Great solutions together in the same platform
July 21, 2020

Great solutions together in the same platform

RICARDO LIMA | TrustRadius Reviewer
Score 9 out of 10
Vetted Review

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)
  • Dynamic Analysis (DAST)

Overall Satisfaction with Veracode

It is used by the whole organization, not only development. It helps us fix vulnerabilities quicker, reinforce our security policies, and it even helps our decision making. It gives us indicators that help us to see our evolution in the maturity of our development teams. Veracode helps us guarantee that the solutions we develop for our clients are secure.
  • Output of indicators
  • Integrations
  • Easy to use and manage
  • Auditing
  • Integrations: they could be more customizable
  • Veracode License: this needs to be more transparent
  • Veracode DAST: needs to be more customizable. I want to be able to define the types of attacks that are going to occur.
  • Fix vulnerabilities faster, meaning in the pentest stages there are fewer vulnerabilities to address
  • Helps us prioritize vulnerabilities to address, saving time on what's really important
  • The licensing format is very good
The first solution we considered was Sonar, but the number of manual things to do made us go for Veracode. Veracode currently helps us in SAST, SCA, and DAST. All in the same solution and platform, and it organizes like a security hub.
We went through a lot of questions about the solutions, integrations, etc. when we were in the implementation stage. All the times we contacted Veracode's support our questions were solved in less than a week.

Do you think Veracode delivers good value for the price?


Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?


Did implementation of Veracode go as expected?


Would you buy Veracode again?


Good scenarios: Veracode is very adaptable. We have multiple projects, and it helps us very well. Big projects or small projects, it's very good.

Bad Scenarios: For me, two scenarios didn't go so well. The first one is if you are using JIRA as your bugging tracker, the integration didn't work for me. The second is if you need to scan APIs endpoints, which Veracode currently doesn't.