Skip to main content
TrustRadius
Veracode

Veracode

Overview

What is Veracode?

Veracode is a software security firm that identifies flaws and vulnerabilities across the software development lifecycle. Veracode’s Software Security Platform uses advanced AI algorithms trained on vast datasets of code, for more precise identification and rectification of security flaws.

Read more

Learn from top reviewers

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons

Video Reviews

1 video

Veracode Review: Provides Helpful Support When Troubleshooting Security Needs
02:38
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Veracode?

Veracode is a software security firm that identifies flaws and vulnerabilities across the software development lifecycle. Veracode’s Software Security Platform uses advanced AI algorithms trained on vast datasets of code, for more precise identification and rectification of security flaws.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

1044 people also want pricing

Alternatives Pricing

What is SonarQube?

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

What is Quixxi Security?

Quixxi Security provides codeless app protection against hackers looking to clone, tamper, inject malicious code, or exploit a mobile app. A simple drag & drop feature applies a sophisticated set of security layers, for quick & easy mobile app protection.Quixxi is also a monitoring tool with…

Return to navigation

Product Details

What is Veracode?

The Veracode Platform provides a comprehensive approach to build and secure software and meet application risk management requirements through tools, solutions, AI-generated fixes and ASPM capabilities to gain visibility into vulnerabilities from code to cloud and quickly remediate them.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

Veracode Screenshots

Screenshot of the Veracode Platform HomepageScreenshot of Static Analysis ScansScreenshot of Findings Status and History DashboardScreenshot of the Veracode Platform

Veracode Videos

Veracode Static Analysis Demo
Veracode Software Composition Analysis Demo
Veracode Dynamic Analysis Demo

Watch The Veracode Platform

Watch Manhattan Associates Success Story

Veracode Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesNorth America, EMEA, APAC, LATAM
Supported LanguagesJava, .NET, PHP, Android, iOS, JavaScript, Python

Frequently Asked Questions

Veracode is a software security firm that identifies flaws and vulnerabilities across the software development lifecycle. Veracode’s Software Security Platform uses advanced AI algorithms trained on vast datasets of code, for more precise identification and rectification of security flaws.

Checkmarx, Snyk, and SonarQube are common alternatives for Veracode.

Reviewers rate Support Rating highest, with a score of 7.9.

The most common users of Veracode are from Enterprises (1,001+ employees).

Veracode Customer Size Distribution

Consumers0%
Small Businesses (1-50 employees)18%
Mid-Size Companies (51-500 employees)65%
Enterprises (more than 500 employees)17%
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(207)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Customer Support Effectiveness: Users have consistently praised Veracode's customer support for being responsive, helpful, and quick to address their needs. This level of support has been instrumental in resolving issues efficiently and maintaining user satisfaction.

Ease of Use and Integration: Reviewers appreciate the platform's user-friendly interface, well-documented steps for administration, and seamless integration with code repositories, making it easy to navigate and work with. This simplicity contributes to a smoother workflow for users across different tasks.

Comprehensive Analysis and Suggestions: Many users highlight the static code analysis platform for providing in-depth information, valuable suggestions for flaw mitigation across various programming languages, and aiding developers in promptly resolving issues. The actionable insights offered by the platform significantly enhance the development process for organizations.

Slow Scan Times: Users have expressed frustration with lengthy scan times, noting instances where scans took weeks to complete. For some, these instances are ongoing and have negatively impacted their overall experience.

Module Selection Process Issues: Users have reported issues with the module selection process, mentioning that it is slow to load for large applications and sometimes unclear on what can be scanned. This has led to confusion and inefficiencies during the scanning process.

Lack of Alerting Functionality: The absence of alerting functionality when new flaws are discovered has been highlighted as a drawback by users. This limitation hinders timely responses to security issues identified by the tool.

