Veracode Reviews

7 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.8 out of 101

Do you work for this company?

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-4 of 4)

No photo available
September 16, 2019

Veracode Review

Score 5 out of 10
Vetted Review
Verified User
Review Source
Veracode provides multiple security analysis for various software products at my company. We use it to do static analysis, dynamic analysis, and software composition analysis. It is being used across the company to ensure all code projects have high quality, structured code, with a minimal amount of security flaws or vulnerabilities in the app stacks.
  • Static scanning.
  • Security flaws.
  • Code structure.
  • Bad UX.
  • Too slow.
  • Lacks good integrations.
I like a lot of other solution out there more, like Codacy. Veracode does well, but with limited UX, and it feels heavy and outdated. It is probably great for a lot of enterprise use-cases.
Read this authenticated review
Glenn Jones profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
Mathematica Policy Research uses Veracode across many websites developed for our clients. We are currently working on setting it up to perform a static security scan when source code is checked into our source control repository. It is used by many of staff in the development departments of the company. It is the first step in the process of making certain we do not deploy applications that have security flaws written into them. We do not allow an application to be deployed if it does not pass the Veracode static scan.
  • Veracode works very well from within Visual Studio for .Net based websites.
  • The API, once figured out, is very useful for performing Continuous Integration/Continuous Deployment (CI/CD) portion of the DevSecOps process.
  • It currently supports most of the development environments that we use ar MPR such as .Net and NodeJS.
  • Some members at Mathematica Policy Research program Python-based websites. The Python Static Analysis has not yet come out in Veracode. We have been waiting for over one year for Python.
  • Speed is a problem with us and Veracode. It can take over two hours at times to get a very simple, single HTML page "website" scanned. This is becoming non-maintainable.
  • Documentation on the XML out files should be provided. I was able to process the XML files but I am sure there are parts that I either did not see or misinterpreted. I t would be nice if the XML was documented.
  • Cut the price or come up with multiple pricing models. We do a lot of small applications that only run for a few months. To make us pay a $7000.00 fee for each website is overly costly. Because of the price we cannot use Veracode on all of the applications we would like to use it on
If you need to perform static application security testing (SAST) and low price is not a problem, then Veracode is a good choice. The speed of the static analysis could also be increased. It is, however, one of the few tools available that can analyze the bytecode of a .Net web application and provide very good analysis of the application. The generated report is also quite good, even though it appears everyone wants a report based on PCI problems, even if your application does not deal with any financial information.
Read Glenn Jones's full review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source
My Veracode Experience was efficient. I used Veracode for an legacy application that was coded in c++. It had many functions used that did not meet up with the security standards.These functions used were not the secure versions released later by Microsoft and thus created threat to the application. Veracode scanned the code with great efficiency and provided us a report of:
1) How secure our application is by giving an initial score.
2) Which line has an issue that could compromise the security of the application.
3) The mitigation that can be used for a particular flaw occurring at a particular line.
4) The severity of the that flaw and what should be the priority to mitigate it.
5) A To-Be score to be achieved by our system so that it meets the security standards and our application becomes secure.
After scanning the code, and identifying the flaws, we segregated those flaws based on priority - High, Medium, Low and worked on the highest flaws at earliest.
  • Extremely efficient for large amount of code as it scans and saves time and resources.
  • Report given about security of the application is detailed and very easy to work on.
  • Secure application and ensures code is safe.
  • Available online - SaaS, could be a desktop application too.
Scenarios Veracode is suited is when working on legacy application developed over many years that can have functions that can pose a threat to security.
Read this authenticated review
No photo available
December 14, 2016

Veracode review

Score 8 out of 10
Vetted Review
Verified User
Review Source
Veracode is used by our whole organization to test the security of our software. We upload the source code to Veracode at least once every six months and get a report back identifying security flaws, if any, along with recommendations to fix them.
  • It works great for managed code identifying the security flaws in your code and recommendations to fix them. The report lists not only the source files containing the problem, but also pinpoints the line numbers in the file where the problem is. So, it's easy to quickly fix the problem.
  • It was scanning our asp.net code just fine, but couldn't scan our Classic ASP and SQL files. At least, we couldn't get it to scan our Classic ASP and SQL code when we tried. Perhaps that's an area for improvement.
  • We also ran in to some performance issues getting the scanned report back in time. We had to overcome that by reducing the size of our upload.
It works great for .Net, but, not so well forSQLl and Classic ASP.
Read this authenticated review

About Veracode

Veracode offers application security and testing software. The company was acquired by CA Technologies in 2017 but sold again by Broadcom after Broadcom acquired CA Technologies.

Veracode Technical Details

Operating Systems: Unspecified
Mobile Application:No