The NodeZero Platform vs Veracode comparison

Read 194 Veracode reviews

233 Views
155 Comparison Views

90% willing to recommend

The NodeZero Platform

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Mar 9, 2025

Veracode and NodeZero Platform are competing in the application security space, with Veracode leading in feature breadth and ease of deployment while NodeZero stands out for its innovative features and ROI advantages.

Features: Veracode offers comprehensive application analysis, development tools integration, and robust security insights. NodeZero Platform provides cutting-edge vulnerability detection, advanced automation capabilities, and a focus on proactive security measures.

Ease of Deployment and Customer Service: Veracode offers seamless cloud deployment and reliable customer service to reduce integration complexity. NodeZero provides rapid deployment and specialized customer service for streamlined setup and configuration.

Pricing and ROI: Veracode has higher upfront costs with sustained long-term returns due to well-integrated workflows. NodeZero offers competitive pricing with lower initial costs, providing accelerated ROI through automation and efficiency.

To learn more, read our detailed Penetration Testing Services Report (Updated: March 2025).

Penetration Testing Services

Download the complete report

Helped 845,406 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

The NodeZero Platform

Ranking in Penetration Testing Services

5th

Average Rating

5.0

Reviews Sentiment

6.3

Number of Reviews

Ranking in other categories

Vulnerability Management (43rd), Breach and Attack Simulation (BAS) (5th)

Veracode

Ranking in Penetration Testing Services

4th

Average Rating

8.2

Reviews Sentiment

7.0

Number of Reviews

194

Ranking in other categories

Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Container Security (5th), Software Composition Analysis (SCA) (2nd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (1st)

Mindshare comparison

As of April 2025, in the Penetration Testing Services category, the mindshare of The NodeZero Platform is 14.4%, up from 10.3% compared to the previous year. The mindshare of Veracode is 1.9%, down from 2.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Penetration Testing Services

Featured Reviews

reviewer2331969

Director, Engineering at a computer software company with 11-50 employees

Doesn’t identify threats and vulnerabilities, and the reports are quite useless

We run the penetration testing and look at the reports. The reports are quite useless. We are looking for a different product. The tool did not help enhance our organization's cybersecurity posture. The reports had a lot of false positives. They didn't detect anything. The tool didn’t identify any vulnerabilities. The solution must detect threats and vulnerabilities.

