Name: Veracode
Rating: 4.5 (429 reviews)

Overview

Product Information on Veracode

Updated 13th October 2025

What is Veracode?

Veracode is a software focused on application security, offering tools for static analysis, dynamic analysis, software composition analysis, and manual penetration testing. The software scans code and binaries to identify vulnerabilities, helping organizations improve security throughout the software development lifecycle. It integrates with development environments and DevOps pipelines, enabling continuous security checks and remediation guidance for developers. Veracode addresses business challenges related to secure coding, regulatory compliance, and risk management by providing actionable insights, reporting, and governance features. The software supports a range of programming languages and frameworks, allowing teams to reduce security risks while maintaining development speed and agility.

Overall experience with Veracode

Software Developer

250M - 500M USD, IT Services

FAVORABLE

“CI/CD Integration Streamlines Automated Security Testing and Provides Transparency”

5.0

May 13, 2026

Our overall experience with Veracode has been very positive. The platform helps us strengthen application security across multiple stages of development by identifying vulnerabilities early in the SDLC. Integration with CI/CD pipelines makes security testing more efficient and reduces manual efforts for developers. The dashboard and reporting features provide good visibility into security posture and remediation progress. Overall, it has been a reliable and valuable solution for improving secure development practices.

Information Security Specialist

<50M USD, Transportation

CRITICAL

“Flexibility in Integration Noted, Yet Detection Gaps Remain in Veracode”

3.0

May 1, 2026

Veacode for secure code scanning worked as a basic tool that allowed to easily integrate code scanning on repositories and pipelines, lacking some in-depth detection.

About Company

Company Description

Veracode is a software security firm focused on identifying flaws and vulnerabilities across all stages of the software development lifecycle. The foundation of Veracode's approach lies in its Software Security Platform, which uses advanced AI algorithms trained on vast datasets of code. This allows for faster and more precise identification and rectification of security flaws. Veracode's mission is to evolve the concept of software security, ensuring it stays aligned with the dynamic needs of today's software development processes.

Company Details

Company type

Private

Year Founded

2006

Head office location

Burlington, United States

Number of employees

501 - 1000

Website

https://veracode.com

Do You Manage Peer Insights at Veracode?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About Veracode

Reviewer Insights for: Veracode

Performance of Veracode Across Market Features

Veracode Likes & Dislikes

1. Strong static and dynamic application security testing capabilities that help identify vulnerabilities early in the development lifecycle. 2. Easy integration with CI/CD tools and developer workflows, making automated security testing more efficient. 3. Centralized dashboard that provides visibility into application risk, compliance and scan history

It provides flexibility in integration with pipelines and reporting capabilities for the overall landscape of secure coding practices.

1. Detailed reporting and remediation guidance that helps development teams understand and fix issues faster. 2. Reliable software composition analysis features for monitoring open source dependencies and related risks. 3. Strong static and dynamic application security testing capabilities that help identify risks early in the development lifecycle.

1. Initial onboarding and policy configuration can be complex for teams that are new to application security tools. 2. Scan completion time for larger or complex application can sometimes be slower than expected. 3. False positives occasionally require additional manual validation from security

Based on our secure life cycle we perform other testing with different tools and techniques; in multiple cases we found vulnerabilities that were supposed to be detected by veracode and they were not.

1. Licensing and advanced features may feel expensive for smaller organizations with limited budgets. 2. Initial onboarding and policy configuration can be complex for teams that are new to application security tools. 3. Certain reports and dashboards can be more customizable for different stakeholder requirements.

Top Veracode Alternatives

Peer Discussions

Veracode Reviews and Ratings

Recommended Gartner Insights

This service may contain translations provided by Google. Google disclaims all warranties related to the translations, express or implied, including any warranties of accuracy, reliability, and any implied warranties of merchantability, fitness for a particular purpose and noninfringement. Gartner's use of this provider is for operational purposes and does not constitute an endorsement of its products or services.

50M-1B USD

IT Services

Review Source

CI/CD Integration Streamlines Automated Security Testing and Provides Transparency

Engineer

Detailed Reporting and Remediation Guidance Accelerates Issue Resolution for Developers

My overall experience with Veracode has been very positive. The platform helps us strengthen application security across multiple stages of development by identifying issues early in the SDLC. The integration pipeline made security testing more efficient and reduced manual efforts for developers. Overall, it has been a reliable and valuable solution for improving secure development practices.

<50M USD

Transportation

Flexibility in Integration Noted, Yet Detection Gaps Remain in Veracode

IT ASSOCIATE

Integrates Well With CI/CD But Slower Scans for Larger Applications Noted

May 6, 2026

Our experience with Veracode has been very positive as it helps identify vulnerabilities early, integrates well with CI/CD pipelines and provides useful remediation guidance. Reporting and dashboards to improve visibility into application security and compliance tracking. While scan times can occasionally be slow for larger applications, the platform overall is very reliable and very effective for managing application security

Healthcare and Biotech

Scanning Tool Identifies Specific Code Issues With Minimal False Positives Reported

4.0

Mar 3, 2026

Overall experience is an outstanding scanning tool that provides great, very specific issues within the code, while minimizing the number of false positives.