Skip to main content
TrustRadius
Veracode

Veracode

Overview

What is Veracode?

Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.

Read more
Recent Reviews

A normal review of Veracode

8 out of 10
March 27, 2023
We use the Veracode software platform to look for vulnerabilities in our code as well as in the third party libraries we were using. We …
Continue reading

Veracode to the Rescue!

10 out of 10
October 14, 2022
Veracode DAST is used on app applications in the portfolio. SAST/SCA scans and DAST scans are run monthly for all Critical application in …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons

Video Reviews

1 video

Veracode Review: Provides Helpful Support When Troubleshooting Security Needs
02:38
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Veracode?

Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

801 people also want pricing

Alternatives Pricing

What is SonarQube?

SonarQube, a core component of the Sonar solution, is an open source, self-managed tool that systematically helps developers and organizations deliver Clean Code.

What is Indusface WAS?

Indusface Web Application Scanner provides an application security audit to detect a range of high-risk Vulnerabilities, Malware, and Critical CVEs.

Return to navigation

Product Details

What is Veracode?

The Veracode platform is a software security solution that aims to be pervasive but not invasive, embedded into the environments that developers work in, with recommended fix and in-context learning. Security teams can use Veracode to manage policy, gain a comprehensive view of an organization's security posture though analytics and reporting, mitigate risks, and produce the evidence necessary to meet regulatory requirements.

It is presented as an always-on, continuous orchestration of secure development that gives organizations the confidence that the software being built is secure and meets compliance requirements.

Veracode Features

  • Supported: Continuous Scanning to reduce risks at every phase of development - Veracode Static Analysis, Dynamic Analysis, Software Composition Analysis, and Manual Penetration Test throughout SDLC.
  • Supported: Developer Experience - Finds and fixes laws in line with security integration into where developers work, automated remediation guidance, and in-context learning.
  • Supported: Comprehensive Platform Experience - Streamlined governance, risk and compliance processes through flexible policy management, unified reporting and analytics, and peer benchmarking to mitigate risks fast and deliver a successful DevSecOpsprogram.
  • Supported: Market Expansion - To meet data residency needs in EU with cloud-native instance built in Frankfurt, Germany on AWS.
  • Supported: Contextual Platform Data - Fine-tuned with nearly 2 decades of scanning and customer learning. Predicts future vulnerabilities with self-healing capabilities through applying machine learning and artificial intelligence to the data.
  • Supported: Cloud-native SaaS Architecture - Provides elastic scalability, high performance, and lower costs with cloud-native SaaS architecture.

Veracode Screenshots

Screenshot of The Veracode Platform HomepageScreenshot of Static Analysis ScansScreenshot of Findings Status and History DashboardScreenshot of The Veracode Platform

Veracode Videos

Veracode Static Analysis Demo
Veracode Software Composition Analysis Demo
Veracode Dynamic Analysis Demo

Watch The Veracode Platform

Veracode Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesNorth America, EMEA, APAC, LATAM
Supported LanguagesJava, .NET, PHP, Android, iOS, JavaScript, Python

Frequently Asked Questions

Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.

Checkmarx, Snyk, and Micro Focus Fortify on Demand are common alternatives for Veracode.

Reviewers rate Support Rating highest, with a score of 8.

The most common users of Veracode are from Enterprises (1,001+ employees).

Veracode Customer Size Distribution

Consumers0%
Small Businesses (1-50 employees)65%
Mid-Size Companies (51-500 employees)18%
Enterprises (more than 500 employees)17%
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(186)

Attribute Ratings

Reviews

(1-25 of 122)
Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Primarily for scanning web applications, while others might use it to secure mobile apps, APIs, or even IoT devices. The ultimate goal is to reduce the risk of security breaches and ensure that software applications are developed and maintained. IDE integration and security testing are the best feature to identify and address security vulnerabilities in my software applications.
  • IDE Integration
  • SCA
  • SAST
  • Plug-in pipeline
  • CI/CD
  • Pull requests
It used in DevOps to identify security flaw before going to production. Common and hidden areas of software can be ignored if it’s too wide, so the report and triage flaws help security teams to understand where to improve. Furthermore, MPT an great to provide details and vulnerabilities that from DAST doesn’t arise.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Veraocode for Static and Dynamic scans and Software Composition Analysis (SCA) across multiple products. The Jenkins automation is a lifesaver for Static scans and SCA since it gets us out of the business of uploading builds manually. We're also utilizing the Jira integration to manage vulnerabilities, from creating new tickets to resolving and closing them when a vulnerability is no longer present. Dynamic scanning can take some tweaking to get running smoothly, however, once things are dialed in, it's another scan that can be scheduled to run automatically. Arguably the most powerful tool, Software Composition Analysis, runs along with our Static scans and gives us insight into vulnerabilities in third-party libraries, newer versions available where a vulnerability is resolved, as well as their licenses.