Reviews

(1-24 of 24)
Companies can't remove reviews or game the system. Here's why

Great In-Depth Analysis of In-House Applications

Rating: 10 out of 10
March 15, 2024
Verified User
Vetted Review
Verified User
Veracode
1 year of experience
Within our organization we have a large portfolio of applications written over many years by many different developers. As part of our continuous improvement and dedication to security we have integrated Veracode's static code analysis platform into our process of monitoring and reviewing our portfolio, greatly increasing our coverage. As a company with smaller development teams we greatly value resource efficiency, and tools which can improve it; to this extent our developers can utilize their time effectively remediating important flaws the platform discovers, and our organization can feel assured that our focus on security continues to evolve and grow.
  • Veracode's static code analysis platform provides in-depth information as well as very useful suggestions regarding mitigation for flaws it discovers. This is very helpful in assisting developers towards a speedy and complete mitigation.
  • Veracode does well to keep connected with their customers, ensuring the success of their customers on their platform is evidently one of their goals which they hold highly. This responsiveness continues into their technical support which is both helpful and fast to respond.
  • Veracode continues to update their platforms, their capabilities, and their research often; the promise of continuous improvement from all facets provides value to us as an organization.
Within our organization it is clear that when a codebase is available, and in a language that Veracode supports, the use of Veracode (with a particular focus to the static scanning platform) is a great suggestion. The depth of information it can provide with respect to security flaws is valuable, with very little setup required from the developers. When a codebase is unavailable, say in the instance of third-party applications for which you are creating extensions or some form of module, then static code scanning is not an option but even then dynamic scanning (DAST) may prove to be helpful, though potentially less so.

Best in Security

Rating: 10 out of 10
March 03, 2024
Verified User
Vetted Review
Verified User
Veracode
1 year of experience
It's being used across whole organization, multiple engineering teams are using it for third-party libraries scan i.e. software composition analysis and static application security testing. There is security labs for engineers and those who are interested in learning about security vulnerabilities and remediation, secure code training (labs). These labs are being used for encouraging developers in learning about secure coding by conducting secure code tournaments.
  • SCA
  • SAST
  • Secure Code Training
It's more suited in software composition analysis for third library scans (SCA) and static application security testing (SAST). Currently being utilised by us and security labs, we are using these labs for tournaments for developers to learn about secure coding, even for learning purposes. It's helpful in the IDE stage - greenlight where developers can find issues/vulnerabilities during coding (Shift left).

Sleep Soundly - Use Veracode

Rating: 10 out of 10
March 01, 2024
TK
Vetted Review
Verified User
Veracode
5 years of experience
Veracode is used across all departments in our organization tasked with creating and/or using software. It helps to ensure that we are up-to-date on the latest security threats, and their consultants help us to quickly resolve any issues we are not able to resolve ourselves. I greatly appreciate that the Veracode platform is incredibly versatile, and helps us get a more holistic view of our security profile. When we first started using it, within minutes it was easy to view where we should focus our fixes. Looking back, this alone was worth every penny.
  • Thorough static scans
  • Quick but deep dynamic scans
  • Detailed reports
  • Excellent consultants
Veracode is great for deep scans of your codebase, as well as performing deep scans against your online application. I have been using it for several years, and it has consistently gotten more and more thorough while vastly improving performance. Make sure, though, that your language is supported. Veracode supports several, but it doesn't support everything.

Veracode to the Rescue!

Rating: 10 out of 10
February 27, 2024
Verified User
Vetted Review
Verified User
Veracode
9 years of experience
Veracode DAST is used on app applications in the portfolio. SAST/SCA scans and DAST scans are run monthly for all Critical application in the portfolio. In total there around 120 applications in scope for the program.
  • Customer support that won't permit any failures anywhere along the line.
  • Regular updates to the platform that supports rapid changes in technology and development practices
  • Sets the standard for how AppSec scanners should work
Veracode is useful across the spectrum of development teams' AppSec maturity, size of the development community, and varied skill sets to address application security. Veracode excels in bringing together threat management teams and development teams with a single view into all application vulnerabilities and their treatment.

Elevating Security Through Automation and Integration

Rating: 10 out of 10
August 30, 2023
Verified User
Vetted Review
Verified User
Veracode
4 years of experience
We use Veraocode for Static and Dynamic scans and Software Composition Analysis (SCA) across multiple products. The Jenkins automation is a lifesaver for Static scans and SCA since it gets us out of the business of uploading builds manually. We're also utilizing the Jira integration to manage vulnerabilities, from creating new tickets to resolving and closing them when a vulnerability is no longer present. Dynamic scanning can take some tweaking to get running smoothly, however, once things are dialed in, it's another scan that can be scheduled to run automatically. Arguably the most powerful tool, Software Composition Analysis, runs along with our Static scans and gives us insight into vulnerabilities in third-party libraries, newer versions available where a vulnerability is resolved, as well as their licenses.

