Pushing security left in the SDLC saves you a lot of headaches.
Updated September 23, 2020
Pushing security left in the SDLC saves you a lot of headaches.
Score 8 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Dynamic Analysis (DAST)
Overall Satisfaction with Veracode
Resolve Systems is a platform that helps in automating across the entire IT ecosystem. It is a Java-based platform with multiple components involved and a user-facing interface to access the tool. Veracode is used across the whole organization to perform static scan in GitHub-based code repo and dynamic scans on a running deployed system. Veracode reports are helpful for Resolve in making the systems more secure and shared with the customers if they ask about the security of the product.
- Static Scan and Identifying Vulnerabilities
- Daily Scans with hooks provided in GitHub
- Reporting for executives and detailed levels for engineers
- Allowing to do multiple scans in case of fixes made
- Providing details of the vulnerability and recommend solutions
- Dynamic scans are not that good - Burp gives us better results.
- Static scans look for words like "password" but skips "p_assword."
- It made the software more secure.
- Made some of the deals possible because we have security scans done a daily basis
- Reports published are great and help us win deals when there are multiple vendors involved.
Veracode I think stands at the top of the pile when it comes to do static scans of the code base.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes