[ad_1]
Veracode provides us with three kinds of scans, namely:
- Static Scans (SAST) – requires source code and integrated into SLDC
at an early stage - Dynamic Scans (DAST) – requires running instance
and integrated towards the end of SLDC - Manual PenTest
- SCA – part of SAST, checks for vulnerabilities in libraries you are using for your project
For more information on the difference between SAST and DAST: https://www.synopsys.com/blogs/software-security/sast-vs-dast-difference/
After researching for a while CheckMarx can be used as an alternative SAST solution to Veracode and it offers SCA just like Veracode too
[ad_2]
solved What are some really good and practical alternatives for Veracode [closed]