Based on 7 verified reviews published in the last 18 months
Veracode has demonstrated a clear positive impact on business objectives, primarily by enhancing security posture and driving efficiencies. A significant majority of reviewers, 5 out of 7, highlighted a marked improvement in their organization's security posture, noting a tangible difference in their software's safety and the prevention of critical vulnerabilities from reaching production. This enhanced security directly contributes to ROI by mitigating risks and protecting brand reputation. Furthermore, the platform has generated considerable cost and time savings, as noted by 4 out of 7 reviewers, by streamlining security processes and reducing the need for extensive manual effort or costly bug bounty programs. These operational efficiencies extend to developer workflows, with 3 out of 7 reviewers observing improved developer efficiency and education, which further accelerates development cycles and fosters a security-aware culture. The overall effect is a more secure and agile development environment, optimizing resource allocation and reducing potential financial liabilities.
Reviewers frequently cited Veracode's effectiveness in significantly improving their organization's security posture. F…
Reviewers frequently cited Veracode's effectiveness in significantly improving their organization's security posture. Five out of seven reviewers observed a noticeable difference in their software's safety, attributing it to the platform's ability to detect and prevent insecure code from reaching production environments. This enhancement in security directly translates to a reduced risk profile for the business.
The platform has delivered tangible cost and time savings for organizations. Four out of seven reviewers specifically m…
The platform has delivered tangible cost and time savings for organizations. Four out of seven reviewers specifically mentioned that Veracode helps reduce operational costs and accelerates development cycles by consolidating security efforts into a single tool and enabling efficient application scanning. This efficiency minimizes the need for extensive manual security reviews and external bug bounty programs.
Veracode contributes to enhanced developer efficiency and education, fostering a more secure development culture. Three…
Veracode contributes to enhanced developer efficiency and education, fostering a more secure development culture. Three out of seven reviewers noted that the platform educates developers on secure coding practices and becomes easy to integrate into their workflow once set up. This leads to better communication between security and development teams, improving overall productivity.
The solution has helped organizations streamline their software development and release processes. Two out of seven rev…
The solution has helped organizations streamline their software development and release processes. Two out of seven reviewers indicated that Veracode facilitates an agile way of working by integrating security controls directly into deployments, which helps establish clear service level agreements and accelerates the release cycle. This integration ensures security is a continuous part of the development pipeline.
Reviewers frequently employ a diverse array of security tools in addition to Veracode, primarily focusing on static analysis and security monitoring capabilities. Static analysis tools were cited by 4 of 7 reviewers, indicating a strong reliance on these solutions for code quality and vulnerability detection. A slightly smaller proportion, 2 of 7 reviewers, also highlighted the use of security monitoring platforms to maintain ongoing visibility into their security posture. The observed usage patterns suggest a comprehensive approach to security, integrating both proactive code-level checks and continuous operational oversight. While the specific tools mentioned vary, the underlying categories reflect a common industry need to address security across different phases of development and deployment. The limited sample size of 7 reviews suggests these observations represent individual preferences rather than broad market trends, yet they illustrate the range of tools considered essential by security professionals.
Reviewers frequently utilize a variety of static analysis tools to identify vulnerabilities and enforce security polici…
Reviewers frequently utilize a variety of static analysis tools to identify vulnerabilities and enforce security policies within their codebases, with 4 of 7 reviewers mentioning such solutions. These tools range from comprehensive code analysis platforms to specialized security testing suites, indicating a multi-faceted approach to securing applications during development. The selection of tools often reflects specific needs, from open-source options to commercial products, suggesting a tailored strategy for different environments.
Security monitoring tools are employed by 2 of 7 reviewers to gain continuous visibility into their cloud environments…
Security monitoring tools are employed by 2 of 7 reviewers to gain continuous visibility into their cloud environments and network traffic, helping to detect and respond to potential threats. These platforms provide critical insights into security events and compliance, extending protection beyond static code analysis. The tools mentioned highlight a focus on cloud-native security and data loss prevention, indicating a proactive stance on operational security.
Veracode is primarily utilized by organizations to integrate security testing directly into their software development lifecycle, with a strong emphasis on proactive vulnerability identification. The product's core functionality, including Static Application Security Testing (SAST) and Software Composition Analysis (SCA), is widely adopted by 5 of 7 reviewers for analyzing code and dependencies. A significant strategic driver for its use is the objective of "shifting security left," meaning the aim to detect and remediate security flaws as early as possible in the development process. This approach, highlighted by 3 of 7 reviewers, helps prevent vulnerabilities from reaching production and reduces the cost of remediation. Reviewers indicate that Veracode supports this by providing tools that developers can use to identify issues before code deployment, thereby enhancing overall application security posture.
Reviewers frequently highlight Veracode's application for Static Application Security Testing (SAST) and Software Compo…
Reviewers frequently highlight Veracode's application for Static Application Security Testing (SAST) and Software Composition Analysis (SCA) within their development pipelines. The tool is integrated into the Software Development Life Cycle (SDLC) to scan code, repositories, and CI/CD pipelines, ensuring security checks are an intrinsic part of the deployment process. This comprehensive usage helps organizations identify vulnerabilities in both custom code and third-party components.
A key business problem Veracode addresses is enabling organizations to shift security considerations earlier into the d…
A key business problem Veracode addresses is enabling organizations to shift security considerations earlier into the development lifecycle. This proactive approach aims to identify and remediate vulnerabilities before they become more costly and complex to fix in later stages or production. Reviewers appreciate the tool's ability to equip developers with the means to prevent new flaws and manage technical debt effectively.
