Veracode Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
40 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.2 out of 100

Do you work for this company? Manage this listing

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-25 of 26)

Christopher Sawyer | TrustRadius Reviewer
August 01, 2020

Most well-rounded security tool

Score 8 out of 10
Vetted Review
Verified User
Review Source
We use it in the IT department to scan websites for security vulnerabilities. We aim to catch static and dynamic flaws before releasing code to production. We are incorporating it into our Agile development process with the goal to become more mature with that integration so that we can have an Advanced Application Security Program.
  • Scan as a service
  • Less false positives
  • Helpful support
  • Scans can take a long time.
  • Need more feedback for active scans.
  • Has to compile.
Veracode is the most well rounded security tool I have used to scan both dynamic and static code in my career. Scanning as a service means I don't have to setup my own infrastructure and application, or deal with upgrades. But it does mean you will be put in a queue with others.
Read Christopher Sawyer's full review
Nitin Reddy | TrustRadius Reviewer
July 31, 2020

Veracode Review

Score 10 out of 10
Vetted Review
Verified User
Review Source
Veracode is being used by the whole organization especially for the static code scan, DAST, and penetration testing.
  • Clear identification of possible vulnerabilities and clear direction or possible resolution guidance
  • Detailed report pinpointing the area of trouble
  • Good and prompt support over call to get clarification on the identified vulnerabilities
  • More documentation around different security scan services provided by Veracode would help the users to opt for more refined scans and gain more knowledge around the same.
Veracode is very useful for Internet-facing web applications as the risk of vulnerabilities keeps changing from time to time. On the other hand, Veracode also helps us with identifying vulnerabilities that surface and being up to date on all the latest developments in the area of website security.
Read Nitin Reddy's full review
Ying Shen | TrustRadius Reviewer
July 31, 2020

Safeguard for our online business application

Score 9 out of 10
Vetted Review
Verified User
Review Source
I am one of the developers of our Insight.partners.org application. This is an online application used by many hospitals and research institutes under the Partners umbrella. With the help of Veracode static and dynamic scan, we are able to identify potential security weaknesses and implement fixes before release.
  • Visual Studio integration
  • Support of CD/CI build with Veracode scan
  • Prompt response from Veracode support
  • Some static scans take a very long time, ie. 14 days in my case.
Veracode is a perfect fit for back end development with business logic implementation. (I don't recommend implementation, though.)

For straight UI with calls to the backend to retrieve data, it is not that essential to use Veracode scan. I see most times the score is pretty high, but it is still a security lock to make sure there are fewer security breaches.
Read Ying Shen's full review
Prajit Gandhi | TrustRadius Reviewer
July 22, 2020

Veracode Review

Score 9 out of 10
Vetted Review
Verified User
Review Source
As per my knowledge, Veracode is used across the organization for compliance and security validation of in-house apps. Now all compliance and security composition analysis is done by Veracode. Based on the report, we apply our fixes so that it will be vulnerability proof. To be honest, it is quite irritating that Veracode is always getting updated frequently. We cannot cope with the pace. But at the same time, it is good because it made us aware of vulnerabilities that may impact our BAU.

We have a nightly pipeline in Jenkins that will generate the report and send it across stakeholders. Also when we commit in Github, that triggers a build lifecycle. Now this build lifecycle also has a toggle to include Veracode scan in build lifecycle if we want to. The default toggle condition is on.
  • Frequent vulnerability update
  • Painless triage flaws feature
  • Provides vulnerability fix information as part of SCA
  • GreenLight plugin can be improved so that we can scan the whole project (max file limitation is 1 MB).
  • Project-specific false positive: We have one transitive dependency and we never used it in our application. Still it will show as SCA vulnerability, because we cannot mark it as false positive at project scope.
  • Organization-specific MBD: For example, we have a common jar that is used to provide cross-organization functionality and it has Veracode issues. But whenever we update this common jar version all MBD will reopen. This is not blocking us. But as per DRY it is a time waste.
Veracode is well suited for quick vulnerability checks & identifying the fix. No need to check other websites like we used to do before Veracode--a big time-saver when we do a production release.

It is less appropriate for a few projects with lower budgets. Due to that constraint, we cannot use Veracode for those projects.
Read Prajit Gandhi's full review
Rahul Chugh | TrustRadius Reviewer
July 21, 2020

Pushing security left in the SDLC saves you a lot of headaches.