In all, Veracode is a critical tool that helps us remain compliant with our various annual third-party audits.
  • Automation
  • Software Composition Analysis
  • Integrations
  • More insight into errors that may be causing an issue when configuring an integration, e.g. Veracode's Jira integration.
  • Static Analysis can sometime get 'stuck' when using the Jenkins integration. Days, sometimes weeks can go by before we notice. Have to delete the 'stuck' scan and re-upload.
  • Manual Pen Test account management/reminders. I would expect the vendor to reach out and schedule the pen test annually, maybe send a notification/reminder when the date starts getting close, things like that. From my experience it was on me to initiate our MPT.
Veracode is well suited for small software companies, as well as organizations supporting multiple products. A well-defined and orchestrated build process will be a huge help when setting up a build upload integration with Veracode. Once scans are running smoothly, and assuming you have an integration with your ticketing system, you will rarely have to sign into Veracode's interface.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use Vericode to provide initial and ongoing security analysis of our software products. We supply ERP software solutions to the paper manufacturing industry. We are a leading supplier of software to this industry and it is important to us to provide a product that is thoroughly tested and free of known critical vulnerabilities. We have incorporated Vericode into our SLDC cycles and perform SCA and Dynamic scans within our release cycles. Our application is a very large full ERP application using many third party libraries. Without Vericode we would be flying without a net.
  • Automated scanning of software libraries for vulnerabilities
  • Management of multiple application, statuses and helps on security remediation
  • Vericode Verified program to leverage the security investment as competitive advantage
  • The time it takes to scan large projects makes it difficult to fit into our CI/CD/pipeline
  • One of our app scans times out after 2 hours and we have to upload it and scan manually but there is no visibility the CI system has as to vulnerabilities found
  • Integration with older development languages to scan. We have old 4GL based application that is not compatible with the tools
Help raise the level of awareness throughout the organization on the importance of proper security measures for software development. Allows you to establish a campaign that touts your organizations concern and action towards continual technology threats. Working the Vericode tools into an automated build cycle allows continual focus on the security vulnerabilities within your applications. We are hoping Vericode adapts to large scale applications that allow us to auto scan our application that has over 3 million lines of code.
Christine Canassa | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
This product has efficient data security control tools that enhances safe working environment for all teams. It gives our team CI and CD critical data that gives us reliable development infrastructure for better results. It prevents the software development ecosystem for security threats that can affect efficient production. I have not experienced project implementation challenges since we started working with this platform.
  • Monitoring software development infrastructure.
  • Prevention of security threats.
  • Provision of intelligent security information.
  • The features are awesome.
  • I have familiarized with al the set features.
  • The overall performance is good.
It is easily customizable to suit company security policies. The software has simple coding tools that enables our team to identify errors before completion of any given project. The security intelligence that has been provided over the time has saved the company the cost of security drawbacks. The customer support team is ever available when reached for any solution.
Score 8 out of 10
Vetted Review
Verified User
We use the Veracode software platform to look for vulnerabilities in our code as well as in the third party libraries we were using. We are in the medical software industry, so the data we deal with is very sensitive in nature so we take security and privacy very seriously.
  • Very good customer support
  • Quick responses to questions
  • Microsoft ADO pipeline support for other scan features
  • Reports that can be generated outside of the website
  • Summary of multiple reports at the user level and not administrative level
Having detailed reports generated by Veracode that highlights code vulnerabilities as well as security issues with third party libraries are features that are important in our industry. It is well suited for providing software teams all of the outstanding issues they may exist so that time is saved in not having to do all of that research ourselves.
January 10, 2023

