Veracode

Within our organization we have a large portfolio of applications written over many years by many different developers. As part of our continuous improvement and dedication to security we have integrated Veracode's static code analysis platform into our process of monitoring and reviewing our portfolio, greatly increasing our coverage. As a company with smaller development teams we greatly value resource efficiency, and tools which can improve it; to this extent our developers can utilize their time effectively remediating important flaws the platform discovers, and our organization can feel assured that our focus on security continues to evolve and grow.

It's being used across whole organization, multiple engineering teams are using it for third-party libraries scan i.e. software composition analysis and static application security testing. There is security labs for engineers and those who are interested in learning about security vulnerabilities and remediation, secure code training (labs). These labs are being used for encouraging developers in learning about secure coding by conducting secure code tournaments.

Veracode is used across all departments in our organization tasked with creating and/or using software. It helps to ensure that we are up-to-date on the latest security threats, and their consultants help us to quickly resolve any issues we are not able to resolve ourselves. I greatly appreciate that the Veracode platform is incredibly versatile, and helps us get a more holistic view of our security profile. When we first started using it, within minutes it was easy to view where we should focus our fixes. Looking back, this alone was worth every penny.

Veracode DAST is used on app applications in the portfolio. SAST/SCA scans and DAST scans are run monthly for all Critical application in the portfolio. In total there around 120 applications in scope for the program.

We use Veraocode for Static and Dynamic scans and Software Composition Analysis (SCA) across multiple products. The Jenkins automation is a lifesaver for Static scans and SCA since it gets us out of the business of uploading builds manually. We're also utilizing the Jira integration to manage vulnerabilities, from creating new tickets to resolving and closing them when a vulnerability is no longer present. Dynamic scanning can take some tweaking to get running smoothly, however, once things are dialed in, it's another scan that can be scheduled to run automatically. Arguably the most powerful tool, Software Composition Analysis, runs along with our Static scans and gives us insight into vulnerabilities in third-party libraries, newer versions available where a vulnerability is resolved, as well as their licenses.

In all, Veracode is a critical tool that helps us remain compliant with our various annual third-party audits.

We use Vericode to provide initial and ongoing security analysis of our software products. We supply ERP software solutions to the paper manufacturing industry. We are a leading supplier of software to this industry and it is important to us to provide a product that is thoroughly tested and free of known critical vulnerabilities. We have incorporated Vericode into our SLDC cycles and perform SCA and Dynamic scans within our release cycles. Our application is a very large full ERP application using many third party libraries. Without Vericode we would be flying without a net.

This product has efficient data security control tools that enhances safe working environment for all teams. It gives our team CI and CD critical data that gives us reliable development infrastructure for better results. It prevents the software development ecosystem for security threats that can affect efficient production. I have not experienced project implementation challenges since we started working with this platform.

Our company maintains highly confidential information about our clients. Keeping our systems and data secure and protected is at the heart of what we do. We use Veracode to help us in this endeavor. We rely on Veracode's products and services to ensure that we maintain the level of trust and confidence that our clients give to us.

Veracode helps our clients to deliver secure applications in an agile way in less time and focus the efforts of developers to work on real flaws, this can be done from a single SAST scan to a complete integration in a CI/CD enviroment, analyzing vulnerabilities in the code of the developers, thrid party libraries, executing dynamic anlysis all automated to be compaint to security standards and best practices

We employ Veracode's static and dynamic scanning offerings to scan our application code for vulnerabilities on a regular basis. We also use the software composition testing of third-party, open-source libraries as a check against our use of a second similar tool. These features, as well as others we employ external to Veracode, help to increase our application's security posture. We have also recently contracted for their manual APT offering.