Reviewers consistently identified several areas where Veracode could enhance its offering, primarily concerning its technical flexibility, user experience, and reporting capabilities. A significant portion of the feedback, with 3 out of 7 reviewers (43%) each, pointed to challenges with integration and API flexibility, user interface and web experience, and reporting and analytics. These concerns suggest a collective desire for a more modern and adaptable platform. Specifically, reviewers noted that the existing integration options felt somewhat rigid, indicating a need for broader API and webhook support to better connect with diverse SecOps tools. Similarly, the user interface was frequently described as needing modernization, with specific comments on its dated appearance and less intuitive navigation, particularly regarding filtering options. The reporting features also drew criticism, with reviewers suggesting improvements to the reporting mechanisms and the authorization models for dashboards. These themes collectively highlight opportunities for Veracode to evolve its platform to meet contemporary expectations for usability, interoperability, and data presentation.
Reviewers expressed a desire for greater flexibility in Veracode's integration capabilities, with 3 out of 7 reviewers…
Reviewers expressed a desire for greater flexibility in Veracode's integration capabilities, with 3 out of 7 reviewers (43%) noting limitations. The current integration suite is perceived as somewhat rigid, leading to calls for more extensive API and webhook options to facilitate better connectivity with other security operations tools. This suggests a need for Veracode to expand its interoperability to align with modern DevSecOps ecosystems.
The user interface and overall web experience were cited by 3 out of 7 reviewers (43%) as areas needing improvement. Re…
The user interface and overall web experience were cited by 3 out of 7 reviewers (43%) as areas needing improvement. Reviewers found the UI to be somewhat outdated in appearance and noted that some screens required a learning curve. Specific feedback highlighted that filtering options could be more intuitive, impacting the ease of navigating and finding information.
Reporting and analytics features were identified as an area for enhancement by 3 out of 7 reviewers (43%). Reviewers su…
Reporting and analytics features were identified as an area for enhancement by 3 out of 7 reviewers (43%). Reviewers suggested that the reporting functionalities could be improved, specifically mentioning the need for better authorization models for reports and dashboards. This indicates a desire for more robust and customizable data presentation and access controls within the platform.
Veracode is recognized by reviewers for its strong performance across several core functionalities, particularly in integrating security into the development lifecycle and providing comprehensive analysis. Three of seven reviewers specifically highlighted the platform's effective IDE and CI/CD integration, noting its ability to embed security checks early in the development process and streamline workflows. Concurrently, the platform's scanning capabilities were also frequently praised by three reviewers, who appreciated its ability to identify security issues in compiled code and perform SAST scanning. Reviewers also found value in Veracode's reporting and dashboards, with three reviewers mentioning these features for their utility in providing metrics and insights to product owners. Furthermore, two reviewers appreciated the platform's nature as a SAAS platform, which enables parallel work execution. The dynamic analysis features also received positive feedback from two reviewers, who noted its detailed display of requests and responses, aiding in vulnerability analysis.
Reviewers frequently commend Veracode for its seamless integration into developer environments and continuous integrati…
Reviewers frequently commend Veracode for its seamless integration into developer environments and continuous integration/continuous delivery pipelines. Three of seven reviewers specifically noted that this integration helps to embed security early in the development process, potentially reducing code vulnerabilities before they escalate.
The platform's scanning capabilities are a key strength, with three reviewers highlighting its effectiveness. They part…
The platform's scanning capabilities are a key strength, with three reviewers highlighting its effectiveness. They particularly value its ability to scan compiled code for security issues, providing intuitive metrics and supporting both general code scanning and Static Application Security Testing (SAST).
Veracode's reporting and dashboard features are well-regarded, with three reviewers specifically mentioning their utili…
Veracode's reporting and dashboard features are well-regarded, with three reviewers specifically mentioning their utility. These tools are appreciated for providing valuable metrics and insights, which are useful for product owners and for monitoring key performance indicators.
Two of seven reviewers appreciate Veracode's nature as a Software-as-a-Service (SAAS) platform. This aspect is valued f…
Two of seven reviewers appreciate Veracode's nature as a Software-as-a-Service (SAAS) platform. This aspect is valued for allowing users to run scans efficiently while simultaneously engaging in other work, contributing to operational flexibility.
The dynamic analysis feature is highlighted by two reviewers as particularly effective. They note its ability to clearl…
The dynamic analysis feature is highlighted by two reviewers as particularly effective. They note its ability to clearly display requests and responses, which significantly aids in the detailed analysis and identification of vulnerabilities.
Reporting and analytics features are considered highly important for evaluating security posture and communicating program maturity across an organization. A significant majority of reviewers, 5 of 7, emphasized the essential role these features play in their use cases, particularly for stakeholder communication. While the internal reporting within the solution is generally well-regarded, reviewers expressed a mixed sentiment regarding the flexibility and customization of reports for external audiences. There is a clear demand for more tailored reporting capabilities to effectively convey relevant information to diverse groups, ranging from less technical management to specific development teams. The ability to customize metrics and dashboards for C-suite executives and to measure security maturity across different organizational units is a critical requirement for effective program oversight.
Reviewers consistently highlighted the critical importance of reporting and analytics, with 5 of 7 reviewers stating th…
Reviewers consistently highlighted the critical importance of reporting and analytics, with 5 of 7 reviewers stating these features are essential for evaluating security posture and program maturity. While the internal reporting within the tool is considered effective, there is a desire for improved external reports that can be customized for various stakeholders, including developers and less technical management. The ability to tailor metrics for C-suite executives and measure security maturity across different teams is viewed as a key requirement for effective communication and oversight.