July 21, 2020


Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Dynamic Analysis (DAST)

Overall Satisfaction with Veracode

Veracode static and dynamic scanning tools are leveraged to ensure our mobile apps and website are free of critical software security issues. We run scans prior to releases to the app stores. Issues found in vendor SDKs are communicated to the vendors as a security and risk transfer mechanism.
  • Integration flexibility
  • Flaw detection
  • RBAC
  • Not all info visible in a flaw is easy to export/identify.
  • Jira-Veracode integration is a bit cryptic at times.
  • Workflow problems aren't obvious.
  • Ensures we are aware of any security flaws
  • Allows us to easily communicate security flaws to our vendors, and transfer risk
  • Has lots of guidance for developers to remediate flaws
They are very different tools but cover roughly the same area.
I've interacted with support many times and they have resolved all of our issues or informed product, and they have engaged their engineering team.

Do you think Veracode delivers good value for the price?


Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?


Did implementation of Veracode go as expected?


Would you buy Veracode again?


VMware Carbon Black EDR (formerly cb response), Sumo Logic, Code42 (formerly CrashPlan)
Veracode supports a variety of programming languages, which is great. The team is open to feedback and wants to continuously improve the product.