Veracode

Cloud-based application security testing platform with SAST, SCA, DAST, and penetration testing

ToolEnterprise Application SecurityCloud

Pricing: Custom enterprise pricing

Reviewed by the CyberSecTool editorial team against the public sources cited below · Last reviewed February 2026 · How we review listings

What is Veracode?

Veracode is an established application security testing platform that offers SAST, SCA, DAST, and penetration testing through a cloud-based service. Founded in 2006, Veracode pioneered the binary-level SAST approach that analyzes compiled code without requiring access to source code, making it suitable for testing third-party and legacy applications. Veracode provides a centralized platform for managing application security risk across large portfolios, with strong reporting for security program management and compliance.

Best for: Security teams managing application security across large application portfolios, especially when binary analysis of third-party or legacy applications is needed
Pros
  • Binary-level SAST enables testing without source code access
  • Comprehensive platform covering SAST, SCA, DAST, and pen testing
  • Strong application portfolio management and risk scoring
  • Developer security training integrated into the platform
  • Proven track record with nearly two decades in the market
Considerations
  • Binary analysis requires compilation, slowing scan integration in CI/CD
  • Developer experience is less intuitive compared to Snyk's workflow approach
  • Enterprise pricing is not transparent and requires sales engagement
  • Scan upload and processing times can be lengthy for large applications
  • SCA capabilities are less comprehensive than dedicated SCA tools like Snyk

Reported in public reviews and vendor documentation. See sources below.

Key Features

Binary-level SAST without source code access
Software composition analysis for open-source risks
Dynamic application security testing (DAST)
Manual penetration testing services
Application security program management dashboard
Policy-based compliance enforcement
Developer training through Veracode Security Labs
Integration with major CI/CD platforms

Are you Veracode? Improve this listing with screenshots, case studies and more.

Sources & references

Where the information on this listing comes from. Always verify pricing and capabilities against the vendor before a purchasing decision.

Spot an error, or do you represent Veracode? Request a correction.