We performed a comparison between CAST Highlight and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of CAST Highlight are automation and speed."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"It offers good performance."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"CAST Highlight is easy to use and has a good dashboard."
"The integration with DevOps pipelines is seamless."
"The SAST and DAST modules are great."
"The most valuable feature is the remediation consulting that they give. I feel like any vendor can identify the flaws but fixing the flaws is what is most important. Being able to have those consultation calls, schedule them in the platform, and have that discussion with an applications expert, that process scales well and that is what has allowed a lot more reduction of risk to happen."
"The findings of their security analysis are wonderful. You can easily go through all the analyses done by Veracode. You can see what are the flaws and what could be the best possible resolution to minimize those flaws in the application. When an application is being used by the public, security is a challenge. Veracode helps us to analyze all the security flaws, discrepancies, and vulnerabilities inside the application. It provides good reports."
"We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it."
"When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them."
"We use Veracode static analysis during development to eliminate vulnerability issues"
"The most valuable features of Veracode Static Analysis are its ability to work with GitLab and GitHub so that you can do the reviews and force the code."
"The ease of configuration and customization could be improved in CAST Highlight."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"There's a bit of a learning curve at the outset."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"Veracode's SAST, DAST, and SCA are pretty good with respect to industry standards, but with regard to container security, they are in either beta or alpha testing. They need to get that particular feature up and running so that they take care of the container security part."
"We are testing Veracode's software composition analysis, but we're having trouble integrating it with SVN. It works out of the box when you use Git but doesn't work as well with other tools like SVN. It's more geared toward Git"
"I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity."
"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."
"We have approximately 900 people using the solution. The solution is scalable, but there is a high cost attached to it."
"Another thing I need is continued support for the new languages today that are popular. Most of them are scripting languages more so than real, fourth-generation, commercial grade stuff; we're evolving. Most applications are using so much open-source that, quite frankly, it would be great to see Veracode, or anybody else, extend their platform to where they are able to help secure open-source platforms or repositories."
"Veracode doesn't really help you so much when it comes to fixing things. It is able to find our vulnerabilities but the remediation activities it does provide are not a straight out-of-the-box kind of model. We need to work on remediation and not completely rely on Veracode."
"We use Ruby on Rails and we still don't have any support for that from Veracode."
CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while Veracode is ranked 3rd in Software Composition Analysis (SCA) with 194 reviews. CAST Highlight is rated 7.8, while Veracode is rated 8.2. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". CAST Highlight is most compared with SonarQube, Snyk, Checkmarx One, Black Duck and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our CAST Highlight vs. Veracode report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.