Likelihood to Recommend It provides a cloud-based integrated development environment that integrates with other IBM Cloud services to provide a streamlined development workflow. This includes real-time collaboration and code sharing capabilities, making it easy for teams to work together on projects. This feature is very useful for our app to maintain the code
Read full review Veracode is good at identifying flaws that does not adhere to the OWASP top 10 security controls. Therefore, a Junior developer could produce code and flaws will be caught. There is also the software composition analysis that provided a view into third-party dependencies. Veracode may not be suited in cases where you need to have your scan results in a short amount of time.
Read full review Pros It contains the deployment templates which are much more time saving and is of great use. This has the integration of the Cloud applications which makes the work much more convenient. This is flexible when it comes to development, deployment, and delivery. [It] also has a much more reasonable pricing. Provides space for the data storage. [IBM Cloud Developer Tools] also can support many useful tools. Read full review Veracode's static code analysis platform provides in-depth information as well as very useful suggestions regarding mitigation for flaws it discovers. This is very helpful in assisting developers towards a speedy and complete mitigation. Veracode does well to keep connected with their customers, ensuring the success of their customers on their platform is evidently one of their goals which they hold highly. This responsiveness continues into their technical support which is both helpful and fast to respond. Veracode continues to update their platforms, their capabilities, and their research often; the promise of continuous improvement from all facets provides value to us as an organization. Read full review Cons Its price is quite high and this made it unsuitable for us as we cannot afford such high rates. Its Setup takes much longer time and this is frustrating. Its interface needs to be improved and easy even for the Newbies. Read full review MPT Results should be segmented from DAST/SAST results. MPT Reports should include more information on scoping and testing dates as generally provided by accounting firms conducting similar tests. Vulnerability readouts should not be so hidden in the platform (It shouldn't take as many clicks to get to and view). Read full review Likelihood to Renew It's a great platform to develop, run, test and deploy the applications easily. And it makes very easier and secure the implementation of continuous delivery process. For first time and experts also can use this service so easily. Great service provided by the IBM Cloud Continuous Service. There are more services that helps a lot to work on it. Thanks a lot.
Read full review At this time, and we just renewed a month ago, I dont see any products out there overall that can offer what Veracode does. Yes, its not cheap by any means, but for the money its the best application security scanning tool out there.
Read full review Usability Nothing special to say : the UX is clear and simple.
Read full review - Almost no setup required and easy to configure - Very easy to use, intuitive UI with integrated analytics and learning portals. - Seamless to review the results, triage them, generate reports. - Security progression of the product/application is tracked via successive scans. - Privileges/Roles nicely fine grained and tightly controlled to let teams "view" only their products.
Read full review Reliability and Availability Veracode has always been up and available to us.
Read full review Performance At this point, it runs well and mostly in a timely fashion. Dynamic scans take days but this may be a config issue still to be resolved.
Read full review Support Rating In more than a year using the IBM Cloud Continuous Delivery tool, I haven't had any major complaints or problems. However, in the last month, IBM suffered from a couple of problems through several of its services, and for a short period of time, I couldn't deploy successfully my projects. The problem was brief and was quickly fixed.
Read full review Overall, Veracode support is helpful, community support is great, and documentation is available for self-service. Our Customer Success Manager is very helpful and reaches out regularly to see if we need assistance. We have not utilized many of the other resources offered by Veracode, however, in the future we would like to leverage secure coding training for our Development teams.
Read full review Implementation Rating We use it as a SAS service, so really just getting our teams to mold the use of Veracode into their SDLC has been a process of years in the making. It comes down to what your teams are ready and willing to accept and change. Management is key in getting their groups on board with using it regularly. If it doesnt have management backing, your security teams have little to no influence in getting this process off the ground fully.
Read full review Alternatives Considered We chose IBM Cloud Developer Tools for multiple reasons. Cost, current infrastructure vendor list, and Cloud Operations team experience were key driving factors for us. Palo Alto's Prisma Cloud product was slick for sure but we found it more difficult to deploy and integrate with our current environment and applications
Read full review Mend.IO formerly WhiteSource software is a product we used prior to Vericode. It did not have all of the capabilities or depth of Vericode. Additionally, Whitesource did not offer automatic scanning as part of their product and there was no Certification program to speak of.
Read full review Scalability It meets our needs.
Read full review Return on Investment This has made the configuration files much easier to access. Has made the commands more logical as well as easy for use and learning. Contains great AI capabilities The documentation needs improvement. Error received from commands are pretty hard to understand. Read full review Developers are now realizing that security is there to help them, not just the people saying NO. When setting up Veracode integrations we found that Devs really like their IDEs and Repos. It's like a personal choice. However, as a company, it was unwieldy without devoting people to Veracode integrations to have so many so we had to slime the available IDEs to 3 and Repos to 3, just to be able to set up and maintain the integrations. Veracode is paying for itself (though through a different cost category). Our Development costs are going down and releases are getting quicker and more agile. Read full review ScreenShots