Veracode

To be SoC2 and ISO compliant and also to protect our SaaS, we are using this tool to scan every component that we build for SA and SCA.
we also have an obligation regarding the fix time and we use the dashboards to keep track of it.

Within our organization we have a large portfolio of applications written over many years by many different developers. As part of our continuous improvement and dedication to security we have integrated Veracode's static code analysis platform into our process of monitoring and reviewing our portfolio, greatly increasing our coverage. As a company with smaller development teams we greatly value resource efficiency, and tools which can improve it; to this extent our developers can utilize their time effectively remediating important flaws the platform discovers, and our organization can feel assured that our focus on security continues to evolve and grow.

We use Veracode for all the software we build in-house. Being in the financial services industry there's a lot of regulation and emphasis on security, and we've made Veracode a mandatory part of our production deployment process to satisfy some of those requirements. The reports Veracode generates are used by both management and development teams.

It is used across the organization. We are using it for static analysis of our code. We have selected the policy that requires our release code to minimize the level of security faults.
Beside static analysis we use Software Composition Analysis and we found it very helpful in rectifying vulnerabilities from third-party libraries.

It's being used across whole organization, multiple engineering teams are using it for third-party libraries scan i.e. software composition analysis and static application security testing. There is security labs for engineers and those who are interested in learning about security vulnerabilities and remediation, secure code training (labs). These labs are being used for encouraging developers in learning about secure coding by conducting secure code tournaments.

Veracode is used across all departments in our organization tasked with creating and/or using software. It helps to ensure that we are up-to-date on the latest security threats, and their consultants help us to quickly resolve any issues we are not able to resolve ourselves. I greatly appreciate that the Veracode platform is incredibly versatile, and helps us get a more holistic view of our security profile. When we first started using it, within minutes it was easy to view where we should focus our fixes. Looking back, this alone was worth every penny.

We replaced our old tools with Veracode 1 year ago. To reinforce our security posture and help us prevent vulnerable code from being added to our products.Each pull request must be analyzed and meet our security policy before it can be merged.We also have to maintain 5 versions and assess the conformity of each of these versions with our policy.

Veracode DAST is used on app applications in the portfolio. SAST/SCA scans and DAST scans are run monthly for all Critical application in the portfolio. In total there around 120 applications in scope for the program.

We wanted a secure scan method for static, dynamic, and manual PEN testing. We wanted to make sure that we could "shift left" with our development and have security scans done at the beginning of the development process. Not at the end when it is already in the field and more challenging to update.

Identifying vulnerabilities in our code before they go into production.

We use Veracode as our primary source for Dynamic (DAST) Scans and Annual penetration testing. We were looking for ways to consolidate tooling in our organization with a centralized cloud product and Veracode provides that.

Primarily for scanning web applications, while others might use it to secure mobile apps, APIs, or even IoT devices. The ultimate goal is to reduce the risk of security breaches and ensure that software applications are developed and maintained. IDE integration and security testing are the best feature to identify and address security vulnerabilities in my software applications.

We use Veraocode for Static and Dynamic scans and Software Composition Analysis (SCA) across multiple products. The Jenkins automation is a lifesaver for Static scans and SCA since it gets us out of the business of uploading builds manually. We're also utilizing the Jira integration to manage vulnerabilities, from creating new tickets to resolving and closing them when a vulnerability is no longer present. Dynamic scanning can take some tweaking to get running smoothly, however, once things are dialed in, it's another scan that can be scheduled to run automatically. Arguably the most powerful tool, Software Composition Analysis, runs along with our Static scans and gives us insight into vulnerabilities in third-party libraries, newer versions available where a vulnerability is resolved, as well as their licenses.

In all, Veracode is a critical tool that helps us remain compliant with our various annual third-party audits.

We use Vericode to provide initial and ongoing security analysis of our software products. We supply ERP software solutions to the paper manufacturing industry. We are a leading supplier of software to this industry and it is important to us to provide a product that is thoroughly tested and free of known critical vulnerabilities. We have incorporated Vericode into our SLDC cycles and perform SCA and Dynamic scans within our release cycles. Our application is a very large full ERP application using many third party libraries. Without Vericode we would be flying without a net.

This product has efficient data security control tools that enhances safe working environment for all teams. It gives our team CI and CD critical data that gives us reliable development infrastructure for better results. It prevents the software development ecosystem for security threats that can affect efficient production. I have not experienced project implementation challenges since we started working with this platform.

We use the Veracode software platform to look for vulnerabilities in our code as well as in the third party libraries we were using. We are in the medical software industry, so the data we deal with is very sensitive in nature so we take security and privacy very seriously.

This helps in understanding and resolving vulnerabilities in our code which is really good to have. And the most interesting feature is its Veracode Greenlight which gives real-time output and resolution. We can also schedule calls with the security experts for any resolution or queries. I highly recommend [using] Veracode.

This is a very thorough tool to statically scan your source code. It works very well for us, and it's always interesting to see how your code writing changes over time as you become more security focused. We are in the process of setting up dynamic scans, but for now we are doing static scans only. They take a little time to complete, but we are scanning our entire software suite so it's to be expected. We have found a number of issues, some of which are in legacy code which we are probably not going to fix as it is actively being replaced.

Veracode is used to find any flaws that can affect the application in production even before the product is deployed in any environment. Almost all types of scans can be performed using Veracode. Veracode is famous for its SAST and SCA scan, which attracts users due to its transparency and security.

Due to the regulatory requirements in Germany (VAT), we are required to meet certain security standards. Veracode helps us to check the security of applications as well as third-party libraries and to uncover vulnerabilities. The possibility of telephone consultation helps us to understand and eliminate the defects.

As a Developer, I have to make sure that the System we are building is safe. Therefore Veracode helped a lot by scanning our Code for vulnerabilities. Therefore our Security Department opens up a Ticket Process wherefore we simply open up a new Static Code Scan and wait for the result. When all the vulnerabilities are fixed, we get a sign-off.

Our company maintains highly confidential information about our clients. Keeping our systems and data secure and protected is at the heart of what we do. We use Veracode to help us in this endeavor. We rely on Veracode's products and services to ensure that we maintain the level of trust and confidence that our clients give to us.

Veracode helps our clients to deliver secure applications in an agile way in less time and focus the efforts of developers to work on real flaws, this can be done from a single SAST scan to a complete integration in a CI/CD enviroment, analyzing vulnerabilities in the code of the developers, thrid party libraries, executing dynamic anlysis all automated to be compaint to security standards and best practices

We use the Static Analysis feature of Veracode to ensure no vulnerabilities are present in our code bases. If a flaw is reported, we consult with the internal team and then set up a Veracode consultation if required for mitigation ideas. After fixing / mitigating the flaw we scan again to check if any further flaws are being reported - if not, we go ahead with the next steps in the project lifecycle.

For years Veracode has been an integral part of our process to reduce our security vulnerability footprint. All of our code is scanned through Veracode's static scan process to ensure we are removing any older vulnerabilities and not introducing new ones. We also use the software composition analysis information to ensure we aren't using any versions of third-party software which may have any vulnerabilities.