Veracode, a great security tool for everyone
To be SoC2 and ISO compliant and also to protect our SaaS, we are using this tool to scan every component that we build for SA and SCA.
we …
we …
Overview
What is Veracode?
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Reviewer Pros & Cons
- Veracode continues to update their platforms, their capabilities, and their research often; the promise of continuous improvement from all facets prov...
- We would also like to see Veracode continue to improve their dynamic scan offerings; with the recent addition of DAST Essentials we feel this improvem...
Video Reviews
1 video
Veracode Review: Provides Helpful Support When Troubleshooting Security Needs
02:38
Pricing
N/A
Unavailable
What is Veracode?
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
944 people also want pricing
Alternatives Pricing
What is SonarQube?
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.
What is Indusface WAS?
Indusface Web Application Scanner provides an application security audit to detect a range of high-risk Vulnerabilities, Malware, and Critical CVEs.
Product Details
- About
- Integrations
- Competitors
- Tech Details
- Downloadables
- FAQs
What is Veracode?
The Veracode platform is a software security solution that aims to be pervasive but not invasive, embedded into the environments that developers work in, with recommended fix and in-context learning. Security teams can use Veracode to manage policy, gain a comprehensive view of an organization's security posture though analytics and reporting, mitigate risks, and produce the evidence necessary to meet regulatory requirements.
It is presented as an always-on, continuous orchestration of secure development that gives organizations the confidence that the software being built is secure and meets compliance requirements.
Veracode Features
- Supported: Continuous Scanning to reduce risks at every phase of development - Veracode Static Analysis, Dynamic Analysis, Software Composition Analysis, and Manual Penetration Test throughout SDLC.
- Supported: Developer Experience - Finds and fixes laws in line with security integration into where developers work, automated remediation guidance, and in-context learning.
- Supported: Comprehensive Platform Experience - Streamlined governance, risk and compliance processes through flexible policy management, unified reporting and analytics, and peer benchmarking to mitigate risks fast and deliver a successful DevSecOpsprogram.
- Supported: Market Expansion - To meet data residency needs in EU with cloud-native instance built in Frankfurt, Germany on AWS.
- Supported: Contextual Platform Data - Fine-tuned with nearly 2 decades of scanning and customer learning. Predicts future vulnerabilities with self-healing capabilities through applying machine learning and artificial intelligence to the data.
- Supported: Cloud-native SaaS Architecture - Provides elastic scalability, high performance, and lower costs with cloud-native SaaS architecture.
Veracode Screenshots
Veracode Videos
Veracode Static Analysis Demo
Veracode Software Composition Analysis Demo
Veracode Dynamic Analysis Demo
Watch The Veracode Platform
Veracode Integrations
Veracode Competitors
Veracode Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | North America, EMEA, APAC, LATAM |
| Supported Languages | Java, .NET, PHP, Android, iOS, JavaScript, Python |
Veracode Downloadables
Frequently Asked Questions
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Reviewers rate Support Rating highest, with a score of 8.
The most common users of Veracode are from Enterprises (1,001+ employees).
Veracode Customer Size Distribution
| Consumers | 0% |
|---|---|
| Small Businesses (1-50 employees) | 18% |
| Mid-Size Companies (51-500 employees) | 65% |
| Enterprises (more than 500 employees) | 17% |
Comparisons
Compare with
Reviews and Ratings
(197)Attribute Ratings
Reviews
(1-10 of 10)Companies can't remove reviews or game the system. Here's why
March 18, 2024
Veracode, a great security tool for everyone
very, there should be more out of the box dashboards and we would like more reporting features
March 15, 2024
Great In-Depth Analysis of In-House Applications
The reporting and analytic features are critical to any security program, with ours being no exception. Being able to report various statistics and metrics, especially in condensed formats as Veracode helps to provide, is something that we feel is very important especially in regards to more executive management. This helps to transform the work we perform in our development security practices into a more tangible form of numbers for our decision-makers. To this extent we use both the reporting dashboards as well as the individual report exports to provide up-to-date information to relevant parties.
March 06, 2024
Veracode User Experience
The reporting side, we mainly use for internal reporting to the executive team, but in some cases we show the report to potential or existing clients.
Analytics is used by our development and operational team to make sure that vulnerabilities are rectified.
Analytics is used by our development and operational team to make sure that vulnerabilities are rectified.
March 03, 2024
Best in Security
The reporting and analytic features of a solutions for our use case is absolutely imperative. We have integrated Veracode with Jira, Brinqa and Service Now to streamline the process of reporting issues to our engineering team. These integrations are the cornerstone of our workflow, allowing us to communicate security findings to engineering team for remediations.
March 01, 2024
Sleep Soundly - Use Veracode
The reporitng and analytic features are very useful, both for new products and established products. For new products, it establishes a baseline from which we can clean up any issues. For established products, it's helpful to see how items featured in the reporting and analytic features have changed over time. Very useful.
February 27, 2024
Veracode SAST review
Our product has undergone successive enhancements that have left their mark.
The reporting and analysis functions of a solution are very important to us.
We use the many metrics available in Veracode to help us show the progress we've made and the progress still to be made.
We also collect other metrics, for example, every Quality gate failure is also tracked and reported as an incident metric.
The reporting and analysis functions of a solution are very important to us.
We use the many metrics available in Veracode to help us show the progress we've made and the progress still to be made.
We also collect other metrics, for example, every Quality gate failure is also tracked and reported as an incident metric.
February 27, 2024
Veracode to the Rescue!
Score 10 out of 10
Vetted Review
Verified User
Very important! They're used daily to check on progress and stay on top of new defects as they pop up. It's also useful for identifying application functions that are repeatedly generating defect reports so we can hone in to the defective code, fix it, and clear out potentially hundreds of reported CWEs in one fell swoop.
February 15, 2024
Great products; + Great price.
We basically depend on static scanning in the pipeline. The only time we look at the reports is after PEN testing.
February 13, 2024
Worth the investment
Incredibly important. These features allow us to show our leadership what we have accomplished and plan to accomplish in the coming months.
January 16, 2024
Great DAST and Penetration Testing Platform.
Very important. The ability to customize reporting for internal and external stakeholders is key in ensuring appropriate information is shared with the right parties. Reports can be customized, defaulted to executive summaries, made to meet PCI requirements, etc.