Overview
What is Veracode?
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Elevating Security Through Automation and Integration
Vericode Use for Companies ERP Product offerings
Outstanding platform for tracking software development lifecycle
A normal review of Veracode
Veracode For your Code
Excellent Code Security Scanning Cloud Service
Veracode makes your life easy and safe.
Veracode the proven medium fur security and security awareness.
Veracode - Save software and superb support!
Software engineer's take on the product after using it for a few weeks
Veracode to the Rescue!
Veracode helps to improve the security in applications
Heathy, bug-free Code brought to you in association with Veracode
Catch Vulnerabilities before Hackers Do
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Reviewer Pros & Cons
Video Reviews
1 video
Pricing
What is Veracode?
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Would you like us to let the vendor know that you want pricing?
801 people also want pricing
Alternatives Pricing
What is SonarQube?
SonarQube, a core component of the Sonar solution, is an open source, self-managed tool that systematically helps developers and organizations deliver Clean Code.
What is Indusface WAS?
Indusface Web Application Scanner provides an application security audit to detect a range of high-risk Vulnerabilities, Malware, and Critical CVEs.
Product Details
- About
- Integrations
- Competitors
- Tech Details
- Downloadables
- FAQs
What is Veracode?
Veracode Features
- Supported: Continuous Scanning to reduce risks at every phase of development - Veracode Static Analysis, Dynamic Analysis, Software Composition Analysis, and Manual Penetration Test throughout SDLC.
- Supported: Developer Experience - Finds and fixes laws in line with security integration into where developers work, automated remediation guidance, and in-context learning.
- Supported: Comprehensive Platform Experience - Streamlined governance, risk and compliance processes through flexible policy management, unified reporting and analytics, and peer benchmarking to mitigate risks fast and deliver a successful DevSecOpsprogram.
- Supported: Market Expansion - To meet data residency needs in EU with cloud-native instance built in Frankfurt, Germany on AWS.
- Supported: Contextual Platform Data - Fine-tuned with nearly 2 decades of scanning and customer learning. Predicts future vulnerabilities with self-healing capabilities through applying machine learning and artificial intelligence to the data.
- Supported: Cloud-native SaaS Architecture - Provides elastic scalability, high performance, and lower costs with cloud-native SaaS architecture.
Veracode Screenshots
Veracode Videos
Watch The Veracode Platform
Veracode Integrations
Veracode Competitors
Veracode Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | North America, EMEA, APAC, LATAM |
Supported Languages | Java, .NET, PHP, Android, iOS, JavaScript, Python |
Veracode Downloadables
Frequently Asked Questions
Veracode Customer Size Distribution
Consumers | 0% |
---|---|
Small Businesses (1-50 employees) | 65% |
Mid-Size Companies (51-500 employees) | 18% |
Enterprises (more than 500 employees) | 17% |
Comparisons
Compare with
Reviews and Ratings
(186)Attribute Ratings
Reviews
(1-25 of 122)Veracode Security far ahead of competitors
- IDE Integration
- SCA
- SAST
- Plug-in pipeline
- CI/CD
- Pull requests
Elevating Security Through Automation and Integration
In all, Veracode is a critical tool that helps us remain compliant with our various annual third-party audits.
- Automation
- Software Composition Analysis
- Integrations
- More insight into errors that may be causing an issue when configuring an integration, e.g. Veracode's Jira integration.
- Static Analysis can sometime get 'stuck' when using the Jenkins integration. Days, sometimes weeks can go by before we notice. Have to delete the 'stuck' scan and re-upload.
- Manual Pen Test account management/reminders. I would expect the vendor to reach out and schedule the pen test annually, maybe send a notification/reminder when the date starts getting close, things like that. From my experience it was on me to initiate our MPT.
Vericode Use for Companies ERP Product offerings
- Automated scanning of software libraries for vulnerabilities
- Management of multiple application, statuses and helps on security remediation
- Vericode Verified program to leverage the security investment as competitive advantage
- The time it takes to scan large projects makes it difficult to fit into our CI/CD/pipeline
- One of our app scans times out after 2 hours and we have to upload it and scan manually but there is no visibility the CI system has as to vulnerabilities found
- Integration with older development languages to scan. We have old 4GL based application that is not compatible with the tools
- Monitoring software development infrastructure.