Score 9 out of 10
Vetted Review
Verified User
Review Source
Resolve Systems is a platform that helps in automating across the entire IT ecosystem. It is a Java-based platform with multiple components involved and a user-facing interface to access the tool. Veracode is used across the whole organization to perform static scan in GitHub-based code repo and dynamic scans on a running deployed system. Veracode reports are helpful for Resolve in making the systems more secure and shared with the customers if they ask about the security of the product.

  • Static Scan and Identifying Vulnerabilities
  • Daily Scans with hooks provided in GitHub
  • Reporting for executives and detailed levels for engineers
  • Allowing to do multiple scans in case of fixes made
  • Providing details of the vulnerability and recommend solutions
  • Dynamic scans are not that good - Burp gives us better results.
  • Static scans look for words like "password" but skips "p_assword."
Veracode is well suited for Static Code scans for an organization that wants to push security to the left of the development cycle. It has given Resolve Engineers a good sense of security and its needs when it comes to engineering.

Veracode is less suitable for dynamic scans as I can see that it did not work much for the Resolve product.
Read Rahul Chugh's full review
RICARDO LIMA | TrustRadius Reviewer
July 21, 2020

Great solutions together in the same platform

Score 9 out of 10
Vetted Review
Review Source
It is used by the whole organization, not only development. It helps us fix vulnerabilities quicker, reinforce our security policies, and it even helps our decision making. It gives us indicators that help us to see our evolution in the maturity of our development teams. Veracode helps us guarantee that the solutions we develop for our clients are secure.
  • Output of indicators
  • Integrations
  • Easy to use and manage
  • Auditing
  • Integrations: they could be more customizable
  • Veracode License: this needs to be more transparent
  • Veracode DAST: needs to be more customizable. I want to be able to define the types of attacks that are going to occur.
Good scenarios: Veracode is very adaptable. We have multiple projects, and it helps us very well. Big projects or small projects, it's very good.

Bad Scenarios: For me, two scenarios didn't go so well. The first one is if you are using JIRA as your bugging tracker, the integration didn't work for me. The second is if you need to scan APIs endpoints, which Veracode currently doesn't.
Read RICARDO LIMA's full review
Shrikar Somayajula | TrustRadius Reviewer
July 21, 2020

Good security suite with not-so-good support model

Score 6 out of 10
Vetted Review
Verified User
Review Source
We use Veracode across our banking product Good Money across various functions. We use Veracode as part of our security best practices of shifting left.
  • Availability of wide variety of security measures
  • Detailed documentation
  • Poor support model
  • Account Managers are unable to render technical help
Veracode is suitable for companies that are both getting started and ramping up App Sec programs.
It is less suitable for programs that are not self-serve due to the fact that their support model is not world-class and requires repeated follow-up.
Read Shrikar Somayajula's full review
George Garza | TrustRadius Reviewer
June 19, 2020

Veracode's Software as a Service, the key to success

Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Veracode in four ways:

  1. As part of our software development process where we scan 35 applications with Static Application Security Testing and Software Composition Analysis to detect and resolve security exposures prior to General Availability releases. These scans are automated to run multiple times per week.
  2. At GA we deploy and run our hosted applications in security test environments while executing Dynamic Application Security Testing to ensure our systems remain secure.
  3. During operations in our hosted environments we engage manual Penetration Testing from Veracode to complement our security program.
  4. Finally we use Static Application Security Testing and Software Composition Analysis to evaluate customer requested modifications prior to delivery and deployment into production environments.
  • Software as a service is the primary strength which results in a highly supported program.
  • Very effective program management focused on quick ramp up and continuous improvement for sustained business value.
  • Highly effective technology which most would identify first. In our case it is assumed the technology provider is superior making the service and program management key differentiators.
  • The leadership team, who created a very effective approach to securing software, brings credibility to the table. They remain accessible and offer guidance and support to our executive team.
  • The only suggestion I have is for them to establish a Security Consulting arm where customers could engage them, as a paid service, for establishing overall security programs. With that said Veracode is very generous with their time even if not being paid.
Veracode is a well suited partner to provide guidance for implementing an effective application and environment securing technology program. The core focus is to identify, prevent and resolve problems created by customer organizations within their solutions. What I would like to see is a transition upstream (paid) consulting for organizing the entire development pipeline and process regardless of technologies used. We have had numerous sessions with the Veracode Executive/Management team to discuss strategies even outside the scope of their technology. These were not paid events and as a result we limit our requests to do so. If they were paid events we would probably request more.
Read George Garza's full review
Mohana Chintalapati | TrustRadius Reviewer
May 29, 2020

