TrustRadius
Veracode offers application security and testing software. The company was acquired by CA Technologies in 2017 but sold again by Broadcom after Broadcom acquired CA Technologies.https://media.trustradius.com/product-logos/Zz/fJ/O8D176TKZ82L.pngVeracode, It's a great tool if you can afford itMathematica Policy Research uses Veracode across many websites developed for our clients. We are currently working on setting it up to perform a static security scan when source code is checked into our source control repository. It is used by many of staff in the development departments of the company. It is the first step in the process of making certain we do not deploy applications that have security flaws written into them. We do not allow an application to be deployed if it does not pass the Veracode static scan.,Veracode works very well from within Visual Studio for .Net based websites. The API, once figured out, is very useful for performing Continuous Integration/Continuous Deployment (CI/CD) portion of the DevSecOps process. It currently supports most of the development environments that we use ar MPR such as .Net and NodeJS.,Some members at Mathematica Policy Research program Python-based websites. The Python Static Analysis has not yet come out in Veracode. We have been waiting for over one year for Python. Speed is a problem with us and Veracode. It can take over two hours at times to get a very simple, single HTML page "website" scanned. This is becoming non-maintainable. Documentation on the XML out files should be provided. I was able to process the XML files but I am sure there are parts that I either did not see or misinterpreted. I t would be nice if the XML was documented. Cut the price or come up with multiple pricing models. We do a lot of small applications that only run for a few months. To make us pay a $7000.00 fee for each website is overly costly. Because of the price we cannot use Veracode on all of the applications we would like to use it on,9,As I already stated, the cost per application is very high which makes the use of Veracode too expensive for many of out applications. The analysis report is accepted by our clients as a proper SSAT report. Most of out competition does not perform any type of SSAT on the applications they create. This is something we offer and be the only one out there doing this type of testing.,,Burp Suite, Netsparker, Microsoft Visual Studio Team System, Visual Studio IDEVeracode - A step to securing your applicationMy Veracode Experience was efficient. I used Veracode for an legacy application that was coded in c++. It had many functions used that did not meet up with the security standards.These functions used were not the secure versions released later by Microsoft and thus created threat to the application. Veracode scanned the code with great efficiency and provided us a report of: 1) How secure our application is by giving an initial score. 2) Which line has an issue that could compromise the security of the application. 3) The mitigation that can be used for a particular flaw occurring at a particular line. 4) The severity of the that flaw and what should be the priority to mitigate it. 5) A To-Be score to be achieved by our system so that it meets the security standards and our application becomes secure. After scanning the code, and identifying the flaws, we segregated those flaws based on priority - High, Medium, Low and worked on the highest flaws at earliest.,Extremely efficient for large amount of code as it scans and saves time and resources. Report given about security of the application is detailed and very easy to work on. Secure application and ensures code is safe.,Available online - SaaS, could be a desktop application too.,9,I was an employee working on Veracode. As a software developer I am not aware of the impact on business.,,Tableau DesktopVeracode reviewVeracode is used by our whole organization to test the security of our software. We upload the source code to Veracode at least once every six months and get a report back identifying security flaws, if any, along with recommendations to fix them.,It works great for managed code identifying the security flaws in your code and recommendations to fix them. The report lists not only the source files containing the problem, but also pinpoints the line numbers in the file where the problem is. So, it's easy to quickly fix the problem.,It was scanning our asp.net code just fine, but couldn't scan our Classic ASP and SQL files. At least, we couldn't get it to scan our Classic ASP and SQL code when we tried. Perhaps that's an area for improvement. We also ran in to some performance issues getting the scanned report back in time. We had to overcome that by reducing the size of our upload.,8
  3. Veracode Reviews
Unspecified
Veracode
6 Ratings
Score 8.2 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

Veracode Reviews

Veracode
6 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.2 out of 101

Do you work for this company? Manage this listing

Show Filters 
Hide Filters 
Filter 6 vetted Veracode reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Show All Filters
More Filters 
Less Filters 

Reviews (1-3 of 3)

Do you use this product? Write a Review
Glenn Jones profile photo
February 28, 2018

