that we've been able to do is submit formal feature requests to them, and they are working on them; they've already solved some of them. This encourages us to propose new ideas and improvements. Another improvement that we asked for this use case is to be able to configure how Veracode Fix proposes and fixes because sometimes it makes proposals using libraries that go against our architecture design made by the enterprise architecture team. For example, we want them to propose using another library, and that's something we already asked Veracode, and they are working on it. We want to specify when you see this kind of vulnerability, you can only propose these two options.

Read full review

See which vendors are best for you

Use our free recommendation engine to learn which Static Code Analysis solutions are best for your needs.

See recommendations

879,259 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

28%

Computer Software Company

11%

Manufacturing Company

Government

Financial Services Firm

17%

Computer Software Company

14%

Manufacturing Company

10%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	4
Midsize Enterprise	3
Large Enterprise	11

By reviewers
Company Size	Count
Small Business	70
Midsize Enterprise	44
Large Enterprise	113

Questions from the Community

What do you like most about Fortify Static Code Analyzer?

Integrating the Fortify Static Code Analyzer into our software development lifecycle was straightforward. It highlights important information beyond just syntax errors. It identifies issues like pa...

What is your experience regarding pricing and costs for Fortify Static Code Analyzer?

My experience with the pricing, setup costs, and licensing has been good. We have the scan machines, and we are planning to request more from Micro Focus now. We have calls every month or every oth...

What needs improvement with Fortify Static Code Analyzer?

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

What do you like most about Veracode Static Analysis?

I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities.

What is your experience regarding pricing and costs for Veracode Static Analysis?

My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.

Black Duck SCA vs OpenText Static Application Security Testing

Comparisons

Compared 29% of the time

Snyk vs OpenText Static Application Security Testing

Compared 13% of the time

Sonatype Lifecycle vs OpenText Static Application Security Testing

Compared 7% of the time

JFrog Xray vs OpenText Static Application Security Testing

Compared 6% of the time

Mend.io vs OpenText Static Application Security Testing

Compared 6% of the time

More OpenText Static Application Security Testing Competitors

SonarQube vs Veracode

Compared 14% of the time

Checkmarx One vs Veracode

Compared 8% of the time

GitHub Advanced Security vs Veracode

Compared 6% of the time

OWASP Zap vs Veracode

Compared 4% of the time

Mend.io vs Veracode

Compared 3% of the time

More Veracode Competitors

Product Reports

OpenText Static Application Security Testing

Download OpenText Static Application Security Testing product report

OpenText Static Application Security Testing report

Download Veracode product report

Also Known As

Fortify Static Code Analysis SAST

Crashtest Security , Veracode Detect

Overview

OpenText Static Application Security Testing empowers teams with efficient vulnerability detection and streamlined secure coding practices, offering comprehensive language support and seamless integration with development tools.

OpenText Static Application Security Testing enhances software security during development by accurately identifying vulnerabilities with minimal false positives. It integrates seamlessly with IDEs and CI/CD pipelines, making it highly efficient for early detection of security issues. Users benefit from its easy setup, clear documentation, and centralized portal for managing security findings. Despite facing challenges like high costs and complex configurations for certain languages, its role in facilitating compliance and streamlining secure coding processes is indispensable. Improvements are needed in areas such as outdated design, language support, and integration capabilities to meet evolving user expectations.

What features does OpenText Static Application Security Testing offer?

Seamless IDE Integration: Integrates effortlessly with development environments for real-time feedback.
Comprehensive Language Support: Covers a wide range of programming languages, enhancing detection accuracy.
Centralized Security Portal: Provides a streamlined interface for managing vulnerabilities.

What benefits and ROI should users consider?

Enhanced Security: Identifies vulnerabilities early, preventing potential breaches.
Time Efficiency: Automates processes and speeds up remediation efforts.
Compliance Facilitation: Assists in adhering to security standards and regulations.

Organizations across diverse sectors implement OpenText Static Application Security Testing primarily to secure applications during development phases. Its integration with tools like GitLab, Jenkins, and Azure DevOps ensures a robust security pipeline. By combining with Sonatype Nexus, secure code, and library management is achieved effectively.

OpenText

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Sample Customers

Information Not Available

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

OpenText Static Application Security Testing vs. Veracode