Overview
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Reviewer Pros & Cons
View all pros & consVideo Reviews
Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Veracode, and make your voice heard!
Pricing
View all pricingEntry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Would you like us to let the vendor know that you want pricing?
Alternatives Pricing
Features Scorecard
Product Details
What is Veracode?
Veracode is an AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. With its combination of automation, integrations, process, and speed, Veracode aims to help companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.
Veracode states they serve more than 2,500 customers worldwide across a wide range of industries, and that the Veracode solution has assessed more than 35 trillion lines of code and helped companies fix more than 65 million security flaws*.
Veracode Videos
Veracode Downloadables
Veracode Competitors
Veracode Technical Details
Deployment Types | SaaS |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Comparisons
View all alternativesCompare with
Frequently Asked Questions
What is Veracode?
What are Veracode's top competitors?
What is Veracode's best feature?
Who uses Veracode?
Reviews and Ratings
Reviews
(1-25 of 106)- Popular Filters
Good product, lives up to expectations
- Explanation of security flaws
- Triaging and reporting
- Adding developer mitigations and comments
- Good integration with tooling
- It could be easier to navigate and find what you're looking for
- Can generate a lot of false positives, depending on policy
Veracode Review from Security Engineer Perspective
- The tool seems to have been build for automation.
- As a security engineer, I prefer the types of findings discovered through DAST or IAST since I can easily verify findings, but the SAST findings may be easier for the developers since it points to the area of code.
- While it's hard to get developers to take advantage of the consultation calls, I like the fact we can get a highly technical person to walk us through any type of Veracode question.
- The UI has gone through times of instability which can be a pain when things are broken.
- Selecting the correct modules for large applications can be a headache as well as stressful since you need to get that portion right to get the types of results you need.
- There is a bit of a learning curve to navigating Veracode so I see developers who don't use it often struggle to get to their scan results and handle them properly.
Veracode Meets Our Needs
- Static scanning is quick and efficient
- The scan reports are easy to read and informative
- Interaction with both account management and support staff is great
- The contracting process is easy
- The platform's interface could be a little more intuitive
- Sometimes we get a notification that our static license use has been exceeded but it has not
- Sometimes the static scan reports many, many potential flaws but it turns out the tool has not been programmed to correctly recognize a particular use case
- The configuration of dynamic scanning is a bit disjointed.
- It may just be our application but the dynamic scanning process needs to be improved. Note that we have an open case with Veracode on this so we do expect a resolution.
- No Training
A solid offering for the right company
- Static Scans
- SCA Analysis
- API Documentation
- API random failures
- Customization
- Automation speed
- Support
- Workflow and Process improvements for support
Quick review after using Veracode for 1 month
- We use Veracode to perform a static scan of our application after we build it. As per the scan result, we upgrade the security and coding standards of our application. Until we meet the standards as per the Veracode scan, our application code will not be approved.
- By using Veracode we can learn many new things about software development and coding standards. We can use those in the near future to maintain industry standards.
- More examples of how to solve the issue with some real-life examples would be better to figure out the issue.
- The exact reason/line number would be great to find the actual code block which is causing the issue.
- Flaw remediation
- code quality
- cleansing functions
- remove false positive
- Old sandbox results should be available at least for a quarter for comparison
- already remediated flaws should not be reopened in any scenario
- False positives will be reduced.
- Helpful advice and guidance.
- Prioritize safety at all times.
- Scans are time-consuming.
- Active scans require additional feedback.
- To work, it must be compiled.
Veracode
- SCA
- customer support
- 2fa
- DAST
- bulk user management
- SSO configuration
Review for a Left Shift Security Scanner
- Static Analysis SAST
- Dynamic Analysis DAST
- Software Composition Analysis SCA
- Interactive Analysis
- It sometimes can be tricky to use and not straight forward
- Learning and Training the product can be minimised
- Identifying security weaknesses & flaws within our software
Good Security Scanner for Your Software
- Finds vulnerabilities in app
- Scanning engine is updated
- Consultants are very helpful
- Web page UX could use some improvements, sometimes it's difficult to find what you want.
- Sometimes scanning takes more time.
Most well-rounded security tool
- Scan as a service
- Less false positives
- Helpful support
- Scans can take a long time.