Read full review

AkashKhurana

Senior Software Engineer at Publicis Sapient

Easy to configure, stable, and good vulnerability detection

Veracode's ability to prevent vulnerable code from being deployed into production is crucial. Typically, if a dependency we use has security issues or concerns, Veracode suggests upgrading to a more secure version. For example, if we're using a PayPal dependency with version 1.3 and it has a security bug, Veracode suggests upgrading to version 1.4 which fixes the issue. We usually make our project compatible with version 1.4, but sometimes Veracode recommends removing the dependent code altogether and adding the updated dependency from another repository. Veracode provides suggestions for resolving security issues and we implement them in our code after resolving any conflicts. We run the Veracode scan again and if it fails, we do not deploy the code to production. This is critical as it ensures that security issues such as bugs and fixes are addressed. Veracode consistently assists us in identifying security issues in third-party dependencies, while also ensuring the maintenance of code quality. Preventing security bugs and threats in our code improves the overall code quality of our company, which is essential given the significant concerns surrounding security today. Veracode's policy reporting is helpful for ensuring compliance with industry standards and regulations. Veracode's solution plays a major role in achieving compliance, including HIPAA compliance. Without Veracode scans, identifying security threats and third-party dependencies would be a tedious task for DevOps professionals. Veracode provides visibility into the status of our application during every phase of development, including continuous integration and continuous development CI/CD pipeline stages. This includes builds, package creation for deployment, and various enrollment stages such as develop, queue, stage, above, and production enrollment. Prior to each stage, a Veracode scan is run. This can be accessed through Jenkins or the CI/CD pipeline by clicking on the Veracode scan option, which provides a detailed report highlighting any security issues and concerns. Veracode performs statistical analysis, dynamic analysis, software composition analysis, and manual penetration tests throughout our software development life cycle. Veracode scans not only for third-party security issues but also for possible issues in our own code. This occurs in every phase of development, including the SDLC. For example, if we use an encryption algorithm with a private or public key that is easy to decode, Veracode will identify this as an error or warning in the report and suggest using multiple layers of encryption for the keys. The entire CI/CD process is part of DevOps. Therefore, the responsibility of configuring the Veracode tool usually falls on the DevOps professional. It is essential to integrate Veracode with the CI/CD pipeline within the project to ensure it is always incorporated. Whenever there is a priority or mandatory check required before deployment, Veracode should run beforehand. This integration is carried out by our DevSecOps team. Veracode's false positive rate is good, as it helps us identify possible security concerns in our code. In my opinion, it is advisable to run a Veracode scan on all codes. I have worked in the IT industry for five years, and I have observed that Veracode has been implemented in every project I have worked on. If a tool is improving our code quality and providing us with insights into potential security issues, it is always beneficial to use it. The false positive rate boosts our developers' confidence in Veracode when addressing vulnerabilities. Veracode also provides suggestions when there is a security issue with a dependency in version 1.7, prompting us to consider using version 1.8, which does not have security issues. This process involves the developers, and it leaves a positive impression on our managers and clients, demonstrating our commitment to security. We can show them that we were previously using version 1.7 but updated to version 1.8 after identifying the security issue with Veracode's help. Unfortunately, there is no centralized platform to check for network issues or problems with dependencies and versions. Veracode provides a centralized solution where we can scan our project and receive results. Veracode has helped our organization address flaws in our software and automation processes. Its positive impact has been reflected in our ROI, which increased when we started using Veracode. Without Veracode, we would be susceptible to security issues and potential hacking. However, after implementing Veracode scans, we have not encountered any such problems. It is critical for us to use Veracode because we capture sensitive data such as pharmacy information for real-time users, including patient prescriptions and refill schedules. This sensitive data could pose a significant problem if our code or software has security vulnerabilities. Fortunately, Veracode scans allow us to prevent such issues. Veracode has helped our developers save time by providing a solution that eliminates the need to manually check for dependencies or search the internet for information on which dependencies have issues. Instead, Veracode provides a detailed report that identifies the issues and recommends the appropriate version to use. Using Veracode ensures the quality of our code and also saves time for our developers. In my career of five years, Veracode has helped me resolve code issues eight times. Veracode has reduced our SecOps costs by identifying security vulnerabilities in our code. Without Veracode, if we were to go live with these issues, it could result in a breach of our encrypted data, potentially causing significant harm to our organization. This would require significant time and cost to resolve the issue and restore the data. Veracode has improved the quality of our code and reduced the risk of such incidents occurring, thereby minimizing their impact on our organization.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Penetration testing and scans are useful features."

"Overall, I'd rate NodeZero at nine to 9.5 out of ten."

"The static scan is the feature that we use the most, as it gives us insight into our source code. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly."

"It has given our management a view into issues with all of our product lines. We have three products and all of them were scanned. As a result, the project lead for each product has taken measures to improve things."

"The most valuable feature comes from the fact that it is cloud-based, and I can scale up without having to worry about any other infrastructure needs."

"The coverage of backdoors attacks on security that's the most valuable for my clients."

"There are quite a few features that are very reliable, like the newly launched Veracode Pipelines Scan, which is pretty awesome. It supports the synchronous pipeline pretty well. We been using it out of the Jira plugin, and that is fantastic."

"Regarding Software Composition Analysis, an exceptional feature is that during a SAST scan, SCA is seamlessly conducted in the background."

"The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities."

"In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application."

More Veracode pros

Cons

"The reports are quite useless."

"When it comes to the speed of the pipeline scan, one of the things we have found with Veracode is that it's very fast with Java-based applications but a bit slow with C/C++ based applications. So we have implemented the pipeline scan only for Java-based applications not for the C/C++ applications."

"We get some false positives with JavaScript languages like React, TypeScript, and Angular. The problem is rooted in the build process of JavaScript, not the code we are using. This is something we spend lots of time trying to resolve. When we point to a specific library and review that on the code, we can see it is a part of the build that isn't going into production. It's only a part of the build because JavaScript has a different build process."

"There were some additional manual steps or work involved that we should not have needed to do."

"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had."

"One concern is that scans take a long time to run. We scan at the end of the day because we know it will take a lot of time. We leave it to run and the report will be generated by the next day when we arrive. The scanning time could be reduced."