Veracode For your Code

Score 10 out of 10
Vetted Review
Verified User
Incentivized
This helps in understanding and resolving vulnerabilities in our code which is really good to have. And the most interesting feature is its Veracode Greenlight which gives real-time output and resolution. We can also schedule calls with the security experts for any resolution or queries. I highly recommend [using] Veracode.
  • Realtime resolution
  • Consultation calls
  • Detailed report
  • Using sourceclr
  • for DAST scan
  • Linking SCA with SAST should be more clear
Veracode is suited for organizations [that] give their customer both security and privacy. Veracode will dive deep into the code and points out the flaws which are dangerous to both the organization and the customer using it. I prefer not using Veracode if You don't have the time to revisit your module and resolve the issue because it may take time from the developer's perspective (This is a hypothetical scenario).
Mike Clarkson | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
This is a very thorough tool to statically scan your source code. It works very well for us, and it's always interesting to see how your code writing changes over time as you become more security focused. We are in the process of setting up dynamic scans, but for now we are doing static scans only. They take a little time to complete, but we are scanning our entire software suite so it's to be expected. We have found a number of issues, some of which are in legacy code which we are probably not going to fix as it is actively being replaced.
  • Static scans
  • User Interface
  • Results of scans with detailed descriptions of what the issue is and how to potentially fix it
  • The time to complete a static scan
The ease of integration into our CI/CD pipeline (it only added a couple of minutes extra per build) followed by a weekly static scan of our entire code base which in turn generates results of all the severe items identified. Sometimes they are false positives as it's in libraries we don't control, but we pass on the findings back to the library maintainer(s). Often we have to modify our code slightly to mitigate/patch/fix the issue.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Veracode is used to find any flaws that can affect the application in production even before the product is deployed in any environment. Almost all types of scans can be performed using Veracode. Veracode is famous for its SAST and SCA scan, which attracts users due to its transparency and security.
  • SAST Scan
  • SCA
  • DAST
  • Flagging false positive.
  • Linking of SCA and SAST Scan.
  • Needed to see an aggregated score for all the modules in an application.
I will say it is a nine because the aggregated score of all the modules in an application is not shown anywhere in the Veracode. Otherwise, it's good for the easiness and stability of the application that a developer and an organization are keen to see in a penetration application, respectively.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Due to the regulatory requirements in Germany (VAT), we are required to meet certain security standards. Veracode helps us to check the security of applications as well as third-party libraries and to uncover vulnerabilities. The possibility of telephone consultation helps us to understand and eliminate the defects.
  • To uncover vulnerabilities.
  • To get a security awareness in the company.
  • to secure our applications as much as possible.
  • Good held and explanations for vulnerabilities.
  • Good tele consulting in a short time.
  • Concrete example implementations for best practices for the flaws and for different programming languages.
Well suites: - to uncover security weaknesses - to get security awareness - to get information about the specific flaws.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
As a Developer, I have to make sure that the System we are building is safe. Therefore Veracode helped a lot by scanning our Code for vulnerabilities. Therefore our Security Department opens up a Ticket Process wherefore we simply open up a new Static Code Scan and wait for the result. When all the vulnerabilities are fixed, we get a sign-off.
  • Customer Service.
  • Easy Usability.
  • Well Documentation.
  • Details on Documentation.
  • Customer Communication for Appointments.
I think that Veracode is a good basic code scan in order to ensure code security. It is super easy to integrate into CI-CD processes and offers good protection against common code vulnerabilities. It is less appropriate to consider it as the ONLY security consideration for your application.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Our company maintains highly confidential information about our clients. Keeping our systems and data secure and protected is at the heart of what we do. We use Veracode to help us in this endeavor. We rely on Veracode's products and services to ensure that we maintain the level of trust and confidence that our clients give to us.
  • Double checking the security of our code
  • Integrating into our CI/CD process to help us catch and resolve new flaws
  • Helping us maintain our compliance
  • The documentation could really use some work
  • I am skeptical of the thoroughness of the scans on newer languages and frameworks
  • The scan takes too long
  • The IDE tools leave much to be desired
  • Too many false positives
It is useful for maintaining security compliance.
The manual penetration test is very useful to have in addition to the flaw identification algorithm.

Due to the lengthy amount of time it takes to scan, it's not useful for testing every commit.
The Visual Studio extension to not make it easy for developers in day-to-day programming
October 14, 2022

Veracode to the Rescue!

