Veracode delivers great overall SCA value
May 28, 2020

Veracode delivers great overall SCA value

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)

Overall Satisfaction with Veracode

Veracode (& SourceClear) has been used for Static Code Analysis & Software Composition Analysis for some of our products.
  • Software Composition Analysis - found 3rd-party vulnerability issues quickly on each scan
  • Static Code Analysis - found specific security issues that detect hidden backdoors and malicious code
  • Static Code Analysis works very well for node.js scan.
  • Embedded C++ scan doesn't support ARM platform.
  • Enable automatic import for SourceClear found issues for each scan into JIRA (Cloud).
  • Identifying 3rd-party vulnerability issues before shipping software to the production site is a huge win for us.
  • Resolving potential malicious code found from SCA scan helps tremendously as well.
Veracode has SourceClear now, which is a huge win being able to scan for 3rd-party vulnerability issues.

Veracode has node.js SCA scan that works well for us (that's why we chose Veracode in the first place).
Sometimes it takes 2 days before hearing back from someone in the support team.

Do you think Veracode delivers good value for the price?


Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?


Did implementation of Veracode go as expected?


Would you buy Veracode again?


Veracode is best suited for node.js static code analysis & software composition analysis. It is less appropriate for ARM platform C++ SCA scan (not working).