What users are saying about
<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
Top Rated
121 Ratings

Veracode

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
Top Rated
121 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.8 out of 100

Likelihood to Recommend

Veracode

In my opinion, Veracode should be used [for] all software development projects. There are no scenarios where a project can be less secure or more secure. Secure code should be given as much importance as functional code. With the number of security incidents that keep happening, it is never too much to secure the application. Veracode static scans should be part of every CI/CD pipeline. One scenario that needs to be considered is that the static scan currently identifies vulnerabilities that are suited for web applications. There are plenty of vulnerabilities [that] are not applicable to Desktop applications [that] can somehow be avoided from being flagged.
Ravi L | TrustRadius Reviewer

Pros

Veracode

  • Binary scanning. Veracode static analysis is based out of binaries derived from source code which is more accurate that just the pure source code scanning. This accuracy translates to less false positives in the defects reported, thereby saving time of developers in tackling the real issues.
  • Veracode being a SaaS platform reduces the IT burden on your organisation. No servers to worry about, no performance concerns, no storage expansion to plan ahead and no capacity/elasticity challenges to take care of on all the infra (compute, storage, networking).
  • Veracode platform is very quick to configure and very easy to use. It just takes a few minutes to setup an application profile and start scanning. It is particularly easy to use for modern programming languages like Java as the java binaries are optimal for scanning.
  • Learning - Veracode's eLearning portal is very good and has all the relevant training on various aspects of security and again is seamlessly available in the same platform/tenant where the teams scan.
  • Security Consultation - Very easy to get help within the platform itself for a security consultation which is invaluable for the first few scans. Veracode is probably one of the very few SAST solutions which has such easy provision to get security consultation.
Śrinivāsa Rao Kuruba | TrustRadius Reviewer

Cons

Veracode

  • Although an improvement to what was there previously, the Analytics section using Looker, could still use some improvement. It does seem that what Veracode has deployed is a very limited version of Looker. While helpful and useful, there seems to be so much more that Looker does (such as dynamic querying), however, the version that Veracode employs doesn't seem to offer this.
  • More user control of administrative functions such as user adding/deleting. Veracode still uses a 'soft delete'/'hard delete' functionality. This can become cumbersome for self-user-administration when a deleted user has to be re-added. A support call is then necessary to have this done.
  • Their idle timeout process needs work. While using the Looker tool, you must save your work every few minutes, as their 'Shark-attack-like' idle timeout will sneak up on you and redirect you away in an instant causing you to lose any unsaved work.
Anonymous | TrustRadius Reviewer

Usability

Veracode

Veracode 7.0
Based on 24 answers
This used to be terrible. Had a difficult time figuring out where information was. Partly this was due to duplicative features, jargon labels, and user navigation. However, in the seven years I've been using the product, it has gotten better.Some of my issues were associated with trying to get scans to work unassisted. Now that scans, once set up, just run periodically, I don't have to deal with that as much. Part of this might also be that I've learned what I need to know about getting around. And still part of this assessment is in comparison to other tools out there that are even worse. Still, they could benefit from an investment in a full useability redesign from someone with an outside perspective, modernizing the UX but also studying and working through the bigger usability concerns. I would love to see better diagnostic tools around getting scans to work so I wouldn't need their tech support people to get scans to work. However, as long as the scheduler keeps going, my needs on this get ever rarer.
David Nelson-Gal | TrustRadius Reviewer

Support Rating

Veracode

Veracode 7.9
Based on 53 answers
Veracode Support has been great. Any time I have had a question, they have responded in a prompt manner. I'd say nine out of ten times they are able to resolve any issues that have come up with a short email exchange. For issues requiring a bit more investigation, their consultants are tops.
Teresa Kosinski | TrustRadius Reviewer

Alternatives Considered

Veracode

Have also evaluated services by GitHub and Snyk. I will say that we continue to use Veracode because of its brand recognition and vendor status in the financial services industry. However if my current company was not operating in this industry I would be tempted to use the less-expensive security analysis services provided by GitHub and Snyk.
Derek Overby | TrustRadius Reviewer

Return on Investment

Veracode

  • As I already stated, the cost per application is very high which makes the use of Veracode too expensive for many of out applications.
  • The analysis report is accepted by our clients as a proper SSAT report.
  • Most of out competition does not perform any type of SSAT on the applications they create. This is something we offer and be the only one out there doing this type of testing.
Glenn Jones | TrustRadius Reviewer

Pricing Details

Veracode

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Add comparison