No more typing reviews! Try our Samantha, our new voice AI agent.

ReversingLabs vs Veracode comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
ReversingLabs
Ranking in Container Security
52nd
Average Rating
9.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
Application Security Tools (40th), Anti-Malware Tools (42nd), Software Composition Analysis (SCA) (25th), Threat Intelligence Platforms (TIP) (28th), Software Supply Chain Security (18th)
Veracode
Ranking in Container Security
12th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
208
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Software Composition Analysis (SCA) (1st), Static Code Analysis (1st), Dynamic Application Security Testing (DAST) (1st), Application Security Posture Management (ASPM) (1st)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
TC
Forensic Lead, Global Security Fusion Center at a insurance company with 10,001+ employees
Very good malware and goodware repository and enables us to look more deeply at indicators of compromise
The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild. Also, the solution’s object and file analysis provide us with actionable insights. Its malware and goodware repository is very good. It's very robust. It gets all of the different repositories that are out there that do analysis and brings them under one roof where we can statically analyze for those indicators of compromise and look at them more deeply. If we need to go deeper into things, we can do that.
reviewer2753535 - PeerSpot reviewer
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
Integrates security into the development process and improves team collaboration
Veracode helps organizations develop software by reducing the risk of security vulnerabilities through developer enablement and applications focused on governance. You can utilize different levels of processes to achieve better performance or a more scalable service. Since I started working with it in 2022, I’ve found it to be cost-effective as well. Overall, Veracode is a user-friendly security tool. It includes features such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). During the development phase, we can identify vulnerabilities in the application. This process occurs in the staging environment during development. When we're ready to go to production, we conduct a final check. Essentially, this tool helps identify vulnerabilities during the code development stage, including both high-level vulnerabilities and those related to open-source software composition. We utilize specific methodologies for this purpose. Additionally, it offers a feature that allows us to set up policies based on client requirements. This means we can customize the tool to meet the specific needs of our clients, ensuring that they receive the appropriate level of security in their applications. Veracode is user-friendly as well. Compared to other tools, their scans take 15 minutes or under. If you have a large scale of libraries or data, it might take longer, but based on my personal experience, the scan usually runs within fifteen minutes. For my case study using the Veracode tool, I worked on an internal project following industry standards. We used Veracode to improve our security posture and speed up the time to market by streamlining the development process. This enhanced collaboration between developers, operations, and security teams. The automated scanning process helped identify and fix vulnerabilities earlier in the development process. We maintained compliance with regulatory requirements, avoided fines, and built customer trust by integrating security into the development process. When we conduct this scan, we receive data on a list of vulnerabilities. This information improved our communication and increased transparency, which leads to better reports about the efforts being put in. This results in a more effective and efficient collaboration process, making it user-friendly for all involved. When considering costs, if we resort to manual processes, it can be time-consuming. Therefore, we utilize automated scans to identify and fix security issues. This allows us to address vulnerabilities early in the development process, as we discussed previously. This applies both to our in-house code and third-party libraries, using Software Composition Analysis (SCA) agent-based scans. In the future, we will also implement SCA agent-based scans as a separate feature within Veracode, which can help organizations avoid the expensive and time-consuming consequences of security issues. Furthermore, we have seen an increase in compliance, helping to maintain adherence to regulatory requirements and industry standards, thereby avoiding fines and reputational damage associated with noncompliance. Additionally, by integrating security into the development process, we enhance customer trust in our organization and its products.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The best feature would be the ability to create policies. It is easy to control and update policies as required."
"I would definitely recommend Qualys TotalCloud to other customers."
"Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities."
"The best features in Qualys TotalCloud include the total asset management of the cloud environment. It is very easy to export the report and see the vulnerabilities related to the cloud specifically."
"I highly recommend Qualys TotalCloud to other users."
"With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API."
"Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable."
"The most valuable feature is the consolidated information that it provides from various platforms."
"As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name."
"As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources."
"As far as the availability of the content is generally concerned and the number of malicious programs that can be looked up in the repository, these are very extensive."
"We had nothing in the environment to do such analysis, so it's been a savior in many ways."
"It offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information... It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types."
"The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild."
"ReversingLabs has a large sample size."
"We have complete faith that it can do that for us, and can do it at scale."
"Integrations into our developer's IDE (Greenlight) and the DevOps Pipeline SAST / SourceClear Integrations has particularly increased our time to market and confidence."
"It helps us gain confidence that the applications we're putting out in the hands of millions and millions of people have that industrial-strength quality to them; that we don't need to worry about as much as we used to."
"One of the valuable features is that it gives us the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important."
"The tech support has been very much on the forefront of contacting customers. They help us by making sure all the processes have been outlined and are being followed. They regularly look with us at the whole platform process."
"Veracode is giving us the mandate of claiming that our code is more secure because we are using an external third-party, neutral tool to examine our code and expose vulnerabilities."
"Right now, I couldn't ask another thing from them."
"The solution can scan old databases and old code written 20 years back."
"The best feature of Veracode is that we can do static and dynamic scans."
 

