Veracode, a great security tool for everyone
To be SoC2 and ISO compliant and also to protect our SaaS, we are using this tool to scan every component that we build for SA and SCA.
we …
we …
Overview
What is Veracode?
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Reviewer Pros & Cons
- Veracode continues to update their platforms, their capabilities, and their research often; the promise of continuous improvement from all facets prov...
- We would also like to see Veracode continue to improve their dynamic scan offerings; with the recent addition of DAST Essentials we feel this improvem...
Video Reviews
1 video
Veracode Review: Provides Helpful Support When Troubleshooting Security Needs
02:38
Pricing
N/A
Unavailable
What is Veracode?
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
941 people also want pricing
Alternatives Pricing
What is SonarQube?
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.
What is Indusface WAS?
Indusface Web Application Scanner provides an application security audit to detect a range of high-risk Vulnerabilities, Malware, and Critical CVEs.
Product Details
- About
- Integrations
- Competitors
- Tech Details
- Downloadables
- FAQs
What is Veracode?
The Veracode platform is a software security solution that aims to be pervasive but not invasive, embedded into the environments that developers work in, with recommended fix and in-context learning. Security teams can use Veracode to manage policy, gain a comprehensive view of an organization's security posture though analytics and reporting, mitigate risks, and produce the evidence necessary to meet regulatory requirements.
It is presented as an always-on, continuous orchestration of secure development that gives organizations the confidence that the software being built is secure and meets compliance requirements.
Veracode Features
- Supported: Continuous Scanning to reduce risks at every phase of development - Veracode Static Analysis, Dynamic Analysis, Software Composition Analysis, and Manual Penetration Test throughout SDLC.
- Supported: Developer Experience - Finds and fixes laws in line with security integration into where developers work, automated remediation guidance, and in-context learning.
- Supported: Comprehensive Platform Experience - Streamlined governance, risk and compliance processes through flexible policy management, unified reporting and analytics, and peer benchmarking to mitigate risks fast and deliver a successful DevSecOpsprogram.
- Supported: Market Expansion - To meet data residency needs in EU with cloud-native instance built in Frankfurt, Germany on AWS.
- Supported: Contextual Platform Data - Fine-tuned with nearly 2 decades of scanning and customer learning. Predicts future vulnerabilities with self-healing capabilities through applying machine learning and artificial intelligence to the data.
- Supported: Cloud-native SaaS Architecture - Provides elastic scalability, high performance, and lower costs with cloud-native SaaS architecture.
Veracode Screenshots
Veracode Videos
Veracode Static Analysis Demo
Veracode Software Composition Analysis Demo
Veracode Dynamic Analysis Demo
Watch The Veracode Platform
Veracode Integrations
Veracode Competitors
Veracode Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | North America, EMEA, APAC, LATAM |
| Supported Languages | Java, .NET, PHP, Android, iOS, JavaScript, Python |
Veracode Downloadables
Frequently Asked Questions
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Reviewers rate Support Rating highest, with a score of 8.
The most common users of Veracode are from Enterprises (1,001+ employees).
Veracode Customer Size Distribution
| Consumers | 0% |
|---|---|
| Small Businesses (1-50 employees) | 18% |
| Mid-Size Companies (51-500 employees) | 65% |
| Enterprises (more than 500 employees) | 17% |
Comparisons
Compare with
Reviews and Ratings
(197)Attribute Ratings
Reviews
(1-25 of 127)Companies can't remove reviews or game the system. Here's why
March 18, 2024
Veracode, a great security tool for everyone
- Integrates with any CI CD tool like Jenkins
- Shows result in a simple way using dashboards
- allows mitigations in a clear manner
- Scans fail if another scan is already in progress using the Java CLI
- Module selection is slow to load when it comes to big applications
- Module selection is sometimes not clear on what is scannable and what is not and why
- remediation actions for SCA issue. you can recommend on how to fix it in a clear way and not forcing the user to click many times to understand it.
March 15, 2024
Great In-Depth Analysis of In-House Applications
- Veracode's static code analysis platform provides in-depth information as well as very useful suggestions regarding mitigation for flaws it discovers. This is very helpful in assisting developers towards a speedy and complete mitigation.
