Beginning the journey of vulnerability scanning with Veracode
July 21, 2020
Beginning the journey of vulnerability scanning with Veracode
Score 6 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Dynamic Analysis (DAST)
- pipelines ci scanner
Overall Satisfaction with Veracode
It is used by our IT department to mitigate security vulnerabilities. We also use the pipeline scanner in our continuous deployment system to gate any potential security vulnerabilities introduced by new code.
- Great documentation and examples
- Availability of consultations for addressing any concerns after scans
- They have a pipeline scanner, which fits nicely in our deployment strategy.
- Using the console (UI) is a bit cumbersome.
- No CLI
- Cannot adjust timeout for automatic logout.
- Achieving SOC
- We've verified that we don't have severe or high vulnerabilities.
- From what I understand, it is a bit expensive.
I don't have any experience with any competitive products. However, GitLab/GitHub have their own vulnerability scanners (code level) that are natively integrated at the source.
Do you think Veracode delivers good value for the price?
Not sure
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
No