Try our new research platform with insights from 80,000+ expert users

Synopsys Software Risk Manager vs Veracode comparison

Synopsys and Veracode are both solutions in the Static Application Security Testing (SAST) category. Synopsys is ranked #31, while Veracode is ranked #2 with an average rating of 8.1. Additionally, 90% of Veracode users are willing to recommend the solution.
Synopsys Software Risk Manager
Read 1 Synopsys Software Risk Manager review
  • 559 Views
  • 445 Comparison Views
0% willing to recommend
Veracode
Read 198 Veracode reviews
  • 21,394 Views
  • 14,638 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 20, 2023

We performed a comparison between Synopsys Code Dx and Veracode based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Synopsys Code Dx offers several deployment options and an intuitive installation process. Veracode has a straightforward and easy initial setup process that allows for quick deployment and integration into existing systems.
  • Features: Synopsys Code Dx simplifies static analysis issue review, helping developers prioritize fixing critical issues. Veracode provides powerful and efficient code analysis with low false positive rates.
  • Pricing: Synopsys Code Dx does not have a free version and the pricing needs to be obtained by contacting their sales team. Veracode offers flexible licensing options and can fit within some budgets, but users may need to consider costs and explore other options. Additionally, Veracode allows temporary excess of application accounts and offers some flexibility in its licensing model.
  • Service and Support: Synopsys Code Dx offers multiple support options and 24/7 live support from representatives. Veracode provides good technical support, consultations, and a premier package for access to consultants and updates.

Comparison Result: Based on the parameters we compared, Veracode comes out ahead of Synopsys Code Dx. Although both products have valuable features and good technical support, our reviewers found that Synopsys Code Dx has higher false positive rates and less flexibility in licensing options.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: August 2024).
Buyer's Guide
Static Application Security Testing (SAST)
August 2024
Download the complete report
Helped 800,688 peers since 2012
 

Categories and Ranking

Synopsys Software Risk Manager
Ranking in Static Application Security Testing (SAST)
31st
Ranking in Software Composition Analysis (SCA)
19th
Ranking in Application Security Posture Management (ASPM)
4th
Average Rating
0.0
Number of Reviews
1
Ranking in other categories
No ranking in other categories
Veracode
Ranking in Static Application Security Testing (SAST)
2nd
Ranking in Software Composition Analysis (SCA)
2nd
Ranking in Application Security Posture Management (ASPM)
1st
Average Rating
8.2
Number of Reviews
198
Ranking in other categories
Application Security Tools (2nd), Container Security (3rd), Penetration Testing Services (3rd), Static Code Analysis (1st)
 

Featured Reviews

Saravanan_Radhakrishnan - PeerSpot reviewer
Sep 27, 2023
Facilitates continuous assessment of applications, covering both static and dynamic security aspects
The requirements are in such a place where the customers want to do a continuous assessment of their applications. The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution.  Synopsys…
Read full review
Everton Yoshitani - PeerSpot reviewer
Mar 27, 2024
I like the ease of integration and onboarding
I like Veracode's ease of integration and onboarding. You can quickly and easily get started with a new project or application. That's one area where Veracode shines relative to other tools we've evaluated. Other tools need more work or an engineer to do the setup. With Veracode, you can do the onboarding in a few steps quickly. Another beneficial feature is Veracode's reporting. The report not only outlines the security issues in detail but also offers some solutions. Even if one of our backend engineers isn't specialized in security, they can still fix the issue solely based on the suggestions in the report.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
"Veracode's most valuable aspect is continuous integration. It helps us integrate with other applications so that it can monitor the security process."
"Static scanning and software composition analysis are very helpful. I and my colleagues don't need to be an expert on all of those ancillary things, so we can focus more on the business deliverables."
"Veracode provides faster scans compared to other static analysis security testing tools."
"Good static analysis and dynamic analysis."
"I like Veracode's ease of integration with various cloud platforms and tools."
"Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers."
"It has an easy-to-use interface."
"It has provided what we were looking for in such an application, meaning static application security testing functionality. That was what we were interested in."
More Veracode pros
 

Cons

"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
"The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified."
"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had."
"Veracode's ability to fix flaws is less sophisticated than that of its competitors."
"There is room for improvement in documentation."
"It takes a lot of time to scan the applications. They can make them faster and provide an option to scan a specific portion of the app. Such a feature would be very helpful."
"We have some constraints interacting with Veracode self-support. I'm not talking about their technical support. I'm talking about self-support. We sometimes have a hard time communicating with them."
"We have approximately 900 people using the solution. The solution is scalable, but there is a high cost attached to it."
"Veracode doesn't really help you so much when it comes to fixing things. It is able to find our vulnerabilities but the remediation activities it does provide are not a straight out-of-the-box kind of model. We need to work on remediation and not completely rely on Veracode."
More Veracode cons
 

Pricing and Cost Advice

"It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."
"Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it."
"The pricing for Veracode is high, making it difficult for beginners to afford."
"Costs are reasonable. No special infrastructure is required and the license model is good."
"From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."
"Veracode is expensive. But the solution is worth it."
"Get a license at the beginning of a project. Don't wait until the end, because you want to use the product throughout the entire software development lifecycle, not just at the end. You could be surprised, and not in a positive way, with all the vulnerabilities there are in your code."
"The price of Veracode Static Analysis could improve."
"Compared to other similar products, the licensing and pricing are definitely competitive. If you see Checkmarx as the market leader, then we are talking about Veracode being a fraction of the cost. You also have to consider your hidden costs: you need a team to maintain it, a server, and resources. From that point of view, Veracode is great because the cost is really a fraction of many competitors."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
800,688 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
14%
Manufacturing Company
13%
Government
8%
Financial Services Firm
18%
Computer Software Company
16%
Manufacturing Company
9%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Synopsys Code Dx?
The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartne...
See all answers
What is your experience regarding pricing and costs for Synopsys Code Dx?
I would rate the pricing model an eight out of ten, where one is low and ten is high. Because it is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's n...
See all answers
What needs improvement with Synopsys Code Dx?
Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer migh...
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
What do you like most about Veracode?
The SAST and DAST modules are great.
See all answers
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
See all answers
 

Comparisons

Checkmarx One vs Synopsys Software Risk Manager Logo
Checkmarx One vs Synopsys Software Risk Manager
Compared 28% of the time
SonarQube vs Synopsys Software Risk Manager Logo
SonarQube vs Synopsys Software Risk Manager
Compared 11% of the time
Coverity vs Synopsys Software Risk Manager Logo
Coverity vs Synopsys Software Risk Manager
Compared 7% of the time
More Synopsys Software Risk Manager Competitors
SonarQube vs Veracode Logo
SonarQube vs Veracode
Compared 24% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 13% of the time
Fortify on Demand vs Veracode Logo
Fortify on Demand vs Veracode
Compared 7% of the time
Snyk vs Veracode Logo
Snyk vs Veracode
Compared 6% of the time
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
Compared 4% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
Application Security Posture Management (ASPM)
August 2024
Synopsys Software Risk Manager reportDownload Synopsys Software Risk Manager product report
Buyer's Guide
Veracode
August 2024
Veracode reportDownload Veracode product report
 

Also Known As

Code Dx
Crashtest Security , Veracode Detect
 

Learn More

Synopsys
Veracode
 

Overview

Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

 

Sample Customers

Discover why companies like: CGI said, "Synopsys and Software Risk Manager have provided the results we’re looking for".
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
Static Application Security Testing (SAST)
August 2024
Download Free Report
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: August 2024.
DOWNLOAD NOW
800,688 professionals have used our research since 2012.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.