Alternatives to Veracode logo

Alternatives to Veracode

Checkmarx, SonarQube, Black Duck, Qualys, and ShiftLeft are the most popular alternatives and competitors to Veracode.
62
123
+ 1
0

What is Veracode and what are its top alternatives?

It seamlessly integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the lowest-cost point in the development/deployment chain, and blocking threats while in production.
Veracode is a tool in the Code Review category of a tech stack.
Veracode is an open source tool with GitHub stars and GitHub forks. Here’s a link to Veracode's open source repository on GitHub

Top Alternatives to Veracode

  • Checkmarx
    Checkmarx

    It is a provider of state-of-the-art application security solution: static code analysis software, seamlessly integrated into development process. ...

  • SonarQube
    SonarQube

    SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving. ...

  • Black Duck
    Black Duck

    It is a solution that helps development teams manage risks that come with the use of open source. It gives you complete visibility into open source management, combining sophisticated, multi-factor open source detection capabilities with the Black Duck KnowledgeBase. ...

  • Qualys
    Qualys

    Automatically identify all known and unknown assets on your global hybrid-IT—on prem, endpoints, clouds, containers, mobile, OT and IoT—for a complete, categorized inventory, enriched with details such as vendor lifecycle information and much more. ...

  • ShiftLeft
    ShiftLeft

    ShiftLeft CORE provides fast and accurate application security findings built directly into the development workflow. ...

  • ESLint
    ESLint

    A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease. ...

  • OpenSSL
    OpenSSL

    It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. ...

  • Prettier
    Prettier

    Prettier is an opinionated code formatter. It enforces a consistent style by parsing your code and re-printing it with its own rules that take the maximum line length into account, wrapping code when necessary. ...

Veracode alternatives & related posts

Checkmarx logo

Checkmarx

80
133
0
Unify your application security into a single platform
80
133
+ 1
0
PROS OF CHECKMARX
    Be the first to leave a pro
    CONS OF CHECKMARX
      Be the first to leave a con

      related Checkmarx posts

      SonarQube logo

      SonarQube

      1.8K
      2K
      52
      Continuous Code Quality
      1.8K
      2K
      + 1
      52
      PROS OF SONARQUBE
      • 26
        Tracks code complexity and smell trends
      • 16
        IDE Integration
      • 9
        Complete code Review
      • 1
        Difficult to deploy
      CONS OF SONARQUBE
      • 7
        Sales process is long and unfriendly
      • 7
        Paid support is poor, techs arrogant and unhelpful
      • 1
        Does not integrate with Snyk

      related SonarQube posts

      Simon Reymann
      Senior Fullstack Developer at QUANTUSflow Software GmbH · | 30 upvotes · 8.9M views

      Our whole DevOps stack consists of the following tools:

      • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
      • Respectively Git as revision control system
      • SourceTree as Git GUI
      • Visual Studio Code as IDE
      • CircleCI for continuous integration (automatize development process)
      • Prettier / TSLint / ESLint as code linter
      • SonarQube as quality gate
      • Docker as container management (incl. Docker Compose for multi-container application management)
      • VirtualBox for operating system simulation tests
      • Kubernetes as cluster management for docker containers
      • Heroku for deploying in test environments
      • nginx as web server (preferably used as facade server in production environment)
      • SSLMate (using OpenSSL) for certificate management
      • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
      • PostgreSQL as preferred database system
      • Redis as preferred in-memory database/store (great for caching)

      The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

      • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
      • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
      • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
      • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
      • Scalability: All-in-one framework for distributed systems.
      • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
      See more
      Ganesa Vijayakumar
      Full Stack Coder | Technical Lead · | 19 upvotes · 4.4M views

      I'm planning to create a web application and also a mobile application to provide a very good shopping experience to the end customers. Shortly, my application will be aggregate the product details from difference sources and giving a clear picture to the user that when and where to buy that product with best in Quality and cost.

      I have planned to develop this in many milestones for adding N number of features and I have picked my first part to complete the core part (aggregate the product details from different sources).

      As per my work experience and knowledge, I have chosen the followings stacks to this mission.

      UI: I would like to develop this application using React, React Router and React Native since I'm a little bit familiar on this and also most importantly these will help on developing both web and mobile apps. In addition, I'm gonna use the stacks JavaScript, jQuery, jQuery UI, jQuery Mobile, Bootstrap wherever required.

      Service: I have planned to use Java as the main business layer language as I have 7+ years of experience on this I believe I can do better work using Java than other languages. In addition, I'm thinking to use the stacks Node.js.

      Database and ORM: I'm gonna pick MySQL as DB and Hibernate as ORM since I have a piece of good knowledge and also work experience on this combination.

      Search Engine: I need to deal with a large amount of product data and it's in-detailed info to provide enough details to end user at the same time I need to focus on the performance area too. so I have decided to use Solr as a search engine for product search and suggestions. In addition, I'm thinking to replace Solr by Elasticsearch once explored/reviewed enough about Elasticsearch.