Cons

"I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools."
"We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments."
"In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."
"With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks."
"Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems."
"The support is not up to the mark and seems to be overburdened."
"The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."
"Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released."
"The solution needs to improve integrations."
"While the company is very helpful, it would be very much appreciated to have extensive proof of concept scripts for the different APIs available, though not for all the APIs that we have purchased. Respective scripts are available, but those scripts which are available are typically not of very high quality."
"We would really like further integration with our threat intelligence platform, which is called ThreatConnect. We would also really like further integrations with an endpoint protection product we use called Tanium. The reason I mentioned both of these is that ReversingLabs claims to have extensive integrations with both of them, but they did not work for us."
"I would like to see if we could do a little bit more of bulk uploading of hash sets. Right now, I can only do them individually."
"The product support could be better at times. Sometimes, the resources that they provide could be of higher quality."
"There needs to be better API integration to the development team's pipeline, which is something that is missing and needs to be improved."
"The current version of the application does not support testing for API."
"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."
"Veracode doesn't really help you so much when it comes to fixing things. It is able to find our vulnerabilities but the remediation activities it does provide are not a straight out-of-the-box kind of model. We need to work on remediation and not completely rely on Veracode."
"The Greenlight product that integrates into the IDE is not available for PHP, which is our primary language."
"I noticed there is no integration with Bamboo."
"My advice for anybody who is interested in implementing this solution is to ensure that your technology is actually supported because the coverage is quite patchy."
"An area for improvement I found in Veracode is the connectivity because currently, my company uses a plugin for the dev-ops cloud-based connectivity. A pretty helpful feature would be if Veracode gives a direct code for connecting to the Oracle server directly and authenticating it via a unique server."
 

Pricing and Cost Advice

"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"The cost is high, but it meets our organizational needs."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"We have a yearly contract based on the number of queries and malicious programs which can be processed."
"Currently, the license number of lookups that we purchased has not been reached yet, because the integration has only recently been completed. However, our usage is expected and planned to increase over the next couple of months."
"Users in some forums mentioned that pricing for this solution can be quite high."
"It is pricey. There is a lot of value in the product, but it is a costly tool."
"The price of Veracode Static Analysis is expensive. There is an annual fee to use the solution and the company is upfront with the pricing model and fees."
"If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."
"Veracode is a very expensive product."
"I wouldn't really recommend Veracode for a small firm, because it might be a little pricey for them. But for a large organization, with more than 1,000 applications in the enterprise, there are tiered levels of pricing."
"Costs are reasonable. No special infrastructure is required and the license model is good."
"The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
903,147 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Construction Company
16%
Financial Services Firm
12%
Computer Software Company
8%
Manufacturing Company
7%
Financial Services Firm
15%
Manufacturing Company
11%
Computer Software Company
9%
Construction Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise46
Large Enterprise114
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
Ask a question
Earn 20 points
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. Son...
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed Ap...
What is your experience regarding pricing and costs for Veracode Static Analysis?
My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.
 

Comparisons

 

Also Known As

Qualys TotalCloud with FlexScan
ReversingLabs Titanium, ReversingLabs secure.software
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

Information Not Available
Financial services, healthcare, government, manufacturing, oil & gas, telecommunications, information technology
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about ReversingLabs vs. Veracode and other solutions. Updated: June 2026.
903,147 professionals have used our research since 2012.