Pushing security left in the SDLC saves you a lot of headaches.
Updated September 23, 2020

Pushing security left in the SDLC saves you a lot of headaches.

Rahul Chugh | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Dynamic Analysis (DAST)

Overall Satisfaction with Veracode

Resolve Systems is a platform that helps in automating across the entire IT ecosystem. It is a Java-based platform with multiple components involved and a user-facing interface to access the tool. Veracode is used across the whole organization to perform static scan in GitHub-based code repo and dynamic scans on a running deployed system. Veracode reports are helpful for Resolve in making the systems more secure and shared with the customers if they ask about the security of the product.

  • Static Scan and Identifying Vulnerabilities
  • Daily Scans with hooks provided in GitHub
  • Reporting for executives and detailed levels for engineers
  • Allowing to do multiple scans in case of fixes made
  • Providing details of the vulnerability and recommend solutions
  • Dynamic scans are not that good - Burp gives us better results.
  • Static scans look for words like "password" but skips "p_assword."
  • It made the software more secure.
  • Made some of the deals possible because we have security scans done a daily basis
  • Reports published are great and help us win deals when there are multiple vendors involved.
Veracode I think stands at the top of the pile when it comes to do static scans of the code base.
We have not used the support system that much so far, but as I hear from the Sales team, I guess they are really smart engineers who can help us solve the security issues or at least point us to the right direction when it comes to resolving the security vulnerabilities found by the system.

Do you think Veracode delivers good value for the price?


Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?


Did implementation of Veracode go as expected?


Would you buy Veracode again?


Veracode is well suited for Static Code scans for an organization that wants to push security to the left of the development cycle. It has given Resolve Engineers a good sense of security and its needs when it comes to engineering.

Veracode is less suitable for dynamic scans as I can see that it did not work much for the Resolve product.