In all, Veracode is a critical tool that helps us remain compliant with our various annual third-party audits.
  • Automation
  • Software Composition Analysis
  • Integrations
Veracode is well suited for small software companies, as well as organizations supporting multiple products. A well-defined and orchestrated build process will be a huge help when setting up a build upload integration with Veracode. Once scans are running smoothly, and assuming you have an integration with your ticketing system, you will rarely have to sign into Veracode's interface.

Vericode Use for Companies ERP Product offerings

Rating: 8 out of 10
August 23, 2023
Verified User
Vetted Review
Verified User
Veracode
2 years of experience
We use Vericode to provide initial and ongoing security analysis of our software products. We supply ERP software solutions to the paper manufacturing industry. We are a leading supplier of software to this industry and it is important to us to provide a product that is thoroughly tested and free of known critical vulnerabilities. We have incorporated Vericode into our SLDC cycles and perform SCA and Dynamic scans within our release cycles. Our application is a very large full ERP application using many third party libraries. Without Vericode we would be flying without a net.
  • Automated scanning of software libraries for vulnerabilities
  • Management of multiple application, statuses and helps on security remediation
  • Vericode Verified program to leverage the security investment as competitive advantage
Help raise the level of awareness throughout the organization on the importance of proper security measures for software development. Allows you to establish a campaign that touts your organizations concern and action towards continual technology threats. Working the Vericode tools into an automated build cycle allows continual focus on the security vulnerabilities within your applications. We are hoping Vericode adapts to large scale applications that allow us to auto scan our application that has over 3 million lines of code.

Outstanding platform for tracking software development lifecycle

Rating: 9 out of 10
August 11, 2023
CC
Vetted Review
Verified User
Veracode
1 year of experience
This product has efficient data security control tools that enhances safe working environment for all teams. It gives our team CI and CD critical data that gives us reliable development infrastructure for better results. It prevents the software development ecosystem for security threats that can affect efficient production. I have not experienced project implementation challenges since we started working with this platform.
  • Monitoring software development infrastructure.
  • Prevention of security threats.
  • Provision of intelligent security information.
It is easily customizable to suit company security policies. The software has simple coding tools that enables our team to identify errors before completion of any given project. The security intelligence that has been provided over the time has saved the company the cost of security drawbacks. The customer support team is ever available when reached for any solution.

Software engineer's take on the product after using it for a few weeks

Rating: 8 out of 10
November 04, 2022
TT
Vetted Review
Verified User
Veracode
12 years of experience
Our company maintains highly confidential information about our clients. Keeping our systems and data secure and protected is at the heart of what we do. We use Veracode to help us in this endeavor. We rely on Veracode's products and services to ensure that we maintain the level of trust and confidence that our clients give to us.
  • Double checking the security of our code
  • Integrating into our CI/CD process to help us catch and resolve new flaws
  • Helping us maintain our compliance
It is useful for maintaining security compliance.
The manual penetration test is very useful to have in addition to the flaw identification algorithm.

Due to the lengthy amount of time it takes to scan, it's not useful for testing every commit.
The Visual Studio extension to not make it easy for developers in day-to-day programming

Veracode helps to improve the security in applications

Rating: 9 out of 10
October 07, 2022
Verified User
Vetted Review
Veracode
2 years of experience
Veracode helps our clients to deliver secure applications in an agile way in less time and focus the efforts of developers to work on real flaws, this can be done from a single SAST scan to a complete integration in a CI/CD enviroment, analyzing vulnerabilities in the code of the developers, thrid party libraries, executing dynamic anlysis all automated to be compaint to security standards and best practices
  • SAST analysis in the pipeline it's very quick and helps to identify flaws
  • Third party libraries analysis it's effective to review vulnerabilities and recommend a secure version
  • Integration in the pipeline with various DevSecops Tools/Platforms
It's an excellent security application platform, with different integrations that can fit in the SDLC, as the SAAS solution works perfect to quick starts and the integrations are fast and easy to execute, can be implemented in a modular way starting just with training in secure code or can be robust to integrate into all the develop environment

Veracode Meets Our Needs

Rating: 8 out of 10
June 09, 2022
Verified User
Vetted Review
Verified User
Veracode
6 years of experience
We employ Veracode's static and dynamic scanning offerings to scan our application code for vulnerabilities on a regular basis. We also use the software composition testing of third-party, open-source libraries as a check against our use of a second similar tool. These features, as well as others we employ external to Veracode, help to increase our application's security posture. We have also recently contracted for their manual APT offering.
  • Static scanning is quick and efficient
  • The scan reports are easy to read and informative
  • Interaction with both account management and support staff is great
  • The contracting process is easy
Use of this platform allows us to better control vulnerabilities and demonstrate to clients that we take our security posture seriously. Of course this, though important, is only one aspect of ensuring our code is as secure as possible. The feature set of the tool is quite mature and serves our needs quite well for the most part.

