Skip to content
Veracy Advisory Platform
← All tools

Veracode

Enterprise application security platform covering SAST, DAST, SCA, and AI-powered fix recommendations.

Listed Needs re-verification
Security IT Ops $$$ Mid-market Enterprise Technology Financial Services Government Healthcare

What it does

Veracode is an enterprise application security testing platform covering the full spectrum of AppSec - Static Analysis (SAST), Dynamic Analysis (DAST), Software Composition Analysis (SCA) for open-source dependencies, and penetration testing. Its AI capabilities include Veracode Fix, which uses AI to generate code remediation suggestions for identified vulnerabilities directly in the developer's IDE, reducing the time between vulnerability discovery and fix. Veracode is particularly valued in highly regulated industries - financial services, healthcare, and government - where comprehensive AppSec scanning, compliance reporting, and audit-ready evidence of security testing are requirements.

Strengths

  • Mid-market engineering teams with compliance requirements use Veracode for comprehensive AppSec coverage - SAST, DAST, and SCA in one platform with AI fix recommendations reducing developer remediation time.
  • Large enterprises in regulated industries use Veracode as their AppSec standard - comprehensive scanning across the SDLC, compliance reporting for SOC 2 and PCI-DSS, and AI fixes accelerating vulnerability remediation.
  • Veracode is an enterprise application security testing platform covering the full spectrum of AppSec - Static Analysis (SAST), Dynamic Analysis (DAST), Software Composition Analysis (SCA) for open-source dependencies, and penetration testing.

Watch-outs

  • SAST scans can be slow: Veracode's static analysis for large codebases can take hours — organizations with fast CI/CD pipelines often run Veracode scans on a separate schedule rather than blocking every commit.
  • Developer experience lags newer tools: Veracode is effective but less developer-friendly than newer AppSec tools like Snyk — developers often prefer tools that surface findings directly in their IDE and GitHub workflow rather than a separate portal.
  • Pricing is enterprise-level: Veracode's pricing makes it inaccessible for small teams — Snyk or SonarQube serve smaller engineering organizations at significantly lower cost.

Pricing

Veracode does not publish standard pricing. Application security plans are based on lines of code and applications scanned. Mid-market contracts typically start around $20,000 - $50,000 annually. Enterprise contracts negotiated.