- Veracode does well to keep connected with their customers, ensuring the success of their customers on their platform is evidently one of their goals which they hold highly. This responsiveness continues into their technical support which is both helpful and fast to respond.
- Veracode continues to update their platforms, their capabilities, and their research often; the promise of continuous improvement from all facets provides value to us as an organization.
- We would like to see Veracode continue to improve the integrations available, particularly with respect to .NET IDEs. Part of our development team uses JetBrains' Rider which is, as of this time, unsupported for static integration.
- We would also like to see Veracode continue to improve their dynamic scan offerings; with the recent addition of DAST Essentials we feel this improvement may come sooner than later.
- PDF & web reports are very well laid out.
- Custom dashboards are very flexible/powerful.
- Flaw remediation suggestions are specific and helpful for most flaws & languages.
- Documentation is clear and detailed.
- Veracode support is excellent.
- Scan times can be long
- Atlassian / Bamboo CICD integration isn't the best
- No alerting functionality when new flaws are found
- No auto rescan functionality
- The web interface is slow
March 06, 2024
Veracode User Experience
- Good integration with Jenkins and Visual Studio.
- Parsing the code well.
- It has good dashboard.
- SCA graphs for transitive dependencies are very useful in identifying the vulnerabilities.
- The main problem is slow speed of the scan - it took 11 weeks in one instance.
- The problem was ongoing for number of months and eventually they managed to slash the running time to one day. However, since than the running time usually takes 2-3 days as the scan always stop during the run.
- While SCA for Java works very well, there are number of issues on the C++ side. It can not recognize the libraries build by default from source code third-party vendors
March 03, 2024
Best in Security
- SCA
- SAST
- Secure Code Training
- Add more labs in Secure Code Labs.
- Supporting perl would be great.
- Better to have standard deployment for all packages in upload and scan.
March 01, 2024
Sleep Soundly - Use Veracode
- Thorough static scans
- Quick but deep dynamic scans
- Detailed reports
- Excellent consultants
- Initial user training could be better; it's very confusing at first.
- More online help
- The UI can be confusing if you have a lot of different products.
February 27, 2024
Veracode SAST review
- Low false positive rate by taking into account context and input sanitization
- List and details of mitigation proposals
- Clear reports and the ability to create your own dashboards
- Some popular dependency managers are not currently supported (e.g. conan, pnpm)
- Analysis of compiled languages requires specific preparation before compilation
February 27, 2024
Veracode to the Rescue!
Score 10 out of 10
Vetted Review
Verified User
- Customer support that won't permit any failures anywhere along the line.
- Regular updates to the platform that supports rapid changes in technology and development practices
- Sets the standard for how AppSec scanners should work
- Sometimes finding the right person to help takes a little time
- Pricing of SAST/SCA scans may scare off some potential customers until they understand that it's worth it.
February 15, 2024
Great products; + Great price.
- Static Scan
- Dynamic Scan
- Manual PEN testing
- Open source scans with Software Composition Analysis
- Dynamic DAST fails every once in a while and creates problems during release completion.
February 13, 2024
Worth the investment
- Explains the potential issue well
- Explains a possible solution
- Scans the code quickly so we can start remediation ASAP
- Very user friendly
- Integrate with LLM functions to expand remediation options
January 16, 2024
Great DAST and Penetration Testing Platform.
- Provides robust readouts on vulnerabilities.
- Allows for detailed or customized reports to fit your organizations or clients needs.
- Remediating findings in the tool is exceptionally easy to understand and execute.
- MPT Results should be segmented from DAST/SAST results.
- MPT Reports should include more information on scoping and testing dates as generally provided by accounting firms conducting similar tests.
- Vulnerability readouts should not be so hidden in the platform (It shouldn't take as many clicks to get to and view).
October 12, 2023
Veracode Security far ahead of competitors
- IDE Integration
- SCA
- SAST
- Plug-in pipeline
- CI/CD
- Pull requests
August 30, 2023
Elevating Security Through Automation and Integration
- Automation
- Software Composition Analysis
- Integrations
- More insight into errors that may be causing an issue when configuring an integration, e.g. Veracode's Jira integration.