      Host: As of now, my plan to complete the application with decent features first and deploy it in a free hosting environment like Docker and Heroku and then once it is stable then I have planned to use the AWS products Amazon S3, EC2, Amazon RDS and Amazon Route 53. I'm not sure about Microsoft Azure that what is the specialty in it than Heroku and Amazon EC2 Container Service. Anyhow, I will do explore these once again and pick the best suite one for my requirement once I reached this level.

      Build and Repositories: I have decided to choose Apache Maven and Git as these are my favorites and also so popular on respectively build and repositories.

      Additional Utilities :) - I would like to choose Codacy for code review as their Startup plan will be very helpful to this application. I'm already experienced with Google CheckStyle and SonarQube even I'm looking something on Codacy.

      Happy Coding! Suggestions are welcome! :)

      Thanks, Ganesa

      See more
      Black Duck logo

      Black Duck

      46
      114
      0
      Open Source Security & License tracking
      46
      114
      + 1
      0
      PROS OF BLACK DUCK
        Be the first to leave a pro
        CONS OF BLACK DUCK
          Be the first to leave a con

          related Black Duck posts

          Shared insights
          on
          VeracodeVeracodeBlack DuckBlack Duck

          Hi Everyone, I am using Black Duck for my project...I need some advantages on Blackduck as compared to Veracode and other tools..... I don't have any idea about other tools, So I am not able to compare practically.. Please help me.

          See more
          Shared insights
          on
          SonarQubeSonarQubeBlack DuckBlack Duck

          Is it possible to integrate Black Duck, SonarQube and Coverity with Fortify SSC?

          See more
          Qualys logo

          Qualys

          28
          42
          0
          Information Security and Compliance
          28
          42
          + 1
          0
          PROS OF QUALYS
            Be the first to leave a pro
            CONS OF QUALYS
              Be the first to leave a con

              related Qualys posts

              ShiftLeft logo

              ShiftLeft

              4
              5
              0
              Static code analysis, Secrets detection, Software composition analysis, and Security training in one platform
              4
              5
              + 1
              0
              PROS OF SHIFTLEFT
                Be the first to leave a pro
                CONS OF SHIFTLEFT
                  Be the first to leave a con

                  related ShiftLeft posts

                  ESLint logo

                  ESLint

                  36.6K
                  13.3K
                  28
                  The fully pluggable JavaScript code quality tool
                  36.6K
                  13.3K
                  + 1
                  28
                  PROS OF ESLINT
                  • 8
                    Consistent javascript - opinions don't matter anymore
                  • 6
                    Free
                  • 6
                    IDE Integration
                  • 4
                    Customizable
                  • 2
                    Focuses code review on quality not style
                  • 2
                    Broad ecosystem of support & users
                  CONS OF ESLINT
                    Be the first to leave a con

                    related ESLint posts

                    Simon Reymann
                    Senior Fullstack Developer at QUANTUSflow Software GmbH · | 30 upvotes · 8.9M views

                    Our whole DevOps stack consists of the following tools:

                    • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
                    • Respectively Git as revision control system
                    • SourceTree as Git GUI
                    • Visual Studio Code as IDE
                    • CircleCI for continuous integration (automatize development process)
                    • Prettier / TSLint / ESLint as code linter
                    • SonarQube as quality gate
                    • Docker as container management (incl. Docker Compose for multi-container application management)
                    • VirtualBox for operating system simulation tests
                    • Kubernetes as cluster management for docker containers
                    • Heroku for deploying in test environments
                    • nginx as web server (preferably used as facade server in production environment)
                    • SSLMate (using OpenSSL) for certificate management
                    • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
                    • PostgreSQL as preferred database system
                    • Redis as preferred in-memory database/store (great for caching)

                    The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

                    • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
                    • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
                    • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
                    • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
                    • Scalability: All-in-one framework for distributed systems.
                    • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
                    See more
                    Simon Reymann
                    Senior Fullstack Developer at QUANTUSflow Software GmbH · | 23 upvotes · 4.7M views

                    Our whole Vue.js frontend stack (incl. SSR) consists of the following tools:

                    • Nuxt.js consisting of Vue CLI, Vue Router, vuex, Webpack and Sass (Bundler for HTML5, CSS 3), Babel (Transpiler for JavaScript),
                    • Vue Styleguidist as our style guide and pool of developed Vue.js components
                    • Vuetify as Material Component Framework (for fast app development)
                    • TypeScript as programming language
                    • Apollo / GraphQL (incl. GraphiQL) for data access layer (https://apollo.vuejs.org/)
                    • ESLint, TSLint and Prettier for coding style and code analyzes
                    • Jest as testing framework
                    • Google Fonts and Font Awesome for typography and icon toolkit
                    • NativeScript-Vue for mobile development

                    The main reason we have chosen Vue.js over React and AngularJS is related to the following artifacts:

                    • Empowered HTML. Vue.js has many similar approaches with Angular. This helps to optimize HTML blocks handling with the use of different components.
                    • Detailed documentation. Vue.js has very good documentation which can fasten learning curve for developers.
                    • Adaptability. It provides a rapid switching period from other frameworks. It has similarities with Angular and React in terms of design and architecture.
                    • Awesome integration. Vue.js can be used for both building single-page applications and more difficult web interfaces of apps. Smaller interactive parts can be easily integrated into the existing infrastructure with no negative effect on the entire system.
                    • Large scaling. Vue.js can help to develop pretty large reusable templates.
                    • Tiny size. Vue.js weights around 20KB keeping its speed and flexibility. It allows reaching much better performance in comparison to other frameworks.
                    See more
                    OpenSSL logo