Review for a Left Shift Security Scanner

Rating: 8 out of 10
April 27, 2022
Verified User
Vetted Review
Verified User
Veracode
2 years of experience
Veracode is mostly being used as a SAST and DAST-based tool. Its been used as part of our Continuous Integration and Continuous Delivery injected in the Devops Pipeline. It helps to identify the vulnerability in your code as a left shift strategy before the code gets actually deployed in the production . The tool can identify defects and bad practices both as Static and Dynamic analysis of the code. It has prevented many defects arising in production , thereby increased efficiency and reduced code rework
  • Static Analysis SAST
  • Dynamic Analysis DAST
  • Software Composition Analysis SCA
  • Interactive Analysis
Veracode is very well suited where lots of code are getting deployed with multiple agile teams on production. It can really bring efficiency in code quality, reduce code rework , reduce number of defects in production. It can be also used to include some compliance specific rules which can actually act as a tailgate to stop the non-compliance code getting deployed in production. Eventually as a SAST and DAST-based tool its can be very much efficiently used If the application is quite simple and not that complex, I feel we do not require to include this kind of tools. As the enterprise might not invest in non-complex applications.

Veracode Review

Rating: 7 out of 10
February 21, 2022
Verified User
Vetted Review
Verified User
We use Veracode to scan and resolves security issues in our web application. We created an Azure Pipeline specific for Veracode-Scan. It will be triggered at least once a release. All issues found during scan with very high and high level should be resolved before go-live. If some flaws cannot not be fixed, we have to discuss with business and find a solution together.
  • Recognize unseen security issues
  • Detailed scan report
  • Great personal support
For application with high security requirements, Veracode is well suited. For example, we develop web application for a big insurance company. The security and protection of data privacy have a high priority here. In our case, Veracode can help a lot during development of the whole application and new features. For a small application with small user group, Veracode is not very appropriate because of the cost and needed efforts.

Veracode Review

Rating: 9 out of 10
January 27, 2022
Verified User
Vetted Review
Verified User
Veracode
1 year of experience
Developers scan application code for vulnerabilities. It helps to keep our apps safer from hacking.
  • scanning existing code
  • scanning code as developers work so errors aren't introduced at all
any group developing code that will be externally facing. Any team of developers who need the training to stay current with Security information in regards to their training - OWASP Top 10, etc.

Important!

Rating: 8 out of 10
January 13, 2022
Verified User
Vetted Review
Verified User
Veracode
1 year of experience
All development projects must run analysis static at Veracode before going to production. We do this through [a] continuous integration pipeline on Azure, Jenkins, etc. It's integrated in our application lifecycle management processes. All development teams went to their projects Veracode reports and fix[ed] all issues in their projects before mak[ing] a step to [the] production environment.
  • Identify third part components security issues and suggest updates.
  • Provides training course to solve the issues found in the analysis.
  • Easy to configure in our devops integration platforms. Has a good documentation for it.
First I thought Veracode was like SonarQube. But Veracode does different things. Otherwise, Veracode could show the issues in the code line, like Sonar does.

Help us build Secure code and drive your development teams towards best secure code practices

Rating: 10 out of 10
December 20, 2021
SP
Vetted Review
Verified User
Veracode
1 year of experience
We use Veracode to Scan code for OWSAP and other vulnerabilities via IDE, CICD Pipelines. Developers are able to review and compare the code file against the results of the scan and resolve or mitigate the flaws. I am particularly impressed by the scanning abilities automatically exclusion of some Third-party code.
  • Identify Vulnerabilities
  • Great Developer Support and Training
  • Automatic Identification Third party code.
  • Multiple Scanning options Portal, IDE, CI Pipelines
The best thing about the Veracode is scanning abilities and Developer Training.

Hands-on teaching platforms are the best!