- Static Analysis can sometime get 'stuck' when using the Jenkins integration. Days, sometimes weeks can go by before we notice. Have to delete the 'stuck' scan and re-upload.
- Manual Pen Test account management/reminders. I would expect the vendor to reach out and schedule the pen test annually, maybe send a notification/reminder when the date starts getting close, things like that. From my experience it was on me to initiate our MPT.
August 23, 2023
Vericode Use for Companies ERP Product offerings
- Automated scanning of software libraries for vulnerabilities
- Management of multiple application, statuses and helps on security remediation
- Vericode Verified program to leverage the security investment as competitive advantage
- The time it takes to scan large projects makes it difficult to fit into our CI/CD/pipeline
- One of our app scans times out after 2 hours and we have to upload it and scan manually but there is no visibility the CI system has as to vulnerabilities found
- Integration with older development languages to scan. We have old 4GL based application that is not compatible with the tools
- Monitoring software development infrastructure.
- Prevention of security threats.
- Provision of intelligent security information.
- The features are awesome.
- I have familiarized with al the set features.
- The overall performance is good.
March 27, 2023
A normal review of Veracode
Score 8 out of 10
Vetted Review
Verified User
- Very good customer support
- Visual Studio Add Ons
- Quick responses to questions
- Microsoft ADO pipeline support for other scan features
- Reports that can be generated outside of the website
- Summary of multiple reports at the user level and not administrative level
January 10, 2023
Veracode For your Code
- Realtime resolution
- Consultation calls
- Detailed report
- Using sourceclr
- for DAST scan
- Linking SCA with SAST should be more clear
December 29, 2022
Excellent Code Security Scanning Cloud Service
Score 9 out of 10
Vetted Review
Verified User
- Static scans
- User Interface
- Results of scans with detailed descriptions of what the issue is and how to potentially fix it
- The time to complete a static scan
December 20, 2022
Veracode makes your life easy and safe.
- SAST Scan
- SCA
- DAST
- Flagging false positive.
- Linking of SCA and SAST Scan.
- Needed to see an aggregated score for all the modules in an application.
November 09, 2022
Veracode the proven medium fur security and security awareness.
- To uncover vulnerabilities.
- To get a security awareness in the company.
- to secure our applications as much as possible.
- Good held and explanations for vulnerabilities.
- Good tele consulting in a short time.
- Concrete example implementations for best practices for the flaws and for different programming languages.
November 08, 2022
Veracode - Save software and superb support!
- Customer Service.
- Easy Usability.
- Well Documentation.
- Details on Documentation.
- Customer Communication for Appointments.
- Double checking the security of our code
- Integrating into our CI/CD process to help us catch and resolve new flaws
- Helping us maintain our compliance
- The documentation could really use some work
- I am skeptical of the thoroughness of the scans on newer languages and frameworks
- The scan takes too long
- The IDE tools leave much to be desired
- Too many false positives
October 07, 2022
Veracode helps to improve the security in applications
- SAST analysis in the pipeline it's very quick and helps to identify flaws
- Third party libraries analysis it's effective to review vulnerabilities and recommend a secure version
- Integration in the pipeline with various DevSecops Tools/Platforms
- More coverage in the languages/frameworks
- The crawl script for SAST analysis could be improved to support more functions
- More coverage for different versions of the IDEs
September 15, 2022
Heathy, bug-free Code brought to you in association with Veracode
- Reporting vulnerabilties
- Static Analysis of code
- Scan all dependencies
- UI experience could be smoother
- Navigation could be better
- Response time could be optimized
September 15, 2022
Catch Vulnerabilities before Hackers Do
- Pointing out use of 3rd-paty software versions that are out-of-date
- Providing an easy way to triage flaws -- tying together the flaw, source code, and an explanation in one easy-to-use path
- Providing an easy-to-use plug-in for Visual Studio allowing on-the-fly validation of code without having to complete a full scan
- It would be nice if we could more easily customize post-scan reports. The reports are fairly lengthy and not everyone on the team needs all of the details.
- It's not always obvious as to what features are available. For example, for years I had no idea one could promote a sandbox scan to a policy scan without having to resubmit it.