Veracrypt is source-available, but proprietary. A better solution would be LUKS-encrypted partitions. For single files, gpg-based encryption should work as well.
And having source available, and most important can be compiled from those sources, means can be scrutinized for vulnerabilities by security experts, yes? That sounds good enough for me.