Rating: 10 out of 10
December 16, 2021
Verified User
Vetted Review
Verified User
Veracode
2 years of experience
We used Veracode for training developers on how to start thinking of security as another vector for what constitutes shippable software on par with code quality. Just as in the past it took a cultural shift to get engineers to believe that they shouldn't even think about shipping code without unit tests or peer review, I wanted my engineers to start viewing security the same way.
  • Learn by doing rather than telling; modules are passed by coding the solution, not answering a quiz.
  • Was customized to the specific languages my developers use.
  • Leaderboard is a great incentive for engineers to keep learning.
Great for teaching teams to think about security as part of their engineering culture, and not as an afterthought ("I don't have time to think about this, but it's ok because our security team will catch any problems during the review").

Veracode: Best-in-breed vendor for SAST, DAST & SCA, with enticing additions such as pen testing and developer training

Rating: 9 out of 10
October 16, 2021
Verified User
Vetted Review
Verified User
Veracode
5 years of experience
Veracode is used across the whole organisation for static & dynamic application security testing as well as software composition analysis (tracking open-source and other third-party components) to evaluate our security posture and ensure compliance to global security policy & standards. Provides visibility of potential security vulnerabilities in applications, categorised by severity to help prioritise remediation.
  • Static Application Security Testing (SAST).
  • Dynamic Application Security Testing (DAST).
  • Software Composition Analysis (SCA).
It's well-suited where you want a best-in-class vendor for static and dynamic security testing who can also perform additional services such as penetration testing. It's also great if you need the ability to have consultations with Veracode experts to help understand flaws, either regularly or from time to time. If you need proactive account management to help ensure you are getting the best out of the Veracode application, again, you are in luck because this is an area in which Veracode shines. All of this functionality, flexibility, and the "human touch" does come at a price, so while I would say Veracode is excellent value for money, for very small or highly budget-conscious organisations, they may not be the best fit.

Veracode helps create secure software for publishing in the cloud.

Rating: 8 out of 10
September 22, 2021
BB
Vetted Review
Verified User
Veracode
2 years of experience
We used Veracode across our entire secure software development lifecycle as a key component of our Jenkins pipelines to analyze code for security issues. We have rules to remedy all critical, high, and medium issues for non-PCI applications. PIC applications also require the remediation of low vulnerability classification. I like that we have a standards tool for code analysis that uses the same rules and thresholds for our code.
  • Identify OSWAP issues.
  • Easy integration into the developer environment with Greenlight.
  • Ability to be integrated into the Jenkins pipeline.
Positives
  • Very good at scanning code for security vulnerabilities.
  • Has an IDE tool called Greenlight to catch issues before they are committed to the code management system.
Improvements Needed
  • Web site response speed is slow and sluggish for our applications.
  • Confusing on some of the gaps where it wants other libraries uploaded. Need good examples for developer training and education.
  • Since this is run as part of the Jenkins build process, one assumes the system could get those assets, just like it gets the source code that is used for analysis.

Veracode - A non-binary review for the binary scanner

Rating: 8 out of 10
November 18, 2020
Veracode was used in our organisation by a few business units for Static Analysis Security Testing (SAST). It helps in finding software vulnerabilities in the code by scanning the binary derived objects of the source code written by developers, thus addressing the security aspects of the products the organisation is shipping to its customers.

Any aspect concerning the vulnerabilities of a software product is non-trivial and would be very costly if reported by the customers. Veracode helps find these beforehand, if the code (binaries) is scanned before being integrated into the product. With its wide variety of integrations, Veracode scanning can happen at any stages of the DevOps CI Pipeline, thereby facilitating the "shift left" mentality of finding defect/vulnerabilities in [the] code as early as possible in the software development life cycle.
  • Binary scanning. Veracode static analysis is based out of binaries derived from source code which is more accurate that just the pure source code scanning. This accuracy translates to less false positives in the defects reported, thereby saving time of developers in tackling the real issues.
  • Veracode being a SaaS platform reduces the IT burden on your organisation. No servers to worry about, no performance concerns, no storage expansion to plan ahead and no capacity/elasticity challenges to take care of on all the infra (compute, storage, networking).
  • Veracode platform is very quick to configure and very easy to use. It just takes a few minutes to setup an application profile and start scanning. It is particularly easy to use for modern programming languages like Java as the java binaries are optimal for scanning.
  • Learning - Veracode's eLearning portal is very good and has all the relevant training on various aspects of security and again is seamlessly available in the same platform/tenant where the teams scan.
  • Security Consultation - Very easy to get help within the platform itself for a security consultation which is invaluable for the first few scans. Veracode is probably one of the very few SAST solutions which has such easy provision to get security consultation.
Well Suited
  • Well suited for modern programming languages
  • Super good for organisations which do not have a big IT budget to spend on infrastructure
  • Veracode Security consultation is invaluable for teams/Business Units which do not have a dedicated security team
  • These culminate and make it ideal for a startup to quickly benefit from Veracode's setup leanness to get going on Security scanning
Less Appropriate
  • For scanning large legacy applications/software (huge code base, multiple platforms to build, platform specific languages used)

