Veracode
Cloud-based application security testing platform with SAST, SCA, DAST, and penetration testing
Enterprise Application SecurityCustom enterprise pricing (typically $30K+ annually)
How we work:This listing is aggregated from Veracode's official documentation, public pricing pages, community discussions (Reddit, HN, forums), and real user feedback. We do not do hands-on testing. We aggregate and organize what's already out there. Last verified February 2026.
What is Veracode?
Veracode is an established application security testing platform that offers SAST, SCA, DAST, and penetration testing through a cloud-based service. Founded in 2006, Veracode pioneered the binary-level SAST approach that analyzes compiled code without requiring access to source code, making it suitable for testing third-party and legacy applications. Veracode provides a centralized platform for managing application security risk across large portfolios, with strong reporting for security program management and compliance.
Best for: Security teams managing application security across large application portfolios, especially when binary analysis of third-party or legacy applications is needed
Pros
- ✓ Binary-level SAST enables testing without source code access
- ✓ Comprehensive platform covering SAST, SCA, DAST, and pen testing
- ✓ Strong application portfolio management and risk scoring
- ✓ Developer security training integrated into the platform
- ✓ Proven track record with nearly two decades in the market
Cons
- ✗ Binary analysis requires compilation, slowing scan integration in CI/CD
- ✗ Developer experience is less intuitive compared to Snyk's workflow approach
- ✗ Enterprise pricing is not transparent and requires sales engagement
- ✗ Scan upload and processing times can be lengthy for large applications
- ✗ SCA capabilities are less comprehensive than dedicated SCA tools like Snyk
Key Features
→Binary-level SAST without source code access
→Software composition analysis for open-source risks
→Dynamic application security testing (DAST)
→Manual penetration testing services
→Application security program management dashboard
→Policy-based compliance enforcement
→Developer training through Veracode Security Labs
→Integration with major CI/CD platforms
What People Are Saying
Real discussions and resources from the community.
Quick Info
| Pricing | Custom enterprise pricing (typically $30K+ annually) |
| Model | Enterprise license (application-based) |
| Founded | 2006 |
| Cloud | Yes |
| Self-Hosted | No |
Last updated: Feb 20, 2026
Veracode Alternatives
View All AlternativesSnyk
Developer-first application security platform for finding an...SonarQube
Open-source code quality and security analysis platform with...Checkmarx
Enterprise application security platform with deep SAST, SCA...Semgrep
Lightweight, open-source static analysis with intuitive patt...GitHub Advanced Security
GitHub-native security scanning with CodeQL SAST, secret sca...
Developer-first application security platform for finding an...SonarQube
Open-source code quality and security analysis platform with...Checkmarx
Enterprise application security platform with deep SAST, SCA...Semgrep
Lightweight, open-source static analysis with intuitive patt...GitHub Advanced Security
GitHub-native security scanning with CodeQL SAST, secret sca...