Beyond Compare vs Veracode

Beyond Compare is extremely good at the task of comparisons, whether that is text file comparisons or folder comparisons. It does a great job of easily highlighting the differences for users, and giving them the option of merging (in the case of text files) or synchronizing (in the case of folders.) In either case, no one on my team has ever had any reason to reach for another different tool.

It's an excellent security application platform, with different integrations that can fit in the SDLC, as the SAAS solution works perfect to quick starts and the integrations are fast and easy to execute, can be implemented in a modular way starting just with training in secure code or can be robust to integrate into all the develop environment

• Folder diffing. It allows you to see differences in deeply nested folder structures.
• File diffing. It allows you to see differences in files no matter their complexity.
• Diffing rules. It allows you to set rules to include/exclude files, folders and lines from your comparison.

• The pipeline scan is a very fast way to scan code and inform developers if a new flaw is introduced by their pull requests.
• Upload & Scan provides an in-depth analysis of the codebase, which features like reporting being made easy.
• SCA Scans help us not only identify the vulnerabilities but also in helping fix them and in identifying if our application is using that part of the vulnerable library or not.
• Veracode is very easy to integrate into the CI/CD pipelines (especially Jenkins)

• For date formatting discrepancies the software does not automatically mark the dates as equivalent; for instance ‘2019/10/15’ vs. ‘15-OCT-2019’. This would be considered a difference.
• The columns/report must be ordered similarly. If extra data is available in one file, it should be removed or extra rows will be marked as differences.
• For spreadsheet comparison, the user must save the file on the proper tab and then “recompare” within the tool. There is no way to switch between sheets in the software.

• Build a ticket management screen into the platform
• Easier integrations to SSO/SAML
• A different method of having API users, they should be either integrated into the team (an API key as part of the team) or at least separate from the regular user area.

At this time, and we just renewed a month ago, I dont see any products out there overall that can offer what Veracode does. Yes, its not cheap by any means, but for the money its the best application security scanning tool out there.

Again, given the intuitive nature of this program, there is barely any learning curve needed. It is simple, reliable, accurate, and just one of those tools you always have with you and rarely think about until you don't have it. Then it is a case of OMG what was I thinking? This program is just very easy to use, and that makes it more valuable to me than some of my other software tools that cost significantly more.

- Almost no setup required and easy to configure - Very easy to use, intuitive UI with integrated analytics and learning portals. - Seamless to review the results, triage them, generate reports. - Security progression of the product/application is tracked via successive scans. - Privileges/Roles nicely fine grained and tightly controlled to let teams "view" only their products.

Veracode has always been up and available to us.

At this point, it runs well and mostly in a timely fashion. Dynamic scans take days but this may be a config issue still to be resolved.

I have never needed support for this product other than learning how to use a new feature I was not familiar with. User forums and user groups that have used this product for their own purposes have always sufficed for anything that I needed help using with the product. Some of the features could be a little better outlined, but overall very easy to use.

In general, I have really grown to appreciate and trust Veracode as a vendor. Support has been good, their MPT testers have been thorough and competent, and their executives have been available and open to my issues. I have had periodic issues making scans work effectively. I can't seem to self-service my way through them. Still, Veracode support people have been able to help get my scans to work and once they are scheduled, things are pretty smooth. The user interface has been rough historically but is getting better.

We use it as a SAS service, so really just getting our teams to mold the use of Veracode into their SDLC has been a process of years in the making. It comes down to what your teams are ready and willing to accept and change. Management is key in getting their groups on board with using it regularly. If it doesnt have management backing, your security teams have little to no influence in getting this process off the ground fully.

We've tried many: Code Compare, Meld, UltraCompare, and WinMerge. None of them have the depth of features and speed to handle the work we throw at Beyond Compare. The multi-tabbed interface allows us to sync multiple servers at the same time. It understands multiple file types, metadata, and encodings. It's the best tool for the job.

I have used SonarQube for code quality and security analysis in the past, but Veracode's Software Composition Analysis analysis makes a big difference in terms of identifying vulnerabilities in dependencies. It would make it a lot easier if the IDE plugin could show the transitive dependency the introduces the vulnerabilities. I'm very pleased [in] Veracode reporting so far.

It meets our needs.

• It's made it quick and easy to compare and synchronize directories when restoring a backup or copying code from one environment to another one.
• There are times when it would be a painstaking task to manually compare or sync two different directories, but BeyondCompare made it a trivial task.

• Veracode's tools can perform in a couple of hours what would take us weeks to do.
• Our customers--rightfully--expect a high degree of security from us.
• It's easy to integrate Veracode into a CI pipeline allowing you to catch flaws while the code changes are fresh in your mind.