Overview
What is Veracode?
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Veracode, a great security tool for everyone
we …
Great In-Depth Analysis of In-House Applications
Thorough scanning engine and flexible reporting tools, so-so CI/CD and alerting
Veracode User Experience
Best in Security
Sleep Soundly - Use Veracode
Veracode SAST review
Veracode to the Rescue!
Great products; + Great price.
Worth the investment
Great DAST and Penetration Testing Platform.
Veracode Security far ahead of competitors
Elevating Security Through Automation and Integration
Vericode Use for Companies ERP Product offerings
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Reviewer Pros & Cons
Video Reviews
1 video
Pricing
What is Veracode?
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
962 people also want pricing
Alternatives Pricing
What is SonarQube?
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.
What is Indusface WAS?
Indusface Web Application Scanner provides an application security audit to detect a range of high-risk Vulnerabilities, Malware, and Critical CVEs.
Product Details
- About
- Integrations
- Competitors
- Tech Details
- Downloadables
- FAQs
What is Veracode?
Veracode is an Application Risk Management solution for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform enables organizations to build and maintain secure software from code creation to cloud deployment. Development and security teams can use Veracode to get actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode offers capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.
Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.
Veracode Features
- Supported: Continuous Scanning to reduce risks at every phase of development - Veracode Static Analysis, Dynamic Analysis, Software Composition Analysis, and Manual Penetration Test throughout SDLC.
- Supported: Developer Experience - Finds and fixes laws in line with security integration into where developers work, automated remediation guidance, and in-context learning.
- Supported: Comprehensive Platform Experience - Streamlined governance, risk and compliance processes through flexible policy management, unified reporting and analytics, and peer benchmarking to mitigate risks fast and deliver a successful DevSecOpsprogram.
- Supported: Market Expansion - Meets data residency needs in EU with cloud-native instance built in Frankfurt, Germany on AWS.
- Supported: Contextual Platform Data - Fine-tuned with nearly 2 decades of scanning and customer learning. Predicts future vulnerabilities with self-healing capabilities through applying machine learning and artificial intelligence to the data.
- Supported: Cloud-native SaaS Architecture - Provides elastic scalability, high performance, and lower costs with cloud-native SaaS architecture.
Veracode Screenshots
Veracode Videos
Watch The Veracode Platform
Veracode Integrations
Veracode Competitors
Veracode Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | North America, EMEA, APAC, LATAM |
Supported Languages | Java, .NET, PHP, Android, iOS, JavaScript, Python |
Veracode Downloadables
Frequently Asked Questions
Veracode Customer Size Distribution
Consumers | 0% |
---|---|
Small Businesses (1-50 employees) | 18% |
Mid-Size Companies (51-500 employees) | 65% |
Enterprises (more than 500 employees) | 17% |
Comparisons
Compare with
Reviews and Ratings
(200)Attribute Ratings
Reviews
(1-25 of 39)Veracode, a great security tool for everyone
we also have an obligation regarding the fix time and we use the dashboards to keep track of it.
- Integrates with any CI CD tool like Jenkins
- Shows result in a simple way using dashboards
- allows mitigations in a clear manner
- Scans fail if another scan is already in progress using the Java CLI
- Module selection is slow to load when it comes to big applications
- Module selection is sometimes not clear on what is scannable and what is not and why
- remediation actions for SCA issue. you can recommend on how to fix it in a clear way and not forcing the user to click many times to understand it.
- PDF & web reports are very well laid out.
- Custom dashboards are very flexible/powerful.
- Flaw remediation suggestions are specific and helpful for most flaws & languages.
- Documentation is clear and detailed.
- Veracode support is excellent.
- Scan times can be long
- Atlassian / Bamboo CICD integration isn't the best
- No alerting functionality when new flaws are found
- No auto rescan functionality
- The web interface is slow
It's probably not as good for smaller companies, where CI/CD is a top priority, or where cost is a concern.
Best in Security
- SCA
- SAST
- Secure Code Training
- Add more labs in Secure Code Labs.
- Supporting perl would be great.
- Better to have standard deployment for all packages in upload and scan.
Sleep Soundly - Use Veracode
- Thorough static scans
- Quick but deep dynamic scans
- Detailed reports
- Excellent consultants
- Initial user training could be better; it's very confusing at first.
- More online help
- The UI can be confusing if you have a lot of different products.
Great products; + Great price.
- Static Scan
- Dynamic Scan
- Manual PEN testing
- Open source scans with Software Composition Analysis
- Dynamic DAST fails every once in a while and creates problems during release completion.
Veracode Security far ahead of competitors
- IDE Integration
- SCA
- SAST
- Plug-in pipeline
- CI/CD
- Pull requests
Vericode Use for Companies ERP Product offerings
- Automated scanning of software libraries for vulnerabilities
- Management of multiple application, statuses and helps on security remediation
- Vericode Verified program to leverage the security investment as competitive advantage
- The time it takes to scan large projects makes it difficult to fit into our CI/CD/pipeline
- One of our app scans times out after 2 hours and we have to upload it and scan manually but there is no visibility the CI system has as to vulnerabilities found
- Integration with older development languages to scan. We have old 4GL based application that is not compatible with the tools
- Monitoring software development infrastructure.
- Prevention of security threats.
- Provision of intelligent security information.
- The features are awesome.
- I have familiarized with al the set features.
- The overall performance is good.
