Veracode

To be SoC2 and ISO compliant and also to protect our SaaS, we are using this tool to scan every component that we build for SA and SCA.
we also have an obligation regarding the fix time and we use the dashboards to keep track of it.

We use Veracode for all the software we build in-house. Being in the financial services industry there's a lot of regulation and emphasis on security, and we've made Veracode a mandatory part of our production deployment process to satisfy some of those requirements. The reports Veracode generates are used by both management and development teams.

It's being used across whole organization, multiple engineering teams are using it for third-party libraries scan i.e. software composition analysis and static application security testing. There is security labs for engineers and those who are interested in learning about security vulnerabilities and remediation, secure code training (labs). These labs are being used for encouraging developers in learning about secure coding by conducting secure code tournaments.

Veracode is used across all departments in our organization tasked with creating and/or using software. It helps to ensure that we are up-to-date on the latest security threats, and their consultants help us to quickly resolve any issues we are not able to resolve ourselves. I greatly appreciate that the Veracode platform is incredibly versatile, and helps us get a more holistic view of our security profile. When we first started using it, within minutes it was easy to view where we should focus our fixes. Looking back, this alone was worth every penny.

We wanted a secure scan method for static, dynamic, and manual PEN testing. We wanted to make sure that we could "shift left" with our development and have security scans done at the beginning of the development process. Not at the end when it is already in the field and more challenging to update.

Primarily for scanning web applications, while others might use it to secure mobile apps, APIs, or even IoT devices. The ultimate goal is to reduce the risk of security breaches and ensure that software applications are developed and maintained. IDE integration and security testing are the best feature to identify and address security vulnerabilities in my software applications.

We use Vericode to provide initial and ongoing security analysis of our software products. We supply ERP software solutions to the paper manufacturing industry. We are a leading supplier of software to this industry and it is important to us to provide a product that is thoroughly tested and free of known critical vulnerabilities. We have incorporated Vericode into our SLDC cycles and perform SCA and Dynamic scans within our release cycles. Our application is a very large full ERP application using many third party libraries. Without Vericode we would be flying without a net.

This product has efficient data security control tools that enhances safe working environment for all teams. It gives our team CI and CD critical data that gives us reliable development infrastructure for better results. It prevents the software development ecosystem for security threats that can affect efficient production. I have not experienced project implementation challenges since we started working with this platform.

This is a very thorough tool to statically scan your source code. It works very well for us, and it's always interesting to see how your code writing changes over time as you become more security focused. We are in the process of setting up dynamic scans, but for now we are doing static scans only. They take a little time to complete, but we are scanning our entire software suite so it's to be expected. We have found a number of issues, some of which are in legacy code which we are probably not going to fix as it is actively being replaced.

As a Developer, I have to make sure that the System we are building is safe. Therefore Veracode helped a lot by scanning our Code for vulnerabilities. Therefore our Security Department opens up a Ticket Process wherefore we simply open up a new Static Code Scan and wait for the result. When all the vulnerabilities are fixed, we get a sign-off.

Our company maintains highly confidential information about our clients. Keeping our systems and data secure and protected is at the heart of what we do. We use Veracode to help us in this endeavor. We rely on Veracode's products and services to ensure that we maintain the level of trust and confidence that our clients give to us.

Veracode helps our clients to deliver secure applications in an agile way in less time and focus the efforts of developers to work on real flaws, this can be done from a single SAST scan to a complete integration in a CI/CD enviroment, analyzing vulnerabilities in the code of the developers, thrid party libraries, executing dynamic anlysis all automated to be compaint to security standards and best practices

Veracode is an integral part of our software development process and is fully integrated into our CI/CD pipelines. It enables us to stay on top of security flaws within our software development and provides valuable information to the development teams to enable them to understand and address any identified flaws. In addition, the ability to schedule a technical conversation with a support specialist has enabled a far deeper understanding than some other products might have done.

Scan for SAST vulnerabilities at all stages on the CI/CD pipeline - starting with IDE scans to scans on commit and scans before PR merge.

Veracode helps in providing solutions to fix flaws as early as possible through their portfolio of scans. We run multiple scans during the lifecycle of our softwares to not only identify but also remediate these issues. Veracode helps us in making sure the apps are always secure before they are released to the production environment. We have regular reviews from the security team for our applications and Veracode helps us in clearing them without any issues.

We use Veracode to Scan code for OWSAP and other vulnerabilities via IDE, CICD Pipelines. Developers are able to review and compare the code file against the results of the scan and resolve or mitigate the flaws. I am particularly impressed by the scanning abilities automatically exclusion of some Third-party code.

I used Veracode for various applications in [the] organization, and I am able to identify and resolve many code vulnerabilities with the help of Veracode. Initially, I started with the .net application and now organization is planning to work on scanning angular apps and now I am exploring it, Plugins provided by Veracode are also really useful to analyze problems at the time of development.

We are using Veracode for static analysis for our code for one of our major clients. The application has been greatly helpful in managing security risks to all our applications. I [especially] love the flexibility in the way a scan can be conducted. It can be CI/CD pipeline, or we can directly upload our codebase and scan it, which helps us with managing multiple applications at the same time.

Veracode is truly the best AppSec tool available. You don't have to install anything if you don't want to as it's offered as a SaaS. It's as easy to implement as writing a few lines of code or installing a plugin on your CI/CD pipeline, their false-negative ratio is close to zero because of their AI and the pipeline scan really gets the job done within a few minutes while giving you the opportunity to run full-scans to generate reports of your entire environment. Their team is incredible and super helpful when needed. We're using Veracode to scan all of our APIs right in the development environment to make sure that we don't have any critical vulnerability running in our production environment and to reduce costs regarding vulnerability correction/mitigation.

Veracode is used across the whole organisation for static & dynamic application security testing as well as software composition analysis (tracking open-source and other third-party components) to evaluate our security posture and ensure compliance to global security policy & standards. Provides visibility of potential security vulnerabilities in applications, categorised by severity to help prioritise remediation.

Our company uses the Veracode SAST tool to ensure the code quality. We run it on a weekly basis as part of our CI / CD pipeline. The Veracode tool creates reports, and we check the report. If a report includes high, very high or critical issues - we fix these issues immediately and rerun the SAST tool.

Veracode usage decision was made by the corporate security team and is used across multiple projects that are customer-facing. One of the goals of the corporate security team was to ensure all applications that are developed and deployed to our customers follow secure development practices. There are no security vulnerabilities that can be exploited and in turn affect the business of our customers. Our current project is specifically a distributed system where each customer has their own environment setup. In this environment, we cannot ensure the customer environment is secure as it is not under our control. The only control we could put in place was the security of the application. With Veracode, we run manual penetrations tests at the end of each release and static scans each week to ensure we comply with the corporate-defined security standards. At the same time also ensuring that there are no security vulnerabilities.

Veracode is used in the software R&D department. It is an important stage in our quality process. With using Veracode, we make sure that our source code corresponds to high security standards. We also use it for checking security in 3rd party libraries used in our products. For us, Veracode address the static scanning part of security testing. So together with Secure design principles, penetration testing, and security scanning Veracode adds its value into our company security program and helps to make products better from security and code quality perspective.

Veracode is being used for several different types of scanning at my organization. Primarily, it is used for static scanning, which occurs frequently, and secondarily it is used to scan for malicious third-party packages within the codebase. We have also implemented dynamic scanning with Veracode to maintain the security of web applications being developed.

Veracode is using by our IT department only. It is very helpful product.