Veracode made my job easier

Score 9 out of 10
Vetted Review
Verified User
Review Source
It's used by the Information Security team to review the source code of all our products. Veracode helps us do quick checks before a release and the Software Composition Analysis module has made it very easy to identify and keep track of all the OSS components used in our products. The way Veracode flags the license violation issues as well has been extremely helpful.
  • Sophisticated UI
  • Integration into CI/CD pipelines
  • Informative reports
  • Cover more types of vulnerabilities
  • Simplify the process of marking and approving mitigations
Veracode will suit any organization that wants to integrate security into their build pipeline.
Read Mohana Chintalapati's full review
Antonio Kang | TrustRadius Reviewer
August 03, 2020

Veracode Review

Score 10 out of 10
Vetted Review
Verified User
Review Source
We used it for manual penetration testing on our web application. This resulted in a report stating how vulnerable/not vulnerable our web application is to hackers/exploiters.
  • Communicates with customer well
  • Performed the task well
  • Nothing I can think of
Veracode achieved what it set out to (manual pen testing) very well. For any questions we had, they were happy to provide us with the answers and they were very responsive.
Read Antonio Kang's full review
Rajarajeswari Muthuraj | TrustRadius Reviewer
July 31, 2020

Veracode Review

Score 10 out of 10
Vetted Review
Verified User
Review Source
We have banking, automotive, and Insurance clients primarily. I am using Veracode for an insurance company containing online premium payments and some banking transactions. Veracode is used by various projects across my organization. Veracode is used to decode all security vulnerabilities.
  • Veracode focuses on their core solutions which I have great respect for as it is why they succeed.
  • Easy to Start and Scale with Elastic Compute Power
  • Rapid Risk Reduction
  • The scanner in the area of Static Analysis under Non-Fix by (informational-low) Policy needs improvement. It keeps on changing the count.
  • CWE ID 404 is having up's and down's
  • The Veracode profile changes. It keeps on giving some additional count.
It suits for all applications where security is a concern, especially for banking, insurance, and online transactions.
Read Rajarajeswari Muthuraj's full review
Anonymous | TrustRadius Reviewer
August 06, 2020

My experience with Veracode

Score 5 out of 10
Vetted Review
Verified User
Review Source
Veracode was used to identify possible security issues using static code analysis.
  • It's a robust analysis that looks at all of the code submitted.
  • Veracode is current on the latest CVE issues.
  • The report is hard to work with and requires mouseovers to get at critical information.
  • Exporting the report leaves out critical information.
  • There were many false positives reported.
  • The UI for marking remediations is convoluted and difficult.
  • The process for uploading code is difficult and poorly documented.
It does a good job of searching the entire code against all known CVE issues. However, users may be better served by incorporating open source tools instead, to do static code analysis.
Read this authenticated review
Anonymous | TrustRadius Reviewer
August 04, 2020

DIR Veracode

Score 9 out of 10
Vetted Review
Verified User
Review Source
It is used by our developers. It addresses our Application development before being put into production and continuously while in production. It helps our developers with their code and 3rd party components that are used in the application. It also is used for the dynamic scanning of web-facing applications.
  • Points out where exactly the vulnerabilities are and what impact they have.
  • It provides CVE, which is good if you want to drill down further into why the issue is being cited and what the vulnerability really is.
  • It provides 3rd party components and replacements for those libraries.
  • Developers complain about various components of the 3rd party library not being used, but yet, they are called out in Veracode as being vulnerable. These components are bundled into the package but are not specifically used.
  • The email notifications need to be more explicit about which application and which particular vulnerability.
  • Each time a scan is submitted, force the user to change the name on the scan. My users do not change the scan description and the date that is displayed in the log is the scan description, which shows an old scan date and description.
I think the roles that it plays for our organization serve its purpose very well. Maybe they should couple their product with a better pen testing solution because that falls in line with the types of things Veracode already does.
Read this authenticated review
Anonymous | TrustRadius Reviewer
July 27, 2020