"An area for improvement in Veracode is the time that it takes to scan large projects, as that makes it difficult to fit into our CI/CD pipelines."

"When we scan binary, when we perform binary analysis, it could go faster. That has a lot to do with the essence of scanning binary code, it takes a little bit longer. Certain aspects, depending on what type of code it is, take a little long, especially legacy code."

"There needs to be better API integration to the development team's pipeline, which is something that is missing and needs to be improved."

More Veracode cons

Pricing and Cost Advice

Information not available

"It has good, fair licensing. If the price could depend on the scope of its scanning or the languages supported, then that would be better."

"To my knowledge, licensing for Veracode Static Analysis is paid yearly by my company."

"Veracode is costly. They have different license models for different customers. What we had was based on the amount of code that has been analyzed. The license that we had was capped to a certain amount, for example, 5 Gig. There would be an extra charge for anything above 5 Gig."

"Its pricing is fair."

"The pricing is really fair compared to a lot of other tools on the market."

"Costs are reasonable. No special infrastructure is required and the license model is good."

"The cost of scanning code is cheaper. It's typically $0.50 per line of code. However, it's expensive to run a high-level process that would normally require a human security expert. For example, penetration testing costs about $1,000 per application for penetration testing. The cost of these features may be too high for smaller organizations. On the other hand, Veracode's interactive application security testing is fast and cheaper compared to other software."

"I recommend going for a one-year licensing with CA, because currently they are the leaders in this field with more features and a much better turn around time with a cheaper position, but there are a lot of new companies coming up in the market and they are building up their platforms."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Penetration Testing Services solutions are best for your needs.

See recommendations

845,406 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

University

Manufacturing Company

Computer Software Company

17%

Financial Services Firm

17%

Manufacturing Company

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about Horizon3.ai?

Penetration testing and scans are useful features.

What needs improvement with Horizon3.ai?

What is your primary use case for Horizon3.ai?

The solution is used for penetration testing.

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

What do you like most about Veracode?

The SAST and DAST modules are great.

What is your experience regarding pricing and costs for Veracode?

The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.

Pentera vs The NodeZero Platform

Comparisons

Compared 39% of the time

Tenable Security Center vs The NodeZero Platform

Compared 22% of the time

vPentest vs The NodeZero Platform

Compared 9% of the time

Rapid7 Penetration Testing Services vs The NodeZero Platform

Compared 6% of the time

Tenable Vulnerability Management vs The NodeZero Platform

Compared 5% of the time

More The NodeZero Platform Competitors

SonarQube Server (formerly SonarQube) vs Veracode

Compared 21% of the time

Checkmarx One vs Veracode

Compared 10% of the time

GitHub Advanced Security vs Veracode

Compared 6% of the time

Fortify on Demand vs Veracode

Compared 5% of the time

Snyk vs Veracode

Compared 5% of the time

More Veracode Competitors

Product Reports

Vulnerability Management

Download The NodeZero Platform product report

Download Veracode product report

Also Known As

Horizon3.ai

Crashtest Security , Veracode Detect

Overview

NodeZero Platform empowers businesses with dynamic cybersecurity solutions and innovative threat detection capabilities, enhancing existing security protocols.

NodeZero Platform offers a comprehensive approach to cybersecurity, focusing on real-time threat analysis and risk management. Its advanced features provide users with tools to respond swiftly to threats, ensuring data integrity and security. The platform's intelligent algorithms and user-centric design cater to the needs of informed cybersecurity professionals.

What are the standout features of NodeZero Platform?

Real-time Threat Detection: Allows for immediate identification and neutralization of risks.
Automated Risk Analysis: Simplifies the evaluation of potential threats.
Scalability: Adapts to the growing needs of any organization.
Customizable Alerts: Tailors notifications to specific security requirements.

What benefits can users expect from NodeZero Platform?

Increased Security Efficacy: Enhances threat response times.
Cost Efficiency: Reduces need for extensive manual oversight.
Improved Compliance: Ensures alignment with industry regulations.
Resource Optimization: Allocates cybersecurity focus effectively.

NodeZero Platform's implementation in sectors such as finance and healthcare highlights its versatility and adaptability. Organizations benefit from integrated solutions that address specific industry challenges, providing peace of mind and operational security through advanced threat management and preventative strategies.

Horizon3.ai

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Sample Customers

Information Not Available

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Penetration Testing Services