Excellent Code Security Scanning Cloud Service
- Static scans
- User Interface
- Results of scans with detailed descriptions of what the issue is and how to potentially fix it
- The time to complete a static scan
Veracode - Save software and superb support!
- Customer Service.
- Easy Usability.
- Well Documentation.
- Details on Documentation.
- Customer Communication for Appointments.
- Double checking the security of our code
- Integrating into our CI/CD process to help us catch and resolve new flaws
- Helping us maintain our compliance
- The documentation could really use some work
- I am skeptical of the thoroughness of the scans on newer languages and frameworks
- The scan takes too long
- The IDE tools leave much to be desired
- Too many false positives
The manual penetration test is very useful to have in addition to the flaw identification algorithm.
Due to the lengthy amount of time it takes to scan, it's not useful for testing every commit.
The Visual Studio extension to not make it easy for developers in day-to-day programming
Veracode helps to improve the security in applications
- SAST analysis in the pipeline it's very quick and helps to identify flaws
- Third party libraries analysis it's effective to review vulnerabilities and recommend a secure version
- Integration in the pipeline with various DevSecops Tools/Platforms
- More coverage in the languages/frameworks
- The crawl script for SAST analysis could be improved to support more functions
- More coverage for different versions of the IDEs
- Identifying security weaknesses & flaws within our software
Perfect SAST Scanner
- Unlimited scans means not having to worry about scan priority and order, etc.
- Because it scans everything and you have the ability to select the types that matter, it always gives a full picture of your vulnerabilities.
- IDE scans can be limited to selected vuln types instead of everything.
You don't need a security team anymore!
- The pipeline scan is a very fast way to scan code and inform developers if a new flaw is introduced by their pull requests.
- Upload & Scan provides an in-depth analysis of the codebase, which features like reporting being made easy.
- SCA Scans help us not only identify the vulnerabilities but also in helping fix them and in identifying if our application is using that part of the vulnerable library or not.
- Veracode is very easy to integrate into the CI/CD pipelines (especially Jenkins)
- It was very difficult for me to navigate around on their Dashboard. There's certainly room to improve on that and make it more intuitive.
- The Agent-based SCA scan can have a feature for adding a baseline file (like Pipeline Scan)
Help us build Secure code and drive your development teams towards best secure code practices
- Identify Vulnerabilities
- Great Developer Support and Training
- Automatic Identification Third party code.
- Multiple Scanning options Portal, IDE, CI Pipelines
- Web Analysis portal has minor learning curve.
- Improve the login timeout
- Any improvements in Scanning speeds would be helpful
- A modern UI design would be good.
- helps us to find out issues in code, majorly sql injections and untrusted initialization
- Support is really very helpful
- Plug-ins are helpful
- Easy to integrate in CI/CD pipeline
- Easy to use in IDE
- Sometime it's hard to resolve problems, the way Veracode expected
- Not able to find support videos/links for full project scans of other languages, the way they are available for .net
Veracode Rocks!
- Static analysis of applications helps in managing risks[.]
- Software composition analysis scan helps us in managing risks introduced through [third-party] libraries[.]
- Recommendations for fixing the issues and exact code location is provided[.]
- It is super easy to reach customer support and they have been able to resolve our queries with half an hour consultation calls[.]
- The website definitely can be faster. Navigating through several pages eats up a whole lot of time.
Veracode is the best SAST/DAST tool in the market as of today
- Super fast CI/CD pipeline scanning.
- BoM when using SCA along with its vulnerabilities and licenses.
- Ease of use and implementation as it's a SaaS.
- Custom policies to break your app's build.
- Pipeline scan sometimes doesn't give you enough debug messages to know what went wrong.
- DAST could have an option to scan APIs using a swagger.json file.
Veracode: Best-in-breed vendor for SAST, DAST & SCA, with enticing additions such as pen testing and developer training
- Static Application Security Testing (SAST).
- Dynamic Application Security Testing (DAST).
- Software Composition Analysis (SCA).
- Patchy usability and intuitiveness of the platform.
- API functionality could be improved.
- Better integration of functionality such as DAST and SCA, which sometimes appear "tacked on" to the core SAST offering.
Very good SAST tool provider
- Great SAST analysis for Java.
- Very professional security consultants.
- Great SAST analysis for Javascripts.
- Easy way to export reports.
- The platform performance (UI) should be improved. Now each action takes a lot of time.
- The SAST analysis for Angular should be improved.
There is room for improvement:
- The UI reacts very slowly and sometimes takes a lot of time till you see the next screen.
- SAST tool should add support in a faster way for new languages like new versions of Angular.
A must-use tool in all CI/CD pipelines
- Static scan.
- Penetration testing.
- Integration with Jenkins.
Veracode Review
- Tools for Continuous integration (Jenkins integration, Pipeline plugin, Agent-based SCA.
- Intuitive interface.
- Great reporting capabilities.
- Great technical support.
- Maybe more connection between tools. E.g. promoting Agent-based SCA scans to a policy. But it is minor inconvenience. Actually we're really pleased with Veracode functionality and tools.
- Less false-positives in scan results as we have to spend time to analyze those issues.
- Sometimes issues that should already be mitigated are appearing in scan results again, which also adds some work to review them again and mitigate.
- Easy to implement.
- Effective and quick.
- Great support team.
- The interface looks slightly outdated. No real complaints.
Helpful tool
- Sophisticated UI
- Integration into CI/CD pipelines
- Informative reports
- Cover more types of vulnerabilities
- Simplify the process of marking
- approving mitigations