Score 10 out of 10
Vetted Review
Verified User
Veracode DAST is used on app applications in the portfolio. SAST/SCA scans and DAST scans are run monthly for all Critical application in the portfolio. In total there around 120 applications in scope for the program.
  • Customer support that won't permit any failures anywhere along the line.
  • Regular updates to the platform that supports rapid changes in technology and development practices
  • Sets the standard for how AppSec scanners should work
  • Sometimes finding the right person to help takes a little time
  • Pricing of SAST/SCA scans may scare off some potential customers until they understand that it's worth it.
Veracode is useful across the spectrum of development teams' AppSec maturity, size of the development community, and varied skill sets to address application security. Veracode excels in bringing together threat management teams and development teams with a single view into all application vulnerabilities and their treatment.
Score 9 out of 10
Vetted Review
ResellerIncentivized
Veracode helps our clients to deliver secure applications in an agile way in less time and focus the efforts of developers to work on real flaws, this can be done from a single SAST scan to a complete integration in a CI/CD enviroment, analyzing vulnerabilities in the code of the developers, thrid party libraries, executing dynamic anlysis all automated to be compaint to security standards and best practices
  • SAST analysis in the pipeline it's very quick and helps to identify flaws
  • Third party libraries analysis it's effective to review vulnerabilities and recommend a secure version
  • Integration in the pipeline with various DevSecops Tools/Platforms
  • More coverage in the languages/frameworks
  • The crawl script for SAST analysis could be improved to support more functions
  • More coverage for different versions of the IDEs
It's an excellent security application platform, with different integrations that can fit in the SDLC, as the SAAS solution works perfect to quick starts and the integrations are fast and easy to execute, can be implemented in a modular way starting just with training in secure code or can be robust to integrate into all the develop environment
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use the Static Analysis feature of Veracode to ensure no vulnerabilities are present in our code bases. If a flaw is reported, we consult with the internal team and then set up a Veracode consultation if required for mitigation ideas. After fixing / mitigating the flaw we scan again to check if any further flaws are being reported - if not, we go ahead with the next steps in the project lifecycle.
  • Reporting vulnerabilties
  • Static Analysis of code
  • Scan all dependencies
  • UI experience could be smoother
  • Navigation could be better
  • Response time could be optimized
Veracode is a good choice for static analysis of code. If the code refers to any customized dependency, then Veracode does not consider the external dependency unless it is bundled along with the main archive while running the scan - it could be automated so that the dependencies mentioned in pom / gradle file are considered by default without us having to upload it manually.
Douglas Perreault | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
For years Veracode has been an integral part of our process to reduce our security vulnerability footprint. All of our code is scanned through Veracode's static scan process to ensure we are removing any older vulnerabilities and not introducing new ones. We also use the software composition analysis information to ensure we aren't using any versions of third-party software which may have any vulnerabilities.
  • Pointing out use of 3rd-paty software versions that are out-of-date
  • Providing an easy way to triage flaws -- tying together the flaw, source code, and an explanation in one easy-to-use path
  • Providing an easy-to-use plug-in for Visual Studio allowing on-the-fly validation of code without having to complete a full scan
  • It would be nice if we could more easily customize post-scan reports. The reports are fairly lengthy and not everyone on the team needs all of the details.
  • It's not always obvious as to what features are available. For example, for years I had no idea one could promote a sandbox scan to a policy scan without having to resubmit it.
I would say that Veracode is well-suited for any software development it supports. I use it with both Java and .Net based applications and find it works well for both. Veracode cannot provide detailed information if PDB files are not sent with the .Net compiled code.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Veracode is an amazing tool that enabled us to identify several security loopholes, especially through dynamic analysis. Static analysis was helpful in plugging gaps as well. It's one of the best out there. One of the things we really loved about Veracode was the level of detail provided to identify issues and help resolve them. especially given we used several platforms such as .Net, .Net Core and Windows.
  • Identify security loopholes
  • Gives us detailed issue reports
  • provide a sense of confidence for the developers. We plugged some critical ones with this
  • provide summary reports that we can share with clients as well
  • Dynamic Analysis sometimes took a lot of time to run
  • The user interface especially accessing reporting was difficult to find
  • Provide direct integration with DevOps pipelines in the future if possible to run the static analysis for commits if required
Best Case Scenario:
1. Review your source code and security patching on the code.
2. Run real time test and penetration testing with dynamic data
3. Instill confidence with the customers