Veracode is mostly being used as a SAST and DAST-based tool. Its been used as part of our Continuous Integration and Continuous Delivery injected in the Devops Pipeline. It helps to identify the vulnerability in your code as a left shift strategy before the code gets actually deployed in the production . The tool can identify defects and bad practices both as Static and Dynamic analysis of the code. It has prevented many defects arising in production , thereby increased efficiency and reduced code rework

We use Veracode to scan and resolves security issues in our web application. We created an Azure Pipeline specific for Veracode-Scan. It will be triggered at least once a release. All issues found during scan with very high and high level should be resolved before go-live. If some flaws cannot not be fixed, we have to discuss with business and find a solution together.

Developers scan application code for vulnerabilities. It helps to keep our apps safer from hacking.

All development projects must run analysis static at Veracode before going to production. We do this through [a] continuous integration pipeline on Azure, Jenkins, etc. It's integrated in our application lifecycle management processes. All development teams went to their projects Veracode reports and fix[ed] all issues in their projects before mak[ing] a step to [the] production environment.

We use Veracode to Scan code for OWSAP and other vulnerabilities via IDE, CICD Pipelines. Developers are able to review and compare the code file against the results of the scan and resolve or mitigate the flaws. I am particularly impressed by the scanning abilities automatically exclusion of some Third-party code.

We used Veracode for training developers on how to start thinking of security as another vector for what constitutes shippable software on par with code quality. Just as in the past it took a cultural shift to get engineers to believe that they shouldn't even think about shipping code without unit tests or peer review, I wanted my engineers to start viewing security the same way.

Veracode is used across the whole organisation for static & dynamic application security testing as well as software composition analysis (tracking open-source and other third-party components) to evaluate our security posture and ensure compliance to global security policy & standards. Provides visibility of potential security vulnerabilities in applications, categorised by severity to help prioritise remediation.

We used Veracode across our entire secure software development lifecycle as a key component of our Jenkins pipelines to analyze code for security issues. We have rules to remedy all critical, high, and medium issues for non-PCI applications. PIC applications also require the remediation of low vulnerability classification. I like that we have a standards tool for code analysis that uses the same rules and thresholds for our code.

Veracode was used in our organisation by a few business units for Static Analysis Security Testing (SAST). It helps in finding software vulnerabilities in the code by scanning the binary derived objects of the source code written by developers, thus addressing the security aspects of the products the organisation is shipping to its customers.

Any aspect concerning the vulnerabilities of a software product is non-trivial and would be very costly if reported by the customers. Veracode helps find these beforehand, if the code (binaries) is scanned before being integrated into the product. With its wide variety of integrations, Veracode scanning can happen at any stages of the DevOps CI Pipeline, thereby facilitating the "shift left" mentality of finding defect/vulnerabilities in [the] code as early as possible in the software development life cycle.

Veracode is used in my company as an Enterprise Security Partner. Currently, we focus on SAST & SCA, but we have experience with Veracode on DAST and MPT as well. I have used Veracode earlier also at one of my previous engagements in a Fortune 500 company. I am really satisfied with Veracode.

We use Veracode to ensure that we are providing best-in-class security to our customers, as wells as meeting annual security assessment requirements specified by our partners in the financial services industry. Primarily our technology (software development) organization within our business is using Veracode services, however our entire organization is involved in the review of results and understands the importance of these security assessment services, the results of which we share with our partners.

Veracode is used by the entire company as part of our security scanning suite of tools. We scan all of our applications both with static and dynamic scans. We have also had manual pen tests done for most of our applications.

We develop various software products. Veracode is currently being used only for one product. It's our flagship product, and the others are in development so eventually, we plan to add them to the Veracode tool. Currently, Veracode is only used by me. After the developers produce a build, I run Veracode analysis and it's ready for customers that request it. We have still a long road to implementing it in CI/CD, and on other products. We are not there yet.

We use Veracode as part of our SDLC. We leverage the SAST, DAST, and e-learning for our entire DevOps team(s). This addresses keeping our platforms secure and aware of new vulnerabilities and how to resolve or mitigate our risks.