Name: Veracode
Rating: 4.6 (424 reviews)

Overview

Product Information on Veracode

Updated 13th October 2025

What is Veracode?

Veracode is a software focused on application security, offering tools for static analysis, dynamic analysis, software composition analysis, and manual penetration testing. The software scans code and binaries to identify vulnerabilities, helping organizations improve security throughout the software development lifecycle. It integrates with development environments and DevOps pipelines, enabling continuous security checks and remediation guidance for developers. Veracode addresses business challenges related to secure coding, regulatory compliance, and risk management by providing actionable insights, reporting, and governance features. The software supports a range of programming languages and frameworks, allowing teams to reduce security risks while maintaining development speed and agility.

Overall experience with Veracode

VP, RISK AND COMPLIANCE

<50M USD, Software

FAVORABLE

“Customizable Reporting Valued Despite Difficult Self-Help Navigation And Slow Scans”

4.0

Dec 8, 2025

Veracode is an accepted and respected vendor in our market. Their onboarding team was very helpful and support is responsive. There was a point in time where a bug resulted in extra work on our end while they chased it, which was seemingly mishandled and took longer than expected, which is the reason I cannot give five stars.

CO FOUNDER, PARTNER

<50M USD, Services (non-Government)

CRITICAL

“Veracode Offers Strong SCA Features But Faces Criticism For Cloud-Only Approach”

3.0

Dec 9, 2025

Veracode is a mature appsec testing platform with good SCA capabilities

About Company

Company Description

Veracode is a software security firm focused on identifying flaws and vulnerabilities across all stages of the software development lifecycle. The foundation of Veracode's approach lies in its Software Security Platform, which uses advanced AI algorithms trained on vast datasets of code. This allows for faster and more precise identification and rectification of security flaws. Veracode's mission is to evolve the concept of software security, ensuring it stays aligned with the dynamic needs of today's software development processes.

Company Details

Company type

Private

Year Founded

2006

Head office location

Burlington, United States

Number of employees

501 - 1000

Website

https://veracode.com

Do You Manage Peer Insights at Veracode?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About Veracode

Reviewer Insights for: Veracode

Performance of Veracode Across Market Features

Veracode Likes & Dislikes

UI is intuitive and the reporting options are customizable to give our clients the assurance they are looking for while not oversharing sensitive information.

good TCO with a quote based pricing, may be too expensive for startups. good policy customization

- it allows to perform multiple sandbox scans not affecting the overall compliance status of the project - Veracode has rich UI allowing to analyze and triage the findings - There are great explanations of the findings, including links to the source documents and training materials

Multiple senior level resources required for setup and periodic reviews. The scans can be painfully slow if your team does not take enough time to optimize the binaries for scanning. Self-help resources can be difficult to navigate.

cloud only model (no opn prem), large scans may slow the CI process. expensive. you need to be familiar with the tool in order to operate it well

- lot of false positive findings caused by not considering the overall structure of a project and dependencies; - slow assessment even of a quite small projects; - limited support of Python/JavaScript projects

Top Veracode Alternatives

Peer Discussions

Veracode Reviews and Ratings

Recommended Gartner Insights

<50M USD

Software

Review Source

Customizable Reporting Valued Despite Difficult Self-Help Navigation And Slow Scans

IT OPS SPECIALIST

10B+ USD

Banking

Rich Explanations Provided, But False Positives and Speed Persist as Major Issues

Oct 22, 2025

Veracode does a great job in finding the potential security flaws in code. Yet its limited intelligence on the overall project structure provides a lot of false positive findings. Also its support of the Python/JavaScript projects is quite limited

Software Developer

50M-1B USD

Healthcare and Biotech

Scanning Tool Identifies Specific Code Issues With Minimal False Positives Reported

Mar 3, 2026

Overall experience is an outstanding scanning tool that provides great, very specific issues within the code, while minimizing the number of false positives.

IT SECURITY & RISK MANAGEMENT ASSOCIATE

Travel and Hospitality

Effective Application Security Tool Offering clear Remediation and Strong Reporting

Nov 20, 2025

My overall experience with Veracode has been positive. The platform provides reliable static and dynamic analysis with clear, actionable insights. The reporting dashboard is intuitive, and the remediation guidance is helpful for prioritizing vulnerablities.

Services (non-Government)