Name: Veracode
Rating: 4.5 (426 reviews)

Overview

Product Information on Veracode

Updated 13th October 2025

What is Veracode?

Veracode is a software focused on application security, offering tools for static analysis, dynamic analysis, software composition analysis, and manual penetration testing. The software scans code and binaries to identify vulnerabilities, helping organizations improve security throughout the software development lifecycle. It integrates with development environments and DevOps pipelines, enabling continuous security checks and remediation guidance for developers. Veracode addresses business challenges related to secure coding, regulatory compliance, and risk management by providing actionable insights, reporting, and governance features. The software supports a range of programming languages and frameworks, allowing teams to reduce security risks while maintaining development speed and agility.

Overall experience with Veracode

VP, RISK AND COMPLIANCE

<50M USD, Software

FAVORABLE

“Customizable Reporting Valued Despite Difficult Self-Help Navigation And Slow Scans”

4.0

Dec 8, 2025

Veracode is an accepted and respected vendor in our market. Their onboarding team was very helpful and support is responsive. There was a point in time where a bug resulted in extra work on our end while they chased it, which was seemingly mishandled and took longer than expected, which is the reason I cannot give five stars.

Manager, It Security And Risk Management

50M - 250M USD, Retail

CRITICAL

“Frequent False Positives and Slow Scans Impact Pipeline Efficiency and Usability”

3.0

Apr 24, 2026

It does what it says on the tin for supply chain security but it can be of a heavy lift to manage dat to day. Getting it integrated into Pipelines was fine, but we spend way too much time sifting through vuln reports for dev dependencies that dont actually reach production.

About Company

Company Description

Veracode is a software security firm focused on identifying flaws and vulnerabilities across all stages of the software development lifecycle. The foundation of Veracode's approach lies in its Software Security Platform, which uses advanced AI algorithms trained on vast datasets of code. This allows for faster and more precise identification and rectification of security flaws. Veracode's mission is to evolve the concept of software security, ensuring it stays aligned with the dynamic needs of today's software development processes.

Company Details

Company type

Private

Year Founded

2006

Head office location

Burlington, United States

Number of employees

501 - 1000

Website

https://veracode.com

Do You Manage Peer Insights at Veracode?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About Veracode

Reviewer Insights for: Veracode

Performance of Veracode Across Market Features

Veracode Likes & Dislikes

UI is intuitive and the reporting options are customizable to give our clients the assurance they are looking for while not oversharing sensitive information.

CI/CD integrations- hooking into Github was straightforward, automatically scans pull requests SBOM generation - super easy, few clicks Remediation advice - when it does find a legit CVE in open source package it usually tells the devs exactly which version they need to bump the library too, saves a lot of time there I suppose

Is the ability of finding issue and keeping the false positive percentage low.

Multiple senior level resources required for setup and periodic reviews. The scans can be painfully slow if your team does not take enough time to optimize the binaries for scanning. Self-help resources can be difficult to navigate.

So many false positives - it flags literally every test library and dev dependency, making things look a lot worse than they are Scan times especially on monolithic repos can take ages, slows down merges UI is overwhelming, feels clunky, too much going on and hard to find settings

The UI is confusing at times and trying to fit this into a CICD flow that honors shift left but also reports and collects for released codebase. It isn't always straight forward on the solution

Top Veracode Alternatives

Peer Discussions

Veracode Reviews and Ratings

Recommended Gartner Insights

50M-1B USD

Retail

Review Source

Frequent False Positives and Slow Scans Impact Pipeline Efficiency and Usability

<50M USD

Software

Customizable Reporting Valued Despite Difficult Self-Help Navigation And Slow Scans

Information Security Specialist

Transportation

Flexibility in Integration Noted, Yet Detection Gaps Remain in Veracode

May 1, 2026

Veacode for secure code scanning worked as a basic tool that allowed to easily integrate code scanning on repositories and pipelines, lacking some in-depth detection.

Software Developer

Healthcare and Biotech

Scanning Tool Identifies Specific Code Issues With Minimal False Positives Reported

Mar 3, 2026

Overall experience is an outstanding scanning tool that provides great, very specific issues within the code, while minimizing the number of false positives.

IT SECURITY & RISK MANAGEMENT ASSOCIATE

Travel and Hospitality

Effective Application Security Tool Offering clear Remediation and Strong Reporting

Nov 20, 2025

My overall experience with Veracode has been positive. The platform provides reliable static and dynamic analysis with clear, actionable insights. The reporting dashboard is intuitive, and the remediation guidance is helpful for prioritizing vulnerablities.