Item: Veracode
Rating: 6
Author: Verified User

Use Cases and Deployment Scope

It is used by our IT department to mitigate security vulnerabilities. We also use the pipeline scanner in our continuous deployment system to gate any potential security vulnerabilities introduced by new code.

Pros and Cons

Great documentation and examples
Availability of consultations for addressing any concerns after scans
They have a pipeline scanner, which fits nicely in our deployment strategy.

Using the console (UI) is a bit cumbersome.
No CLI
Cannot adjust timeout for automatic logout.

Return on Investment

Achieving SOC
We've verified that we don't have severe or high vulnerabilities.
From what I understand, it is a bit expensive.

Alternatives Considered

I don't have any experience with any competitive products. However, GitLab/GitHub have their own vulnerability scanners (code level) that are natively integrated at the source.

Support Rating

Support responds in a timely manner and the documentation is good. I would like to see more programming languages supported when giving examples.

Key Insights

Do you think Veracode delivers good value for the price?

Not sure

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

Yes

Would you buy Veracode again?

Likelihood to Recommend

The pipeline scanner is a really good option (and underrepresented) for teams using continuous deployment. I wish things were more automatic. The fact that I have to create a zip file of all my reports and upload them is very time-consuming. It should have a more active way of scanning modules for vulnerabilities.

Beginning the journey of vulnerability scanning with Veracode

Modules Used

Overall Satisfaction with Veracode