Not so well

1. timeout on the app is annoying
2. UI is not so great
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Identification of software vulnerabilities.
  • Security vulnerabilities identified.
  • Third party license report.
  • Dynamic analysis identifies OS vulnerabilities.
  • Software composition report provides security motivation to upgrade third-party software.
  • Some representatives have, in the past, set up meetings to update us on the Veracode road map and to review our utilization. However, our current rep does not do this, so it feels like we are missing that personal touch.
Veracode Platform often identifies the same vulnerability over and over, even though that issue is mitigated. For example, we use typescript, which resolves to a very large javascript file. Since typescript combines multiple files into one monolithic file, the vulnerabilities can move line numbers by hundreds or more. This means that the same issue appears over and over and must be triaged and mitigated again.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Veracode is being used as an application security service across our organization. We rely upon Veracode as an authority in mitigation efforts. The platform and its scanning services help manage potential flaws found within the applications that we support and host. Developers interact with Veracode and the security team to help resolve any flaws that are discovered.
  • I have found the Software Composition Analysis area to be the best among the competing products for Application Security.
  • Veracode's support services are impeccable.
  • Their program management teams are professional, helpful, and friendly.
  • Although an improvement to what was there previously, the Analytics section using Looker, could still use some improvement. It does seem that what Veracode has deployed is a very limited version of Looker. While helpful and useful, there seems to be so much more that Looker does (such as dynamic querying), however, the version that Veracode employs doesn't seem to offer this.
  • More user control of administrative functions such as user adding/deleting. Veracode still uses a 'soft delete'/'hard delete' functionality. This can become cumbersome for self-user-administration when a deleted user has to be re-added. A support call is then necessary to have this done.
  • Their idle timeout process needs work. While using the Looker tool, you must save your work every few minutes, as their 'Shark-attack-like' idle timeout will sneak up on you and redirect you away in an instant causing you to lose any unsaved work.
Overall, Veracode is one of the best, if not the best, products for application security out in the market. It is a great platform for keeping track of flaws and being able to report on them. Their support services and program management services are excellent, as they hire really good persons to handle these areas. There is still room for improvement in their analytics area.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Veracode to perform static and dynamic analyses of applications to identify and remediate security flaws as early as possible in the application lifecycle.
  • Explanation of security flaws
  • Triaging and reporting
  • Adding developer mitigations and comments
  • Good integration with tooling
  • It could be easier to navigate and find what you're looking for
  • Can generate a lot of false positives, depending on policy
Well suited for complex applications in mainstream technologies and/or a requirement for frequent scanning. Less well suited to older or more specialized technologies.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Veracode as our Static Analysis Security Testing tool. As a security engineer I am administering Veracode and managing/ supporting our developers with using Veracode. It is our main application security code analysis tool and has been built into all of our processes, automation, and developer pipelines and reporting tools.
  • The tool seems to have been build for automation.
  • As a security engineer, I prefer the types of findings discovered through DAST or IAST since I can easily verify findings, but the SAST findings may be easier for the developers since it points to the area of code.
  • While it's hard to get developers to take advantage of the consultation calls, I like the fact we can get a highly technical person to walk us through any type of Veracode question.
  • The UI has gone through times of instability which can be a pain when things are broken.
  • Selecting the correct modules for large applications can be a headache as well as stressful since you need to get that portion right to get the types of results you need.
  • There is a bit of a learning curve to navigating Veracode so I see developers who don't use it often struggle to get to their scan results and handle them properly.
I think Veracode would fit into to most organizations application security programs, but if you already are lacking build automation and pipelines you won't be able to harness that portion which is where I see Veracode shining. Doing scans manually would work, but you would be missing out.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We employ Veracode's static and dynamic scanning offerings to scan our application code for vulnerabilities on a regular basis. We also use the software composition testing of third-party, open-source libraries as a check against our use of a second similar tool. These features, as well as others we employ external to Veracode, help to increase our application's security posture. We have also recently contracted for their manual APT offering.
  • Static scanning is quick and efficient
  • The scan reports are easy to read and informative
  • Interaction with both account management and support staff is great
  • The contracting process is easy
  • The platform's interface could be a little more intuitive
  • Sometimes we get a notification that our static license use has been exceeded but it has not
  • Sometimes the static scan reports many, many potential flaws but it turns out the tool has not been programmed to correctly recognize a particular use case
