Digital.ai Agility vs. Veracode

Scenarios where it works well: 1) Retros can be very well facilitated & notes/action items
can be captured against the sprint. 2) Product Owner can effectively track the story
progress with all the test-cases, design etc. 3) Being good scaling support, it provides good visibility
across multiple teams, programs and agile portfolios, providing a centralized
environment where all our stakeholders can easily work together regardless of location. 4) It provides easy tracking all of your epics,
stories, themes, defects, tasks, tests and issues 5) I like its intuitive UI as for moving stories
around, burning hours. 6) It allows top leadership to visualize
and report their strategic plans, giving all stakeholders the relevant data
that they need to stay dedicated to the project priorities. 7) It can be easily integrated with slack
so for few teams we used slack for collaboration Scenarios where it did not work well: 1) Test Management need improvement in
terms of tracking tests, team had hard time tracking regression test cases. 2) Version one comes with lot of features like
Rally but here we don’t get customizations which is there in Jira where from workflow
to issue everything can be customized based on your team/program/portfolio
requirements. 3) Lot of navigation to access basic
stuff. Example I want to go to bug attachment , there are lt of clicks &
navigation need to do which should be pretty straightforward I feel.

Incentivized

Veracode is well suited for development applications that can be made more secure right from the beginning. There is an excellent extension in Visual Studio that scans code from the IDE. However, it is less appropriate or incompatible with scanning SOAP or WSDL APIs. It supports only REST APIs.

Incentivized

• Automated saving of changes, no records can be lost because all items are saved in real-time.
• The watch function, optional but beneficial when managing multiple teams or projects.

Incentivized

• Veracode performs Static Application Security Testing (SAST) very well by finding flaws in the code using entry points so that it tests for everything a user can interact with in the application. This approach is very helpful for avoiding a lot of false positives early on.
• Veracode performs SCA automatically on every SAST scan, so that we don't have to manually scan the application again for SCA scans.
• Veracode integrates very well with the ticketing tools, so that it becomes very easy to track every finding and its status within our ticketing tool.

Incentivized

• Although Digital.ai Agility supports customizations, they can be somewhat cumbersome to set up and maintain
• The Analytics engine's user experience for digging into the data does not have the same feel as the rest of the system and, as a result, can be hard to work with

Incentivized

• Scan results stability: from one scan to another, additional flaws appear whereas code did not change.
• Entry points selection: hard to be sure selection is optimal, should be automatized or hidden.
• Branches management: we currently use sandboxes to scan different branches of our software. Would be good to have real branches management.

Incentivized

At this time, and we just renewed a month ago, I dont see any products out there overall that can offer what Veracode does. Yes, its not cheap by any means, but for the money its the best application security scanning tool out there.

Incentivized

- Almost no setup required and easy to configure - Very easy to use, intuitive UI with integrated analytics and learning portals. - Seamless to review the results, triage them, generate reports. - Security progression of the product/application is tracked via successive scans. - Privileges/Roles nicely fine grained and tightly controlled to let teams "view" only their products.

Incentivized

Veracode has always been up and available to us.

Incentivized

At this point, it runs well and mostly in a timely fashion. Dynamic scans take days but this may be a config issue still to be resolved.

Incentivized

VersionOne provides outstanding training. They have Product Owner training that I recommend every Product Owner attend. They have scrum master training and other agile training that was well worth the money paid because it made the teams more productive. And the support for the tool is incredible. These people live and breathe Agile and are evangelists and enthusiasts.

Incentivized

Overall, Veracode support is helpful, community support is great, and documentation is available for self-service. Our Customer Success Manager is very helpful and reaches out regularly to see if we need assistance. We have not utilized many of the other resources offered by Veracode, however, in the future we would like to leverage secure coding training for our Development teams.

Incentivized

We use it as a SAS service, so really just getting our teams to mold the use of Veracode into their SDLC has been a process of years in the making. It comes down to what your teams are ready and willing to accept and change. Management is key in getting their groups on board with using it regularly. If it doesnt have management backing, your security teams have little to no influence in getting this process off the ground fully.

Incentivized

JIRA appears to be more extensible with the ability for Scrum, Kanban, bug/incident tracking, and the ability to customize dashboards. However, VersionOne's performance over the same teams is extremely fast in comparison and therefore allows users to be more productive over the same amount of time.

Incentivized

Veracode is slower with scan results however the flaws discovered and sites crawled are almost the same. Rapid7 InsightAppSec only does dynamic scans. Veracode did find more links on a site crawl. Rapid7 InsightAppSec has more out of the box reports than Veracode. Both integration to DevOps tools were striaghtforward.

Incentivized

It meets our needs.

Incentivized

• It has made it easier to implement Agile processes. Since our team is fairly new to Agile, this has been extremely helpful.
• Our organization is quickly growing, and V1 has made it easier for new hires to look at everything that our team has in the works.

Incentivized

• Veracode's platform has had a very positive impact on our security posture, paving the path towards having coverage monitored automatically on hundreds of internal applications throughout the development lifecycle.
• Veracode's platform has also had a very positive impact on improving the security knowledge of our development team, providing meaningful feedback as well as training options to reduce mitigation time and help to prevent flaws before they are created.

Incentivized