Eclipse is a free and open source integrated development environment (IDE).
N/A
Veracode
Score 8.8 out of 10
Mid-Size Companies (51-1,000 employees)
Veracode provides advanced application security solutions, trusted by enterprises to develop and maintain secure software. Its platform identifies exploitable risks, speeds up vulnerability remediation, and reduces security debt at scale using a proprietary AI-assisted remediation engine.
Veracode is more thorough and provides a wider variety of tools than the competition. Support is prompt and very eager to make sure we get the help we need as quickly as possible. If Support can't resolve it right away, they will make sure we are connected to one of their …
Checkmarx and Veracode have a few common points and some features which are different. Checkmarx UI is more user-friendly, but the level of detailing in Veracode reports is better. Veracode is a good choice for static analysis of code. if the user interface can be made smoother …
As the developer, not the business stakeholder, I did not select Veracode specifically. However, after using the application I believe it was the right choice. Veracode is thorough in its analyses, in its database of flaws, in its methodology of uncovering vulnerabilities, and …
These are not like Veracode, but things that we use in addition to Veracode to make sure we reduce our vulnerabilities, not only in our application but also in the dependencies that we add to our application.
I think that if someone asked me for an IDE for Java programming, I would definitely recommend Eclipse as is one of the most complete solutions for this language out there. If the main programming language of that person is not Java, I don't think Eclipse would suit his needs[.]
Veracode is well suited for development applications that can be made more secure right from the beginning. There is an excellent extension in Visual Studio that scans code from the IDE. However, it is less appropriate or incompatible with scanning SOAP or WSDL APIs. It supports only REST APIs.
Veracode performs Static Application Security Testing (SAST) very well by finding flaws in the code using entry points so that it tests for everything a user can interact with in the application. This approach is very helpful for avoiding a lot of false positives early on.
Veracode performs SCA automatically on every SAST scan, so that we don't have to manually scan the application again for SCA scans.
Veracode integrates very well with the ticketing tools, so that it becomes very easy to track every finding and its status within our ticketing tool.
While the DB integration is broad (many connectors) it isn't particularly deep. So if you need to do serious DB work on (for example) SQL Server, it is sometimes necessary to go directly to the SQL Server Studio. But for general access and manipulation, it is ok.
The syntax formatting is sometimes painful to set up and doesn't always support things well. For example, it doesn't effectively support SCSS.
Using it for remote debugging in a VM works pretty well, but it is difficult to set up and there is no documentation I could find to really explain how to do it. When remote debugging, the editor does not necessarily integrate the remote context. So, for example, things like Pylint don't always find the libraries in the VM and display spurious errors.
The debugging console is not the default, and my choice is never remembered, so every time I restart my program, it's a dialog and several clicks to get it back. The debugging console has the same contextual problems with remote debugging that the editor does.
I love this product, what makes it one of the best tool out in the market is its ability to function with a wide range of languages. The online community support is superb, so you are never stuck on an issue. The customization is endless, you can keep adding plugins or jars for more functionalities as per your requirements. It's Free !!!
At this time, and we just renewed a month ago, I dont see any products out there overall that can offer what Veracode does. Yes, its not cheap by any means, but for the money its the best application security scanning tool out there.
It has everything that the developer needs to do the job. Few things that I have used in my day-to-day development 1. Console output. 2. Software flash functionality supporting multiple JTAG vendors like J-LINK. 3. Debugging capabilities like having a breakpoint, looking at the assembly, looking at the memory etc. this also applies to Embedded boards. 4. Plug-in like CMake, Doxygen and PlantUML are available.
- Almost no setup required and easy to configure - Very easy to use, intuitive UI with integrated analytics and learning portals. - Seamless to review the results, triage them, generate reports. - Security progression of the product/application is tracked via successive scans. - Privileges/Roles nicely fine grained and tightly controlled to let teams "view" only their products.
I gave this rating because Eclipse is an open-source free IDE therefore no support system is available as far as I know. I have to go through other sources to solve my problem which is very tough and annoying. So if you are using Eclipse then you are on your own, as a student, it is not a big issue for me but for developers it is a need.
Overall, Veracode support is helpful, community support is great, and documentation is available for self-service. Our Customer Success Manager is very helpful and reaches out regularly to see if we need assistance. We have not utilized many of the other resources offered by Veracode, however, in the future we would like to leverage secure coding training for our Development teams.
We use it as a SAS service, so really just getting our teams to mold the use of Veracode into their SDLC has been a process of years in the making. It comes down to what your teams are ready and willing to accept and change. Management is key in getting their groups on board with using it regularly. If it doesnt have management backing, your security teams have little to no influence in getting this process off the ground fully.
The installation, adaptability, and ease of usage for Eclipse are pretty high and simple compared to some of the other products. Also, the fact that it is almost a plug and play once the connections are established and once a new user gets the hang of the system comes pretty handy.
Veracode is slower with scan results however the flaws discovered and sites crawled are almost the same. Rapid7 InsightAppSec only does dynamic scans. Veracode did find more links on a site crawl. Rapid7 InsightAppSec has more out of the box reports than Veracode. Both integration to DevOps tools were striaghtforward.
This development environment offers the possibility of improving the productivity time of work teams by supporting the integration of large architectures.
It drives constant change and evolution in work teams thanks to its constant versioning.
It works well enough to develop continuous server client integrations, based on solid or any other programming principle.
Veracode's platform has had a very positive impact on our security posture, paving the path towards having coverage monitored automatically on hundreds of internal applications throughout the development lifecycle.
Veracode's platform has also had a very positive impact on improving the security knowledge of our development team, providing meaningful feedback as well as training options to reduce mitigation time and help to prevent flaws before they are created.