  • The configuration of dynamic scanning is a bit disjointed.
  • It may just be our application but the dynamic scanning process needs to be improved. Note that we have an open case with Veracode on this so we do expect a resolution.
Use of this platform allows us to better control vulnerabilities and demonstrate to clients that we take our security posture seriously. Of course this, though important, is only one aspect of ensuring our code is as secure as possible. The feature set of the tool is quite mature and serves our needs quite well for the most part.
Alexander Montgomery | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Veracode is used at Cox Automotive as a swiss army knife of products. It can be used for most languages and use cases for reasonably trustworthy static analysis, SCA analysis, and dynamic analysis for external products. This from a crawl, walk, run perspective gives teams the ability to meet them where they are and get security a foot in the door for our products.
  • Static Scans
  • SCA Analysis
  • API Documentation
  • API random failures
  • Customization
  • Automation speed
  • Support
  • Workflow and Process improvements for support
If you are a smaller company or run less than 500 apps with a very vertical ownership structure, Veracode can be a great tool. Its fairly consistent, fairly mature nature means that it's much less likely to break your existing integrations. Where they struggle is when you are a big enough org where you need to rely on automation and integration support. I have yet to have a single developer that didn't get off a project attempting to integrate with it that didn't look mentally defeated. Their language integrations are not maintained, forcing devs to the web interface, which doesn't always have what you need, meaning you might have to restart and go back to the XML interface rather than their rest interface because they never finished converting to the rest interface. Their API can docs can be at times out of date, but on the whole, are mostly fine. Interfacing with support will also be unavoidable because of limitations around soft deletes and admins have left my team unable to manage the account more times than I am sure support appreciates having to fix.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Veracode to perform a static scan of our application after we build it. As per the scan result, we upgrade the security and coding standards of our application. Until we meet the standards as per the Veracode scan, our application code will not be approved. By using Veracode we can learn many new things about software development and coding standards. We can use those in the near future to maintain industry standards.
  • We use Veracode to perform a static scan of our application after we build it. As per the scan result, we upgrade the security and coding standards of our application. Until we meet the standards as per the Veracode scan, our application code will not be approved.
  • By using Veracode we can learn many new things about software development and coding standards. We can use those in the near future to maintain industry standards.
  • More examples of how to solve the issue with some real-life examples would be better to figure out the issue.
  • The exact reason/line number would be great to find the actual code block which is causing the issue.
We use Veracode to perform a static scan of our application after we build it. As per the scan result, we upgrade the security and coding standards of our application. Until we meet the standards as per the Veracode scan, our application code will not be approved. By using Veracode we can learn many new things about software development and coding standards. We can use those in the near future to maintain industry standards.
Gajanan Telang | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Veracode is very useful for security remediation and it reviews the flaws line by line with proper module selections It is very responsive when you raise any consultation they will elaborate on the suggestions that can be implemented. you need to send proper detailed format information about flaw details and nature of the flaw to them if it is not remediating, after review they will suggest raising mitigation as per the category like mitigation by design, false positive
  • Flaw remediation
  • code quality
  • cleansing functions
  • remove false positive
  • Old sandbox results should be available at least for a quarter for comparison
  • already remediated flaws should not be reopened in any scenario
Veracode is a very good platform for security remediation tools. This is having less cost as compared to other User-friendly User interfaces and is easy to access. Easy to interact if you are having queries related to scanning results. Suggestions for security remediation are very understandable like the cleansing function Veracode helps to remediate flaws without breaking any functionality of the application (code reusability is more )
Score 9 out of 10
Vetted Review
Verified User
Incentivized
SAST and DAST-based tools are where Veracode's power lies. It has been incorporated into our DevOps Pipeline as part of our Continuous Integration and Continuous Delivery efforts. A left shift method helps to uncover the flaw in your code before it is actually implemented in production. The tool can do both static and dynamic analyses of the code in order to find errors and bad practices.
  • False positives will be reduced.
  • Helpful advice and guidance.
  • Prioritize safety at all times.
  • Scans are time-consuming.
  • Active scans require additional feedback.
  • To work, it must be compiled.
Veracode is ideally suited for environments where a large amount of code is being released by several agile teams. Code rework and problems in production can be greatly reduced by using this tool. It may also be utilized to incorporate some compliance-specific criteria, which can really serve as a tailgate to prevent the deployment of non-compliant code in production.
Return to navigation