                    OpenSSL

                    13.1K
                    6.8K
                    0
                    Full-featured toolkit for the Transport Layer Security and Secure Sockets Layer protocols
                    13.1K
                    6.8K
                    + 1
                    0
                    PROS OF OPENSSL
                      Be the first to leave a pro
                      CONS OF OPENSSL
                        Be the first to leave a con

                        related OpenSSL posts

                        Simon Reymann
                        Senior Fullstack Developer at QUANTUSflow Software GmbH · | 30 upvotes · 8.9M views

                        Our whole DevOps stack consists of the following tools:

                        • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
                        • Respectively Git as revision control system
                        • SourceTree as Git GUI
                        • Visual Studio Code as IDE
                        • CircleCI for continuous integration (automatize development process)
                        • Prettier / TSLint / ESLint as code linter
                        • SonarQube as quality gate
                        • Docker as container management (incl. Docker Compose for multi-container application management)
                        • VirtualBox for operating system simulation tests
                        • Kubernetes as cluster management for docker containers
                        • Heroku for deploying in test environments
                        • nginx as web server (preferably used as facade server in production environment)
                        • SSLMate (using OpenSSL) for certificate management
                        • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
                        • PostgreSQL as preferred database system
                        • Redis as preferred in-memory database/store (great for caching)

                        The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

                        • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
                        • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
                        • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
                        • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
                        • Scalability: All-in-one framework for distributed systems.
                        • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
                        See more
                        Prettier logo

                        Prettier

                        11.5K
                        699
                        7
                        Prettier is an opinionated code formatter.
                        11.5K
                        699
                        + 1
                        7
                        PROS OF PRETTIER
                        • 2
                          Customizable
                        • 1
                          Open Source
                        • 1
                          Atom/VSCode package
                        • 1
                          Follows the Ruby Style Guide by default
                        • 1
                          Runs offline
                        • 1
                          Completely free
                        CONS OF PRETTIER
                          Be the first to leave a con

                          related Prettier posts

                          Simon Reymann
                          Senior Fullstack Developer at QUANTUSflow Software GmbH · | 30 upvotes · 8.9M views

                          Our whole DevOps stack consists of the following tools:

                          • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
                          • Respectively Git as revision control system
                          • SourceTree as Git GUI
                          • Visual Studio Code as IDE
                          • CircleCI for continuous integration (automatize development process)
                          • Prettier / TSLint / ESLint as code linter
                          • SonarQube as quality gate
                          • Docker as container management (incl. Docker Compose for multi-container application management)
                          • VirtualBox for operating system simulation tests
                          • Kubernetes as cluster management for docker containers
                          • Heroku for deploying in test environments
                          • nginx as web server (preferably used as facade server in production environment)
                          • SSLMate (using OpenSSL) for certificate management
                          • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
                          • PostgreSQL as preferred database system
                          • Redis as preferred in-memory database/store (great for caching)

                          The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

                          • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
                          • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
                          • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
                          • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
                          • Scalability: All-in-one framework for distributed systems.
                          • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
                          See more
                          Simon Reymann
                          Senior Fullstack Developer at QUANTUSflow Software GmbH · | 23 upvotes · 4.7M views

                          Our whole Vue.js frontend stack (incl. SSR) consists of the following tools:

                          • Nuxt.js consisting of Vue CLI, Vue Router, vuex, Webpack and Sass (Bundler for HTML5, CSS 3), Babel (Transpiler for JavaScript),
                          • Vue Styleguidist as our style guide and pool of developed Vue.js components
                          • Vuetify as Material Component Framework (for fast app development)
                          • TypeScript as programming language
                          • Apollo / GraphQL (incl. GraphiQL) for data access layer (https://apollo.vuejs.org/)
                          • ESLint, TSLint and Prettier for coding style and code analyzes
                          • Jest as testing framework
                          • Google Fonts and Font Awesome for typography and icon toolkit
                          • NativeScript-Vue for mobile development

                          The main reason we have chosen Vue.js over React and AngularJS is related to the following artifacts:

                          • Empowered HTML. Vue.js has many similar approaches with Angular. This helps to optimize HTML blocks handling with the use of different components.
                          • Detailed documentation. Vue.js has very good documentation which can fasten learning curve for developers.
                          • Adaptability. It provides a rapid switching period from other frameworks. It has similarities with Angular and React in terms of design and architecture.
                          • Awesome integration. Vue.js can be used for both building single-page applications and more difficult web interfaces of apps. Smaller interactive parts can be easily integrated into the existing infrastructure with no negative effect on the entire system.
                          • Large scaling. Vue.js can help to develop pretty large reusable templates.
                          • Tiny size. Vue.js weights around 20KB keeping its speed and flexibility. It allows reaching much better performance in comparison to other frameworks.
                          See more