Meets our needs, but the UI experience is wanting

Score 6 out of 10
Vetted Review
Verified User
Review Source
Veracode is used by our organization in order to figure out known vulnerabilities in our infrastructure, and also for guidance with fixing them. We do that in order to protect our business from undesirable events like a data breach, data loss, etc.
  • Veracode's DAST (dynamic) and SAST (static) scans helped us to figure out existing vulnerabilities in our web apps. It also provided detailed information, and appropriate OWASP, CWE, etc. links to help our engineers remediate those vulnerabilities.
  • Veracode's scans can be configured to run automatically on a schedule. With DAST, every time a scan runs, it automatically recognizes earlier issues that have been fixed and adds any new issues to the flaw inventory it maintains for any app.
  • Veracode's Software Composition Analysis module identifies vulnerabilities in the dependencies that our apps use. It very conveniently lets us know whether we use the affected/vulnerable parts of any dependency.
  • Veracode's UI is highly non-intuitive and a pain to work with. It's not a SPA (single-page app), it doesn't look visually appealing (feels like it's from another era), and navigating around is hard.
  • Although with DAST/dynamic scans, the flaws that are reported in each successive scan get collected in a flaw inventory, where one can see which former issues were fixed, and which are pending a fix. This option is not available with SAST/scan issues for some reason.
  • When creating a SAST scan manually, the time taken to upload files and validate them (before the scan can be initiated) is very high, and cannot be explained away by relying on internet speed. Also, files are uploaded sequentially, not parallel. This means that it can take hours before the scan is initiated.
Although Veracode is good at identifying known flaws or vulnerabilities in software and providing guidance with remediating them, the experience of managing and assigning vulnerabilities can be significantly improved, along with the ease of using the user interface.

If you're using GitHub to host your repositories, it alerts you about the vulnerable dependencies in your app, and although the tool is not as robust as Veracode's SCA, it may meet your needs still.
Read this authenticated review
Anonymous | TrustRadius Reviewer
July 23, 2020

Conflicted Appreciation for Veracode

Score 7 out of 10
Vetted Review
Verified User
Review Source
Providing security insight and review on our software release process. We aim to both improve internal code review as well as maintain customer product satisfaction.
  • Customer support is very personable and easy to work with on inquires.
  • Thorough documentation on a topic
  • Professionalism
  • Documentation is too verbose, sometimes easy to get lost in, and requires a representative to translate.
I believe that if given the time Veracode can be very profitable to improve someone's software security if they are able to provide dedicated time to this role. For a small team like we have, this is very challenging and the amount of product knowledge required can be very overwhelming.
Read this authenticated review
Anonymous | TrustRadius Reviewer
July 21, 2020

Easy to use static code analysis tool

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Veracode to generate PCI compliance reports necessary for deploying our mobile app software to our users. Since we handle patient health information and also process payments, it is extremely vital for our company to secure our software and be sure that our users and their information are safe and secure.
  • Static code analysis and reporting.
  • Customer support during call sessions.
  • Handling static analysis of iOS apps with non-bit code enabled third-party dependencies.
  • More information for why a module cannot be scanned.
Veracode has worked very well for our company over the years, and when I joined, I found it simple to adapt to and utilize. I believe Veracode is best suited for scenarios where third-party libraries are being used in tandem with software that handles sensitive user data to be sure that no user information is exposed/exploited in the codebase.
Read this authenticated review
Anonymous | TrustRadius Reviewer
July 21, 2020

SAST and DAST

Score 9 out of 10
Vetted Review
Verified User
Review Source
Veracode static and dynamic scanning tools are leveraged to ensure our mobile apps and website are free of critical software security issues. We run scans prior to releases to the app stores. Issues found in vendor SDKs are communicated to the vendors as a security and risk transfer mechanism.
  • Integration flexibility
  • Flaw detection
  • RBAC
  • Not all info visible in a flaw is easy to export/identify.
  • Jira-Veracode integration is a bit cryptic at times.
  • Workflow problems aren't obvious.
Veracode supports a variety of programming languages, which is great. The team is open to feedback and wants to continuously improve the product.
Read this authenticated review
Anonymous | TrustRadius Reviewer
July 06, 2020

Impressive application security tool set!

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Veracode as part of our SDLC. We leverage the SAST, DAST, and e-learning for our entire DevOps team(s). This addresses keeping our platforms secure and aware of new vulnerabilities and how to resolve or mitigate our risks.
  • Great job with SAST
  • Easy integration into your pipeline
  • Robust training for new developers
  • Not as intuitive as some of the other providers
  • Occasionally slow to manage between the different features
  • Scanning can take longer than expected without much error handling to let the user know what's happening.
Veracode is well suited for software organizations that have a security practice and the team to implement. It is less appropriate for organizations that don't know their threat model, risks, and have never been PEN tested.
Read this authenticated review
Anonymous | TrustRadius Reviewer
June 05, 2020

Great product for risk management

Score 9 out of 10
Vetted Review
Verified User
Review Source
We engage independent vendors to conduct application and infrastructure-level vulnerability scanning and penetration testing on the SaaS platform. Veracode helps us managing risks in compliance with ISO 27001 requirements, as well as meeting clients' expectations. The reporting structure shows maturity in our Information Management System. The static scans help us identify potential problems before the release.
  • Reporting
  • Support
  • Flaw details
  • Policy Management
  • Compliance
  • Penetration test reporting could be more detailed
  • Automation was a bit confusing
  • More filters could be available under analytics
Veracode helps us comply with ISO requirements and provide clients with the information they need during annual vendor assessment. Results of vulnerability scans and risk assessments are available to users in well-structured reports that are easy to understand. Veracode is an important part of our assurance process and risk management practice.
Read this authenticated review
Anonymous | TrustRadius Reviewer
May 28, 2020

Veracode delivers great overall SCA value

Score 9 out of 10
Vetted Review
Verified User
Review Source
Veracode (& SourceClear) has been used for Static Code Analysis & Software Composition Analysis for some of our products.
  • Software Composition Analysis - found 3rd-party vulnerability issues quickly on each scan
  • Static Code Analysis - found specific security issues that detect hidden backdoors and malicious code
  • Static Code Analysis works very well for node.js scan.
  • Embedded C++ scan doesn't support ARM platform.
  • Enable automatic import for SourceClear found issues for each scan into JIRA (Cloud).
Veracode is best suited for node.js static code analysis & software composition analysis. It is less appropriate for ARM platform C++ SCA scan (not working).
Read this authenticated review
Anonymous | TrustRadius Reviewer
July 21, 2020

Beginning the journey of vulnerability scanning with Veracode

Score 6 out of 10
Vetted Review
Verified User
Review Source
It is used by our IT department to mitigate security vulnerabilities. We also use the pipeline scanner in our continuous deployment system to gate any potential security vulnerabilities introduced by new code.
  • Great documentation and examples
  • Availability of consultations for addressing any concerns after scans
  • They have a pipeline scanner, which fits nicely in our deployment strategy.
  • Using the console (UI) is a bit cumbersome.
  • No CLI
  • Cannot adjust timeout for automatic logout.
The pipeline scanner is a really good option (and underrepresented) for teams using continuous deployment. I wish things were more automatic. The fact that I have to create a zip file of all my reports and upload them is very time-consuming. It should have a more active way of scanning modules for vulnerabilities.
Read this authenticated review
Anonymous | TrustRadius Reviewer
May 28, 2020

Very powerful product, with some pains

Score 7 out of 10
Vetted Review
Verified User
Review Source
We use Veracode to scan (Dynamic and Static) during our development lifecycle, and we use Veracode Pentests Annually.
  • The tools are very granular.
  • The Vulnerability Libraries are very big.
  • It correlates the different types of scans well.
  • Very complicated pricing
  • Very high learning curve
  • Complicated user interface
Veracode can do almost everything. If you need a robust scanning tool, Veracode will do what you want (and more). You will just need to be prepared for a steep learning curve.
Read this authenticated review
Anonymous | TrustRadius Reviewer
September 16, 2019

Veracode Review

Score 5 out of 10
Vetted Review
Verified User
Review Source
Veracode provides multiple security analysis for various software products at my company. We use it to do static analysis, dynamic analysis, and software composition analysis. It is being used across the company to ensure all code projects have high quality, structured code, with a minimal amount of security flaws or vulnerabilities in the app stacks.
  • Static scanning.
  • Security flaws.
  • Code structure.
  • Bad UX.
  • Too slow.
  • Lacks good integrations.
I like a lot of other solution out there more, like Codacy. Veracode does well, but with limited UX, and it feels heavy and outdated. It is probably great for a lot of enterprise use-cases.
Read this authenticated review
Glenn Jones | TrustRadius Reviewer
February 28, 2018

Veracode, It's a great tool if you can afford it

Score 9 out of 10
Vetted Review
Verified User
Review Source
Mathematica Policy Research uses Veracode across many websites developed for our clients. We are currently working on setting it up to perform a static security scan when source code is checked into our source control repository. It is used by many of staff in the development departments of the company. It is the first step in the process of making certain we do not deploy applications that have security flaws written into them. We do not allow an application to be deployed if it does not pass the Veracode static scan.
  • Veracode works very well from within Visual Studio for .Net based websites.
  • The API, once figured out, is very useful for performing Continuous Integration/Continuous Deployment (CI/CD) portion of the DevSecOps process.
  • It currently supports most of the development environments that we use ar MPR such as .Net and NodeJS.
  • Some members at Mathematica Policy Research program Python-based websites. The Python Static Analysis has not yet come out in Veracode. We have been waiting for over one year for Python.
  • Speed is a problem with us and Veracode. It can take over two hours at times to get a very simple, single HTML page "website" scanned. This is becoming non-maintainable.
  • Documentation on the XML out files should be provided. I was able to process the XML files but I am sure there are parts that I either did not see or misinterpreted. I t would be nice if the XML was documented.
  • Cut the price or come up with multiple pricing models. We do a lot of small applications that only run for a few months. To make us pay a $7000.00 fee for each website is overly costly. Because of the price we cannot use Veracode on all of the applications we would like to use it on
If you need to perform static application security testing (SAST) and low price is not a problem, then Veracode is a good choice. The speed of the static analysis could also be increased. It is, however, one of the few tools available that can analyze the bytecode of a .Net web application and provide very good analysis of the application. The generated report is also quite good, even though it appears everyone wants a report based on PCI problems, even if your application does not deal with any financial information.
Read Glenn Jones's full review
Anonymous | TrustRadius Reviewer
November 18, 2016

Veracode - A step to securing your application

Score 9 out of 10
Vetted Review
Verified User
Review Source
My Veracode Experience was efficient. I used Veracode for an legacy application that was coded in c++. It had many functions used that did not meet up with the security standards.These functions used were not the secure versions released later by Microsoft and thus created threat to the application. Veracode scanned the code with great efficiency and provided us a report of:
1) How secure our application is by giving an initial score.
2) Which line has an issue that could compromise the security of the application.
3) The mitigation that can be used for a particular flaw occurring at a particular line.
4) The severity of the that flaw and what should be the priority to mitigate it.
5) A To-Be score to be achieved by our system so that it meets the security standards and our application becomes secure.
After scanning the code, and identifying the flaws, we segregated those flaws based on priority - High, Medium, Low and worked on the highest flaws at earliest.
  • Extremely efficient for large amount of code as it scans and saves time and resources.
  • Report given about security of the application is detailed and very easy to work on.
  • Secure application and ensures code is safe.
  • Available online - SaaS, could be a desktop application too.
Scenarios Veracode is suited is when working on legacy application developed over many years that can have functions that can pose a threat to security.
Read this authenticated review

About Veracode

Veracode supports software development by reducing the risk of security breach through comprehensive analysis, developer enablement, and governance tools. Unlike on-premises solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a combination of SaaS technology and on-demand expertise to enable DevSecOps. By integrating with the pipeline, enabling developers to fix security defects, and scaling programs through best practices, Veracode aims to help companies identify and address security flaws more quickly. Veracode is designed to cover all AppSec needs in one solution through a combination of five analysis types available for 24 programming languages, 77 frameworks, and application types as varied as microservices, mainframe, and mobile apps.

The vendor states that Veracode serves more than 2,500 customers worldwide across a wide range of industries, and that the Veracode Platform has assessed more than 14 trillion lines of code and helped companies fix more than 46 million security flaws.


Veracode Videos (4)

Veracode Downloadables

Veracode Competitors

Micro Focus Fortify on Demand, SonarQube, Checkmarx, Synopsys Coverity Static Application Security Testing (SAST), WhiteHat, HCL AppScan (formerly from IBM)

Veracode Support Options

 Free Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Video Tutorials / Webinar

Veracode Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No