Veracode
How does Fluid Attacks' solution compare to Veracode's? The following comparison table enables you to
discern the performance of both providers across various attributes essential for meeting your company’s
cybersecurity needs. To better understand each attribute, read their descriptions in the dedicated page.
Organization
|
Attribute
|
Essential
|
Advanced
|
Veracode
|
|
Focus
|
|||
|
Extras
|
None
|
None
|
|
|
Headcount
|
547 | ||
|
Headcount distribution
|
|||
|
Headcount growth
|
|||
|
Headquarters
|
|||
|
Countries
|
UK and US | ||
|
Reputation
|
Same
|
||
|
Followers
|
Same
|
||
|
Research firms
|
None
|
None
|
|
|
Founded
|
2001 | ||
|
Funding
|
Bootstrapped
|
Same
|
|
|
Acquisitions
|
None
|
None
|
Acquired 0 times and made 5 acquisitions
|
|
Revenue
|
|||
|
CVE
|
0 CVEs reported to MITRE
|
||
|
Compliance
|
SOC 2 Type II and SOC 3 |
||
|
Bug bounty
|
No
|
||
|
Visits
|
|||
|
Authority
|
|||
|
Vulnerability database
|
|||
|
Content
|
|||
|
Knowledge base
|
13 KB sections, 6 in common and 7
additional
|
7 KB sections, 6 in common and 1 additional | |
|
Community
|
|||
|
Sync training
|
1 workshop
|
No
|
|
|
Async training
|
3 product use courses, all free
|
Security education platform with 55 courses (subscription-based)
and 58 security education courses (subscription-based)
|
|
|
Distribution
|
Same
|
||
| Marketplaces | AWS and Azure | ||
|
Freemium
|
No
|
No
|
No
|
|
Free trial
|
|||
|
Demo
|
|||
|
Open Demo
|
No
|
No
|
No
|
|
Pricing
|
|||
|
Pricing tiers
|
1 plan
|
1 plan
|
3 plans (SAST, DAST, SCA). None
transparent.
|
|
Minimum term
|
|||
|
Minimum payment period
|
|||
|
Minimum capabilities
|
SAST | ||
|
Minimum scope
|
1 author
|
No information available
|
|
|
Pricing drivers
|
Authors and techniques
|
||
|
Minimum monthly payment
|
No information available
|
||
|
Free implementation
|
|||
|
Free support
|
Service
|
Attribute
|
Essential
|
Advanced
|
Veracode
|
|
PTaaS
|
No
|
||
|
Reverse engineering
|
No
|
Yes | |
|
Secure code review
|
No
|
No
information available
|
|
|
Pivoting
|
No
|
||
|
Exploitation
|
No
|
||
|
Manual reattacks
|
Not applicable
|
1 reattack
|
|
|
Zero-day
vulnerabilities
|
None
|
Continuous zero-day vulnerability research
|
|
|
SLA
|
Availability | ||
|
Min availability
|
>=99.95% per minute LTM
|
>=99% per month
|
|
|
After-sale guarantees
|
No
|
Yes
|
No
|
|
Accreditations
|
|||
|
Hacker certifications
|
Not
applicable
|
||
|
Type of contract
|
Employee
|
Same
|
|
|
Endpoint control
|
Not applicable
|
Total
|
No information available
|
|
Channel control
|
Not applicable
|
Total
|
No information available
|
|
Standards
|
Some requirements from 67 standards,
27 in common and 40 additional
|
All
requirements from the same standards
|
|
|
Detection method
|
|||
|
False positives
|
36.03 times better
|
56.67 times better
|
1.64% F0.5 score per quantity
|
|
False negatives
|
64.59 times better
|
185.73 times better
|
0.41% F2.0 score per severity
|
|
Remediation
|
5, 3
in common and 2 additional
|
Same,
plus 1
|
3, all in common
|
|
Outputs
|
5,
4 in common and 1 additional
|
Same, plus 2
|
5, 4 in
common and 1 additional
|
Product
|
Attribute
|
Essential |
Advanced
|
Veracode
|
|
ASPM
|
|||
|
API
|
|||
|
IDE
|
Same, plus 1 functionality
|
||
|
CLI
|
|||
|
CI/CD
|
|||
|
Vulnerability sources
|
4 sources, 1 in common and 3 additional
|
10 sources, 1 in common and 9 additional
|
|
|
Threat model alignment
|
No
|
||
|
Priority criteria
|
|||
|
Custom prioritization
|
None | ||
|
Scanner origin
|
|||
|
SCA
|
|||
|
AI security
|
No
|
No
|
|
|
Reachability
|
12 languages
|
Yes. No information available
|
|
|
Reachability type
|
No information available
|
||
|
SBOM
|
|||
| Malware detection |
Yes
|
Yes
|
|
|
Autofix on components
|
No
|
No
|
No
|
|
Containers
|
|||
|
Source SAST
(languages)
|
12, 10 in common and 2
additional
|
25, 10 in common and 15
additional
|
|
|
Source
SAST
(frameworks)
|
22, 4 in
common and 18 additional
|
15, 4 in common and 11 additional |
|
|
Custom rules
|
No
|
No
|
Custom rules for SCA
|
|
IaC
|
6, 5 in common and 1 additional
|
4,
2 in common and 2 additional
|
7, all in common
|
|
Binary SAST
|
Same, plus 2 types of binaries
|
||
|
DAST
|
6 attack surface types (only web based), 5 in common and 1 additional |
||
|
API security testing
|
4 types of APIs, 1 in common and 3
additional
|
1 type of API in common
|
|
|
IAST
|
No
|
No
|
No
|
|
CSPM
|
Yes |
No
|
|
|
ASM
|
No
|
No
|
No
|
|
Secrets
|
Same, plus
verify other attack vectors and secrets exploitability
|
||
|
AI
|
3 functions, 1 in
common and 2 additional
|
||
|
MCP
|
No
|
||
|
Open-source
|
Not applicable
|
No
|
|
|
Provisioning as Code
|
No
|
||
|
Deployment
|
|||
| Regions | |||
|
Status
|
|||
|
Incidents
|
Integrations
|
Attribute
|
Essential
|
Advanced
|
Veracode
|
|
SCM
|
6, 4 in common and 2 additional
|
4, all in
common
|
|
|
Binary repositories
|
None
|
None
|
None
|
|
Ticketing
|
3
, all in common
|
7, 3 in common and 4 additional |
|
|
ChatOps
|
None |
None
|
|
|
IDE
|
3, 2 in common and 1 additional
|
6, 2 in common and 4 additional |
|
|
CI/CD
|
21,
10 in common and 11 additional
|
10, all
in common
|
|
|
SCA
|
|||
|
Container
|
|||
|
SAST
|
|||
|
DAST
|
|||
|
IAST
|
None |
None
|
None
|
|
Cloud
|
3, 1 in
common and 2 additional
|
||
|
CSPM
|
None | ||
|
Secrets
|
|||
|
Remediation
|
None
|
None
|
1 |
|
Bug bounty
|
None
|
None
|
None
|
|
Vulnerability management
|
None
|
None
|
|
|
Compliance
|
None
|
None
|
None
|
References were last checked on Nov 24, 2025.
Free trial
Search for vulnerabilities in your apps for free with Fluid
Attacks' automated security testing! Start your 21-day free
trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the
Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.