Veracode Review

Rating: 10 out of 10
October 16, 2020
Verified User
Vetted Review
Verified User
Veracode
1 year of experience
Veracode is used in my company as an Enterprise Security Partner. Currently, we focus on SAST & SCA, but we have experience with Veracode on DAST and MPT as well. I have used Veracode earlier also at one of my previous engagements in a Fortune 500 company. I am really satisfied with Veracode.
  • Veracode supports enterprise-level security solutions
  • Veracode scanning is very high in accuracy and feels 0FPs especially on java binaries, as per my experience, so far.
  • Veracode training is very practical and it points to the specific OWASP issue, easy to understand
  • It is very much up-to-date.
Veracode is well suited for enterprise companies; Veracode is less suited for freelance penetration testers.

Veracode helped us meet our fin-tech compliance needs

Rating: 9 out of 10
October 02, 2020
DO
Vetted Review
Verified User
Veracode
2 years of experience
We use Veracode to ensure that we are providing best-in-class security to our customers, as wells as meeting annual security assessment requirements specified by our partners in the financial services industry. Primarily our technology (software development) organization within our business is using Veracode services, however our entire organization is involved in the review of results and understands the importance of these security assessment services, the results of which we share with our partners.
  • Link findings to CVE/CVSS standards
  • Provide comprehensive report artifacts
  • Thorough manual penetration testing services
  • Expert support
Excellent for finding issues during static code analysis and dynamic application testing and linking those issues back to CVE/CVSS security standards. Also excellent at providing reporting artifacts for compliance processes and helping prioritize issues by severity. Additionally very helpful during the assessment, remediation and remediation review processes. This is why we are a repeat Veracode customer.

Veracode is a good product and getting better all the time.

Rating: 10 out of 10
October 01, 2020
Verified User
Vetted Review
Verified User
Veracode
2 years of experience
Veracode is used by the entire company as part of our security scanning suite of tools. We scan all of our applications both with static and dynamic scans. We have also had manual pen tests done for most of our applications.
  • The reports are in-depth and helpful.
  • Great support--we get answers right away when we have questions.
  • Training is great.
Veracode is great for scanning applications, although the dynamic scans take a while to get results. That is the only thing I would improve.

Ease of use for the win!

Rating: 9 out of 10
October 01, 2020
Verified User
Vetted Review
Verified User
Veracode
1 year of experience
We develop various software products. Veracode is currently being used only for one product. It's our flagship product, and the others are in development so eventually, we plan to add them to the Veracode tool. Currently, Veracode is only used by me. After the developers produce a build, I run Veracode analysis and it's ready for customers that request it. We have still a long road to implementing it in CI/CD, and on other products. We are not there yet.
  • Static analysis
  • Almost no false positives
  • Very easy to use (cloud)
I think Veracode is very well suited for its ease of use. You just compile your code, create a zip file, and upload. It handles everything thanks to the cloud SaaS approach. The integration with all developer tools, CI/CD, etc. is great.

I think it's not appropriate if you want on-premises analysis for whatever reason. They don't offer this option.

Impressive application security tool set!

Rating: 9 out of 10
July 06, 2020
Verified User
Vetted Review
Verified User
Veracode
3 years of experience
We use Veracode as part of our SDLC. We leverage the SAST, DAST, and e-learning for our entire DevOps team(s). This addresses keeping our platforms secure and aware of new vulnerabilities and how to resolve or mitigate our risks.
  • Great job with SAST
  • Easy integration into your pipeline
  • Robust training for new developers
Veracode is well suited for software organizations that have a security practice and the team to implement. It is less appropriate for organizations that don't know their threat model, risks, and have never been PEN tested.
Return to navigation