- Prevention of security threats.
- Provision of intelligent security information.
- The features are awesome.
- I have familiarized with al the set features.
- The overall performance is good.
A normal review of Veracode
- Very good customer support
- Visual Studio Add Ons
- Quick responses to questions
- Microsoft ADO pipeline support for other scan features
- Reports that can be generated outside of the website
- Summary of multiple reports at the user level and not administrative level
Veracode For your Code
- Realtime resolution
- Consultation calls
- Detailed report
- Using sourceclr
- for DAST scan
- Linking SCA with SAST should be more clear
Excellent Code Security Scanning Cloud Service
- Static scans
- User Interface
- Results of scans with detailed descriptions of what the issue is and how to potentially fix it
- The time to complete a static scan
Veracode makes your life easy and safe.
- SAST Scan
- SCA
- DAST
- Flagging false positive.
- Linking of SCA and SAST Scan.
- Needed to see an aggregated score for all the modules in an application.
Veracode the proven medium fur security and security awareness.
- To uncover vulnerabilities.
- To get a security awareness in the company.
- to secure our applications as much as possible.
- Good held and explanations for vulnerabilities.
- Good tele consulting in a short time.
- Concrete example implementations for best practices for the flaws and for different programming languages.
Veracode - Save software and superb support!
- Customer Service.
- Easy Usability.
- Well Documentation.
- Details on Documentation.
- Customer Communication for Appointments.
- Double checking the security of our code
- Integrating into our CI/CD process to help us catch and resolve new flaws
- Helping us maintain our compliance
- The documentation could really use some work
- I am skeptical of the thoroughness of the scans on newer languages and frameworks
- The scan takes too long
- The IDE tools leave much to be desired
- Too many false positives
The manual penetration test is very useful to have in addition to the flaw identification algorithm.
Due to the lengthy amount of time it takes to scan, it's not useful for testing every commit.
The Visual Studio extension to not make it easy for developers in day-to-day programming
Veracode to the Rescue!
- Customer support that won't permit any failures anywhere along the line.
- Regular updates to the platform that supports rapid changes in technology and development practices
- Sets the standard for how AppSec scanners should work
- Sometimes finding the right person to help takes a little time
- Pricing of SAST/SCA scans may scare off some potential customers until they understand that it's worth it.
Veracode helps to improve the security in applications
- SAST analysis in the pipeline it's very quick and helps to identify flaws
- Third party libraries analysis it's effective to review vulnerabilities and recommend a secure version
- Integration in the pipeline with various DevSecops Tools/Platforms
- More coverage in the languages/frameworks
- The crawl script for SAST analysis could be improved to support more functions
- More coverage for different versions of the IDEs
Heathy, bug-free Code brought to you in association with Veracode
- Reporting vulnerabilties
- Static Analysis of code
- Scan all dependencies
- UI experience could be smoother
- Navigation could be better
- Response time could be optimized
Catch Vulnerabilities before Hackers Do
- Pointing out use of 3rd-paty software versions that are out-of-date
- Providing an easy way to triage flaws -- tying together the flaw, source code, and an explanation in one easy-to-use path
- Providing an easy-to-use plug-in for Visual Studio allowing on-the-fly validation of code without having to complete a full scan
- It would be nice if we could more easily customize post-scan reports. The reports are fairly lengthy and not everyone on the team needs all of the details.
- It's not always obvious as to what features are available. For example, for years I had no idea one could promote a sandbox scan to a policy scan without having to resubmit it.
One Stop Security Solution for your apps
- Identify security loopholes
- Gives us detailed issue reports
- provide a sense of confidence for the developers. We plugged some critical ones with this
- provide summary reports that we can share with clients as well
- Dynamic Analysis sometimes took a lot of time to run
- The user interface especially accessing reporting was difficult to find
- Provide direct integration with DevOps pipelines in the future if possible to run the static analysis for commits if required
1. Review your source code and security patching on the code.
2. Run real time test and penetration testing with dynamic data
3. Instill confidence with the customers
Not so well
1. timeout on the app is annoying
2. UI is not so great
Veracode, our most trusted security partner.