Veracode, It's a great tool if you can afford it

Glenn Jones
Score 9 out of 10
Vetted Review
Verified User
Review Source
Mathematica Policy Research uses Veracode across many websites developed for our clients. We are currently working on setting it up to perform a static security scan when source code is checked into our source control repository. It is used by many of staff in the development departments of the company. It is the first step in the process of making certain we do not deploy applications that have security flaws written into them. We do not allow an application to be deployed if it does not pass the Veracode static scan.
  • Veracode works very well from within Visual Studio for .Net based websites.
  • The API, once figured out, is very useful for performing Continuous Integration/Continuous Deployment (CI/CD) portion of the DevSecOps process.
  • It currently supports most of the development environments that we use ar MPR such as .Net and NodeJS.
  • Some members at Mathematica Policy Research program Python-based websites. The Python Static Analysis has not yet come out in Veracode. We have been waiting for over one year for Python.
  • Speed is a problem with us and Veracode. It can take over two hours at times to get a very simple, single HTML page "website" scanned. This is becoming non-maintainable.
  • Documentation on the XML out files should be provided. I was able to process the XML files but I am sure there are parts that I either did not see or misinterpreted. I t would be nice if the XML was documented.
  • Cut the price or come up with multiple pricing models. We do a lot of small applications that only run for a few months. To make us pay a $7000.00 fee for each website is overly costly. Because of the price we cannot use Veracode on all of the applications we would like to use it on
If you need to perform static application security testing (SAST) and low price is not a problem, then Veracode is a good choice. The speed of the static analysis could also be increased. It is, however, one of the few tools available that can analyze the bytecode of a .Net web application and provide very good analysis of the application. The generated report is also quite good, even though it appears everyone wants a report based on PCI problems, even if your application does not deal with any financial information.
Read Glenn Jones's full review
No photo available
November 18, 2016

Veracode - A step to securing your application

Verified User
Score 9 out of 10
Vetted Review
Verified User
Review Source
My Veracode Experience was efficient. I used Veracode for an legacy application that was coded in c++. It had many functions used that did not meet up with the security standards.These functions used were not the secure versions released later by Microsoft and thus created threat to the application. Veracode scanned the code with great efficiency and provided us a report of:
1) How secure our application is by giving an initial score.
2) Which line has an issue that could compromise the security of the application.
3) The mitigation that can be used for a particular flaw occurring at a particular line.
4) The severity of the that flaw and what should be the priority to mitigate it.
5) A To-Be score to be achieved by our system so that it meets the security standards and our application becomes secure.
After scanning the code, and identifying the flaws, we segregated those flaws based on priority - High, Medium, Low and worked on the highest flaws at earliest.
  • Extremely efficient for large amount of code as it scans and saves time and resources.
  • Report given about security of the application is detailed and very easy to work on.
  • Secure application and ensures code is safe.
  • Available online - SaaS, could be a desktop application too.
Scenarios Veracode is suited is when working on legacy application developed over many years that can have functions that can pose a threat to security.
Read this authenticated review
No photo available
December 14, 2016

Veracode review

Verified User
Score 8 out of 10
Vetted Review
Verified User
Review Source
Veracode is used by our whole organization to test the security of our software. We upload the source code to Veracode at least once every six months and get a report back identifying security flaws, if any, along with recommendations to fix them.
  • It works great for managed code identifying the security flaws in your code and recommendations to fix them. The report lists not only the source files containing the problem, but also pinpoints the line numbers in the file where the problem is. So, it's easy to quickly fix the problem.
  • It was scanning our asp.net code just fine, but couldn't scan our Classic ASP and SQL files. At least, we couldn't get it to scan our Classic ASP and SQL code when we tried. Perhaps that's an area for improvement.
  • We also ran in to some performance issues getting the scanned report back in time. We had to overcome that by reducing the size of our upload.
It works great for .Net, but, not so well forSQLl and Classic ASP.
Read this authenticated review

Veracode Scorecard Summary

Likelihood to Recommend (6)
8.2

About Veracode

Veracode offers application security and testing software. The company was acquired by CA Technologies in 2017 but sold again by Broadcom after Broadcom acquired CA Technologies.
Categories:  Software Composition Analysis,  Application Security

Veracode Technical Details

Operating Systems: Unspecified
Mobile Application:No