Meets our needs, but the UI experience is wanting
July 27, 2020
Meets our needs, but the UI experience is wanting
Score 6 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Dynamic Analysis (DAST)
Overall Satisfaction with Veracode
Veracode is used by our organization in order to figure out known vulnerabilities in our infrastructure, and also for guidance with fixing them. We do that in order to protect our business from undesirable events like a data breach, data loss, etc.
- Veracode's DAST (dynamic) and SAST (static) scans helped us to figure out existing vulnerabilities in our web apps. It also provided detailed information, and appropriate OWASP, CWE, etc. links to help our engineers remediate those vulnerabilities.
- Veracode's scans can be configured to run automatically on a schedule. With DAST, every time a scan runs, it automatically recognizes earlier issues that have been fixed and adds any new issues to the flaw inventory it maintains for any app.
- Veracode's Software Composition Analysis module identifies vulnerabilities in the dependencies that our apps use. It very conveniently lets us know whether we use the affected/vulnerable parts of any dependency.
- Veracode's UI is highly non-intuitive and a pain to work with. It's not a SPA (single-page app), it doesn't look visually appealing (feels like it's from another era), and navigating around is hard.
- Although with DAST/dynamic scans, the flaws that are reported in each successive scan get collected in a flaw inventory, where one can see which former issues were fixed, and which are pending a fix. This option is not available with SAST/scan issues for some reason.
- When creating a SAST scan manually, the time taken to upload files and validate them (before the scan can be initiated) is very high, and cannot be explained away by relying on internet speed. Also, files are uploaded sequentially, not parallel. This means that it can take hours before the scan is initiated.
- We have only started using Veracode in the past few months, and not identified any tangible impact. However, since our potential customers insist on us not having vulnerabilities and conduct independent checks, it does have the potential of helping us there. Also, there is a value attached to being less vulnerable to data breach or loss and compromise of our production systems, any of which will have a material impact on the appeal of our service.
Do you think Veracode delivers good value for the price?
Not sure
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
No
Would you buy Veracode again?
No