- Need more feedback for active scans.
- Has to compile.
Veracode Helps Us To Identify Vulnerability in Code.
- Very ease to use and error details are clear
- I can fix the code easily.
- Support base is good.
- Some times UI will be little slow.
- Maybe our HVD network issues
- Not sure
Why Veracode Can Save You... Money, Time, Security
- Intergrations
- Policy enforcement
- Build pipeline access
- Build a ticket management screen into the platform
- Easier integrations to SSO/SAML
- A different method of having API users, they should be either integrated into the team (an API key as part of the team) or at least separate from the regular user area.
Veracode Review
- Recognize unseen security issues
- Detailed scan report
- Great personal support
- UI of platform still hard to use and navigate
- Loading of web application could be faster
- Auto generated bug in Azure DevOps should have more details about the flaw
Veracode Verified gets you market cred!
- Code Scanning
- Automation integrations
- Great metrics
- Excellent Support
- Plug-in of sorts for BI platforms.
Veracode - The Best Code Scanning Tool
- Developers scan the application code to detect the malicious code ahead of the release to avoid any security issues.
- As Veracode supports various different languages, it helps in scanning most of the application requirements needed for the firm.
- Veracode has good integrations, plugins supporting major CICD tools like Jenkins & Azure DevOps, which eases up the integration between them.
- Sometimes veracode takes a long time to open sandbox scan for getting the detailed information.
- More documentation around the languages supported and how to use it would be helpful.
- Jira Integration would be good so bugs can be automatically created as tickets
Veracode scan to find vulnerabilities before release
- Engine is updated time to time to add more flaws
- Scanning process is easy to use
- Scanning notifications are sent to track whole scanning process
- Taking bit more time for static scan
- Some flaws are false positive and we should have option to flag as false positive so next time they won't appear on report
Veracode Review
- scanning existing code
- scanning code as developers work so errors aren't introduced at all
- Developer Training - I found assigning training to be tricky and pulling useful reports very difficult
- Veracode reports are robust - but to a point where I am overwhelmed by choices
Important!
- Identify third part components security issues and suggest updates.
- Provides training course to solve the issues found in the analysis.
- Easy to configure in our devops integration platforms. Has a good documentation for it.
- Full Integration with Azure AD.
- User management in the portal. To be more clear.
- Separate the concept of an application and components of one.
- Arrange applications into Groups/Subgroups.
Perfect SAST Scanner
- Unlimited scans means not having to worry about scan priority and order, etc.
- Because it scans everything and you have the ability to select the types that matter, it always gives a full picture of your vulnerabilities.
- IDE scans can be limited to selected vuln types instead of everything.
A tool that allows you to make secure applications
- Find vulnerabilities in the code.
- Good integrations with other applications
- Compatibility with most used programming languages
- Delete users, this function has many errors, always leave the deleted user in a false delete state, which if you need to restore you have to contact constantly
- Speed of analysis
You don't need a security team anymore!
- The pipeline scan is a very fast way to scan code and inform developers if a new flaw is introduced by their pull requests.
- Upload & Scan provides an in-depth analysis of the codebase, which features like reporting being made easy.
- SCA Scans help us not only identify the vulnerabilities but also in helping fix them and in identifying if our application is using that part of the vulnerable library or not.
- Veracode is very easy to integrate into the CI/CD pipelines (especially Jenkins)
- It was very difficult for me to navigate around on their Dashboard. There's certainly room to improve on that and make it more intuitive.
- The Agent-based SCA scan can have a feature for adding a baseline file (like Pipeline Scan)
Safety first with Veracode
- Find and tell us find packages those are out of date
- Tell us venerability's in CSS, JS and third party components
- Recommends coding improvements based in better coding practices
- Sometimes static scan gets stuck for days which otherwise takes 3-4 hours most of the times
Help us build Secure code and drive your development teams towards best secure code practices
- Identify Vulnerabilities
- Great Developer Support and Training
- Automatic Identification Third party code.
- Multiple Scanning options Portal, IDE, CI Pipelines
- Web Analysis portal has minor learning curve.
- Improve the login timeout
- Any improvements in Scanning speeds would be helpful
- A modern UI design would be good.