SAST and DAST
July 21, 2020
SAST and DAST
Score 9 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Dynamic Analysis (DAST)
Overall Satisfaction with Veracode
Veracode static and dynamic scanning tools are leveraged to ensure our mobile apps and website are free of critical software security issues. We run scans prior to releases to the app stores. Issues found in vendor SDKs are communicated to the vendors as a security and risk transfer mechanism.
- Integration flexibility
- Flaw detection
- RBAC
- Not all info visible in a flaw is easy to export/identify.
- Jira-Veracode integration is a bit cryptic at times.
- Workflow problems aren't obvious.
- Ensures we are aware of any security flaws
- Allows us to easily communicate security flaws to our vendors, and transfer risk
- Has lots of guidance for developers to remediate flaws
They are very different tools but cover roughly the same area.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes