Filter Ratings and Reviews
Filter 7 vetted Veracode reviews and ratings
Reviews (1-4 of 4)
September 16, 2019
Veracode Review
Veracode provides multiple security analysis for various software products at my company. We use it to do static analysis, dynamic analysis, and software composition analysis. It is being used across the company to ensure all code projects have high quality, structured code, with a minimal amount of security flaws or vulnerabilities in the app stacks.
- Static scanning.
- Security flaws.
- Code structure.
- Bad UX.
- Too slow.
- Lacks good integrations.
February 28, 2018
Veracode, It's a great tool if you can afford it
Mathematica Policy Research uses Veracode across many websites developed for our clients. We are currently working on setting it up to perform a static security scan when source code is checked into our source control repository. It is used by many of staff in the development departments of the company. It is the first step in the process of making certain we do not deploy applications that have security flaws written into them. We do not allow an application to be deployed if it does not pass the Veracode static scan.
- Veracode works very well from within Visual Studio for .Net based websites.
- The API, once figured out, is very useful for performing Continuous Integration/Continuous Deployment (CI/CD) portion of the DevSecOps process.
- It currently supports most of the development environments that we use ar MPR such as .Net and NodeJS.
- Some members at Mathematica Policy Research program Python-based websites. The Python Static Analysis has not yet come out in Veracode. We have been waiting for over one year for Python.
- Speed is a problem with us and Veracode. It can take over two hours at times to get a very simple, single HTML page "website" scanned. This is becoming non-maintainable.
- Documentation on the XML out files should be provided. I was able to process the XML files but I am sure there are parts that I either did not see or misinterpreted. I t would be nice if the XML was documented.
- Cut the price or come up with multiple pricing models. We do a lot of small applications that only run for a few months. To make us pay a $7000.00 fee for each website is overly costly. Because of the price we cannot use Veracode on all of the applications we would like to use it on
November 18, 2016
Veracode - A step to securing your application
My Veracode Experience was efficient. I used Veracode for an legacy application that was coded in c++. It had many functions used that did not meet up with the security standards.These functions used were not the secure versions released later by Microsoft and thus created threat to the application. Veracode scanned the code with great efficiency and provided us a report of:
1) How secure our application is by giving an initial score.
2) Which line has an issue that could compromise the security of the application.
3) The mitigation that can be used for a particular flaw occurring at a particular line.
4) The severity of the that flaw and what should be the priority to mitigate it.
5) A To-Be score to be achieved by our system so that it meets the security standards and our application becomes secure.
After scanning the code, and identifying the flaws, we segregated those flaws based on priority - High, Medium, Low and worked on the highest flaws at earliest.
1) How secure our application is by giving an initial score.
2) Which line has an issue that could compromise the security of the application.
3) The mitigation that can be used for a particular flaw occurring at a particular line.
4) The severity of the that flaw and what should be the priority to mitigate it.
5) A To-Be score to be achieved by our system so that it meets the security standards and our application becomes secure.
After scanning the code, and identifying the flaws, we segregated those flaws based on priority - High, Medium, Low and worked on the highest flaws at earliest.
- Extremely efficient for large amount of code as it scans and saves time and resources.
- Report given about security of the application is detailed and very easy to work on.
- Secure application and ensures code is safe.
- Available online - SaaS, could be a desktop application too.
December 14, 2016
Veracode review
Veracode is used by our whole organization to test the security of our software. We upload the source code to Veracode at least once every six months and get a report back identifying security flaws, if any, along with recommendations to fix them.
- It works great for managed code identifying the security flaws in your code and recommendations to fix them. The report lists not only the source files containing the problem, but also pinpoints the line numbers in the file where the problem is. So, it's easy to quickly fix the problem.
- It was scanning our asp.net code just fine, but couldn't scan our Classic ASP and SQL files. At least, we couldn't get it to scan our Classic ASP and SQL code when we tried. Perhaps that's an area for improvement.
- We also ran in to some performance issues getting the scanned report back in time. We had to overcome that by reducing the size of our upload.
Veracode Scorecard Summary
About Veracode
Veracode offers application security and testing software. The company was acquired by CA Technologies in 2017 but sold again by Broadcom after Broadcom acquired CA Technologies.
Categories: Software Composition Analysis, Application Security
Veracode Technical Details
| Operating Systems: | Unspecified |
|---|---|
| Mobile Application: | No |