AuditXYZ

Veracode (Thoma Bravo)

Veracode Review 2026: Pricing, Features, and Verdict

7.7
Score
$15,000+ / per year7 Frameworks8 Integrations
Visit websiteCompare with…
VendorVeracode (Thoma Bravo)
Websitewww.veracode.com
HQBurlington, MA
Founded2006
Employees1000-5000
Pricing$15,000+ / per year
Frameworks
soc-2iso-27001nist-csfpci-dsshipaaowaspgdpr
Integrationsgithub, gitlab, azure-devops, jenkins, jira, slack, servicenow, aws
G2 Rating4.2/5
Gartner Rating4.3/5

Framework Support

soc-2
iso-27001
nist-csf
pci-dss
hipaa
owasp
gdpr

Veracode Review 2026

Veracode is one of the longest-standing application security testing platforms, providing SAST, DAST, and SCA capabilities in a unified platform. With nearly two decades of AppSec experience, Veracode serves enterprise development teams that need comprehensive application security testing with compliance evidence.

What Veracode Does Well

Comprehensive AppSec coverage combines SAST, DAST, and SCA in one platform. This means you can test source code, running applications, and open-source dependencies without managing multiple point tools. The unified view of application risk across all testing types is valuable for security teams.

Language and framework support is extensive. Veracode's SAST engine supports 30+ programming languages, making it suitable for organizations with diverse development stacks.

Compliance evidence is well-documented. Veracode provides detailed reports that map findings to PCI DSS, OWASP, and other standards. The Verified by Veracode program provides third-party attestation of your application security posture.

Where Veracode Falls Short

Developer experience is less seamless than developer-first tools like Snyk. While Veracode has improved IDE integration and CI/CD plugins, the scanning process — particularly SAST — can feel like a separate workflow rather than a natural part of development.

Scan speed for SAST can be slow compared to newer tools. Large applications may take hours to scan, which can bottleneck CI/CD pipelines if not managed carefully.

Pricing transparency is limited. Enterprise pricing requires negotiation, and the cost can be significant for large development organizations.

Pricing

Veracode pricing starts around $15,000/year for smaller teams and scales based on application count, scanning frequency, and module selection. Enterprise pricing requires custom quotes.

The Verdict

Veracode is a proven choice for enterprises that need comprehensive, compliance-oriented application security testing. Developer teams seeking lightweight, fast scanning may prefer newer alternatives.

Need soc-2 help?

By submitting, you agree to our privacy policy.

Compare Veracode Review 2026: Pricing, Features, and Verdict with alternatives

See how Veracode Review 2026: Pricing, Features, and Verdict stacks up against other tools in side-by-side comparisons.

Compare now

More security compliance devsecops tools

Anecdotes Review 2026: Pricing, Features, and Verdict
81
Review of Anecdotes, a compliance OS that aggregates security tool data. Covers the aggregation approach, AI gap analysis, and comparison with Vanta.
View
Aqua Security Review 2026: Pricing, Features, and Verdict
78
Review of Aqua Security, the cloud-native security platform for containers and Kubernetes. Covers image scanning, runtime protection, SBOM, and pricing.
View
Black Duck (Synopsys) Review 2026: Pricing, Features, and Verdict
75
Review of Black Duck by Synopsys, the SCA and open-source governance platform. Covers vulnerability database, license compliance, binary analysis, and pricing.
View
Checkmarx Review 2026: Pricing, Features, and Verdict
78
Review of Checkmarx, the application security and ASPM platform. Covers SAST, SCA, API security, supply chain security, pricing, and alternatives.
View