Likelihood to Recommend This website is well suited for organisations that perform regular security assessments. In particular, external scans and reconnaissance. As an example, I am able to run a report on our Wordpress website to enable me to see whether we are missing any important security updates. We found it to be very useful for training new security analysts, due to the straightforward GUI. You can work on the same projects together to help you to do this. Having it laid out in front of them helps them to understand the concepts much easier than using dozens of different tools to achieve the same goals, and also speeds up training. If you're a personal user it may not be appropriate due to price. If you are a personal user, I would advise using the many open source tools there are that do the same things. The strength of this platform is that it combines them into a single pane of glass, but you can achieve the same things with other tools if necessary. For example, there are many other tools that you could use to run a UDP port scan that do not cost money (EG NMAP)
Read full review Veracode is good at identifying flaws that does not adhere to the OWASP top 10 security controls. Therefore, a Junior developer could produce code and flaws will be caught. There is also the software composition analysis that provided a view into third-party dependencies. Veracode may not be suited in cases where you need to have your scan results in a short amount of time.
Read full review Pros Cheaper than some other platforms Good support Cloud based Integrates well with identity providers Read full review Veracode's static code analysis platform provides in-depth information as well as very useful suggestions regarding mitigation for flaws it discovers. This is very helpful in assisting developers towards a speedy and complete mitigation. Veracode does well to keep connected with their customers, ensuring the success of their customers on their platform is evidently one of their goals which they hold highly. This responsiveness continues into their technical support which is both helpful and fast to respond. Veracode continues to update their platforms, their capabilities, and their research often; the promise of continuous improvement from all facets provides value to us as an organization. Read full review Cons No logging for things like scanning. This means you don't actually know when the scan has failed if you're not immediately on the ball. Reports could look better. It would be good to be able to customise the report with some different styles to suit your company's branding. Could have better tutorials. It may be useful to have a feature similar to Microsoft Secure Score, which compares your organisation to similar ones, so that you have a reference of how secure your environment actually is. Read full review MPT Results should be segmented from DAST/SAST results. MPT Reports should include more information on scoping and testing dates as generally provided by accounting firms conducting similar tests. Vulnerability readouts should not be so hidden in the platform (It shouldn't take as many clicks to get to and view). Read full review Likelihood to Renew At this time, and we just renewed a month ago, I dont see any products out there overall that can offer what Veracode does. Yes, its not cheap by any means, but for the money its the best application security scanning tool out there.
Read full review Usability - Almost no setup required and easy to configure - Very easy to use, intuitive UI with integrated analytics and learning portals. - Seamless to review the results, triage them, generate reports. - Security progression of the product/application is tracked via successive scans. - Privileges/Roles nicely fine grained and tightly controlled to let teams "view" only their products.
Read full review Reliability and Availability Veracode has always been up and available to us.
Read full review Performance At this point, it runs well and mostly in a timely fashion. Dynamic scans take days but this may be a config issue still to be resolved.
Read full review Support Rating Overall, Veracode support is helpful, community support is great, and documentation is available for self-service. Our Customer Success Manager is very helpful and reaches out regularly to see if we need assistance. We have not utilized many of the other resources offered by Veracode, however, in the future we would like to leverage secure coding training for our Development teams.
Read full review Implementation Rating We use it as a SAS service, so really just getting our teams to mold the use of Veracode into their SDLC has been a process of years in the making. It comes down to what your teams are ready and willing to accept and change. Management is key in getting their groups on board with using it regularly. If it doesnt have management backing, your security teams have little to no influence in getting this process off the ground fully.
Read full review Alternatives Considered Offers a great number of tools in one interface, giving you a single pane of glass to work from. Therefore, it's favourable compared to some of these other products, that do similar things but are less intuitive and less easy to use. This makes it not only easier to use, but easier to report results to your customers. Also, although the price point can seem high, once you start adding multiple paid tools that do the same job, there probably isn't a massive amount of difference (if any)
Read full review Mend.IO formerly WhiteSource software is a product we used prior to Vericode. It did not have all of the capabilities or depth of Vericode. Additionally, Whitesource did not offer automatic scanning as part of their product and there was no Certification program to speak of.
Read full review Scalability It meets our needs.
Read full review Return on Investment Price point allows us to sell the solution at an excellent margin Freed up time due to the automated solutions, allowing us to utilise staff better Use from anywhere due to being cloud based Read full review Developers are now realizing that security is there to help them, not just the people saying NO. When setting up Veracode integrations we found that Devs really like their IDEs and Repos. It's like a personal choice. However, as a company, it was unwieldy without devoting people to Veracode integrations to have so many so we had to slime the available IDEs to 3 and Repos to 3, just to be able to set up and maintain the integrations. Veracode is paying for itself (though through a different cost category). Our Development costs are going down and releases are getting quicker and more agile. Read full review ScreenShots Pentest-Tools.com Screenshots