Name: Veracode
Rating: 4.5 (432 reviews)

Overview

Product Information on Veracode

Updated 13th October 2025

What is Veracode?

Veracode is a software focused on application security, offering tools for static analysis, dynamic analysis, software composition analysis, and manual penetration testing. The software scans code and binaries to identify vulnerabilities, helping organizations improve security throughout the software development lifecycle. It integrates with development environments and DevOps pipelines, enabling continuous security checks and remediation guidance for developers. Veracode addresses business challenges related to secure coding, regulatory compliance, and risk management by providing actionable insights, reporting, and governance features. The software supports a range of programming languages and frameworks, allowing teams to reduce security risks while maintaining development speed and agility.

Overall experience with Veracode

Software Developer

250M - 500M USD, IT Services

FAVORABLE

“CI/CD Integration Streamlines Automated Security Testing and Provides Transparency”

5.0

May 13, 2026

Our overall experience with Veracode has been very positive. The platform helps us strengthen application security across multiple stages of development by identifying vulnerabilities early in the SDLC. Integration with CI/CD pipelines makes security testing more efficient and reduces manual efforts for developers. The dashboard and reporting features provide good visibility into security posture and remediation progress. Overall, it has been a reliable and valuable solution for improving secure development practices.

Manager, It Security And Risk Management

50M - 250M USD, Retail

CRITICAL

“Frequent False Positives and Slow Scans Impact Pipeline Efficiency and Usability”

3.0

Apr 24, 2026

It does what it says on the tin for supply chain security but it can be of a heavy lift to manage dat to day. Getting it integrated into Pipelines was fine, but we spend way too much time sifting through vuln reports for dev dependencies that dont actually reach production.

About Company

Company Description

Veracode is a software security firm focused on identifying flaws and vulnerabilities across all stages of the software development lifecycle. The foundation of Veracode's approach lies in its Software Security Platform, which uses advanced AI algorithms trained on vast datasets of code. This allows for faster and more precise identification and rectification of security flaws. Veracode's mission is to evolve the concept of software security, ensuring it stays aligned with the dynamic needs of today's software development processes.

Company Details

Company type

Private

Year Founded

2006

Head office location

Burlington, United States

Number of employees

501 - 1000

Website

https://veracode.com

Do You Manage Peer Insights at Veracode?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About Veracode

Reviewer Insights for: Veracode

Performance of Veracode Across Market Features

Veracode Likes & Dislikes

1. Strong static and dynamic application security testing capabilities that help identify vulnerabilities early in the development lifecycle. 2. Easy integration with CI/CD tools and developer workflows, making automated security testing more efficient. 3. Centralized dashboard that provides visibility into application risk, compliance and scan history

CI/CD integrations- hooking into Github was straightforward, automatically scans pull requests SBOM generation - super easy, few clicks Remediation advice - when it does find a legit CVE in open source package it usually tells the devs exactly which version they need to bump the library too, saves a lot of time there I suppose

1. Detailed reporting and remediation guidance that helps development teams understand and fix issues faster. 2. Reliable software composition analysis features for monitoring open source dependencies and related risks. 3. Strong static and dynamic application security testing capabilities that help identify risks early in the development lifecycle.

1. Initial onboarding and policy configuration can be complex for teams that are new to application security tools. 2. Scan completion time for larger or complex application can sometimes be slower than expected. 3. False positives occasionally require additional manual validation from security

So many false positives - it flags literally every test library and dev dependency, making things look a lot worse than they are Scan times especially on monolithic repos can take ages, slows down merges UI is overwhelming, feels clunky, too much going on and hard to find settings

1. Licensing and advanced features may feel expensive for smaller organizations with limited budgets. 2. Initial onboarding and policy configuration can be complex for teams that are new to application security tools. 3. Certain reports and dashboards can be more customizable for different stakeholder requirements.