- Security vulnerabilities identified.
- Third party license report.
- Dynamic analysis identifies OS vulnerabilities.
- Software composition report provides security motivation to upgrade third-party software.
- Some representatives have, in the past, set up meetings to update us on the Veracode road map and to review our utilization. However, our current rep does not do this, so it feels like we are missing that personal touch.
Veracode Stands Tall Among the Leading Application Security Platforms
- I have found the Software Composition Analysis area to be the best among the competing products for Application Security.
- Veracode's support services are impeccable.
- Their program management teams are professional, helpful, and friendly.
- Although an improvement to what was there previously, the Analytics section using Looker, could still use some improvement. It does seem that what Veracode has deployed is a very limited version of Looker. While helpful and useful, there seems to be so much more that Looker does (such as dynamic querying), however, the version that Veracode employs doesn't seem to offer this.
- More user control of administrative functions such as user adding/deleting. Veracode still uses a 'soft delete'/'hard delete' functionality. This can become cumbersome for self-user-administration when a deleted user has to be re-added. A support call is then necessary to have this done.
- Their idle timeout process needs work. While using the Looker tool, you must save your work every few minutes, as their 'Shark-attack-like' idle timeout will sneak up on you and redirect you away in an instant causing you to lose any unsaved work.
Good product, lives up to expectations
- Explanation of security flaws
- Triaging and reporting
- Adding developer mitigations and comments
- Good integration with tooling
- It could be easier to navigate and find what you're looking for
- Can generate a lot of false positives, depending on policy
Veracode Review from Security Engineer Perspective
- The tool seems to have been build for automation.
- As a security engineer, I prefer the types of findings discovered through DAST or IAST since I can easily verify findings, but the SAST findings may be easier for the developers since it points to the area of code.
- While it's hard to get developers to take advantage of the consultation calls, I like the fact we can get a highly technical person to walk us through any type of Veracode question.
- The UI has gone through times of instability which can be a pain when things are broken.
- Selecting the correct modules for large applications can be a headache as well as stressful since you need to get that portion right to get the types of results you need.
- There is a bit of a learning curve to navigating Veracode so I see developers who don't use it often struggle to get to their scan results and handle them properly.
Veracode Meets Our Needs
- Static scanning is quick and efficient
- The scan reports are easy to read and informative
- Interaction with both account management and support staff is great
- The contracting process is easy
- The platform's interface could be a little more intuitive
- Sometimes we get a notification that our static license use has been exceeded but it has not
- Sometimes the static scan reports many, many potential flaws but it turns out the tool has not been programmed to correctly recognize a particular use case
- The configuration of dynamic scanning is a bit disjointed.
- It may just be our application but the dynamic scanning process needs to be improved. Note that we have an open case with Veracode on this so we do expect a resolution.
A solid offering for the right company
- Static Scans
- SCA Analysis
- API Documentation
- API random failures
- Customization
- Automation speed
- Support
- Workflow and Process improvements for support
Quick review after using Veracode for 1 month
- We use Veracode to perform a static scan of our application after we build it. As per the scan result, we upgrade the security and coding standards of our application. Until we meet the standards as per the Veracode scan, our application code will not be approved.
- By using Veracode we can learn many new things about software development and coding standards. We can use those in the near future to maintain industry standards.
- More examples of how to solve the issue with some real-life examples would be better to figure out the issue.
- The exact reason/line number would be great to find the actual code block which is causing the issue.
- Flaw remediation
- code quality
- cleansing functions
- remove false positive
- Old sandbox results should be available at least for a quarter for comparison
- already remediated flaws should not be reopened in any scenario
- False positives will be reduced.
- Helpful advice and guidance.
- Prioritize safety at all times.
- Scans are time-consuming.
- Active scans require additional feedback.
- To work, it must be compiled.