Top Veracode Alternatives

4.6

(401 Ratings)

4.8

(321 Ratings)

4.8

(259 Ratings)

View All Alternatives

Peer Discussions

Veracode Reviews and Ratings

4.5

(432 Ratings)

Rating Distribution

5 Star: 67%
4 Star: 27%
3 Star: 4%
2 Star: 1%
1 Star: 0%

Customer Experience

Evaluation & Contracting

4.6

Integration & Deployment

4.5

Service & Support

4.6

Product Capabilities

4.6

Filter Reviews

Sort By:

Most helpful

Last 12 Months

Star Rating

Reviewer Type

Reviewer's Company Size

Reviewer's Industry

Reviewer's Region

Reviewer's Job Function

Manager, It Security And Risk Management
50M-1B USD
Retail
Review Source
Frequent False Positives and Slow Scans Impact Pipeline Efficiency and Usability
3.0
Apr 24, 2026
It does what it says on the tin for supply chain security but it can be of a heavy lift to manage dat to day. Getting it integrated into Pipelines was fine, but we spend way too much time sifting through vuln reports for dev dependencies that dont actually reach production.
Software Developer
50M-1B USD
IT Services
Review Source
CI/CD Integration Streamlines Automated Security Testing and Provides Transparency
5.0
May 13, 2026
Our overall experience with Veracode has been very positive. The platform helps us strengthen application security across multiple stages of development by identifying vulnerabilities early in the SDLC. Integration with CI/CD pipelines makes security testing more efficient and reduces manual efforts for developers. The dashboard and reporting features provide good visibility into security posture and remediation progress. Overall, it has been a reliable and valuable solution for improving secure development practices.
Engineer
50M-1B USD
IT Services
Review Source
Detailed Reporting and Remediation Guidance Accelerates Issue Resolution for Developers
5.0
May 13, 2026
My overall experience with Veracode has been very positive. The platform helps us strengthen application security across multiple stages of development by identifying issues early in the SDLC. The integration pipeline made security testing more efficient and reduced manual efforts for developers. Overall, it has been a reliable and valuable solution for improving secure development practices.
Information Security Specialist
<50M USD
Transportation
Review Source
Flexibility in Integration Noted, Yet Detection Gaps Remain in Veracode
3.0
May 1, 2026
Veacode for secure code scanning worked as a basic tool that allowed to easily integrate code scanning on repositories and pipelines, lacking some in-depth detection.
IT ASSOCIATE
50M-1B USD
IT Services
Review Source
Integrates Well With CI/CD But Slower Scans for Larger Applications Noted
5.0
May 6, 2026
Our experience with Veracode has been very positive as it helps identify vulnerabilities early, integrates well with CI/CD pipelines and provides useful remediation guidance. Reporting and dashboards to improve visibility into application security and compliance tracking. While scan times can occasionally be slow for larger applications, the platform overall is very reliable and very effective for managing application security

...

Showing Result 1-5 of 431

Recommended Gartner Insights

This service may contain translations provided by Google. Google disclaims all warranties related to the translations, express or implied, including any warranties of accuracy, reliability, and any implied warranties of merchantability, fitness for a particular purpose and noninfringement. Gartner's use of this provider is for operational purposes and does not constitute an endorsement of its products or services.

Veracode

Overview

Product Information on Veracode

What is Veracode?

Veracode Pricing

Overall experience with Veracode

“CI/CD Integration Streamlines Automated Security Testing and Provides Transparency”

“Frequent False Positives and Slow Scans Impact Pipeline Efficiency and Usability”

About Company

Company Description

Company Details

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About Veracode

Reviewer Insights for: Veracode

Performance of Veracode Across Market Features

Veracode Likes & Dislikes

Top Veracode Alternatives

1. Checkmarx SAST

2. Fluid Attacks Continuous Hacking

3. Appknox

Peer Discussions

Veracode Reviews and Ratings

4.5

(432 Ratings)

Rating Distribution

Customer Experience

Product Capabilities

Frequent False Positives and Slow Scans Impact Pipeline Efficiency and Usability

CI/CD Integration Streamlines Automated Security Testing and Provides Transparency

Detailed Reporting and Remediation Guidance Accelerates Issue Resolution for Developers

Flexibility in Integration Noted, Yet Detection Gaps Remain in Veracode

Integrates Well With CI/CD But Slower Scans for Larger Applications Noted

Recommended Gartner Insights

User Sentiment About Veracode

Reviewer Insights for: Veracode

Performance of Veracode Across Market Features

Veracode Likes & Dislikes