Overall Satisfaction with Veracode
We use it in the IT department to scan websites for security vulnerabilities. We aim to catch static and dynamic flaws before releasing code to production. We are incorporating it into our Agile development process with the goal to become more mature with that integration so that we can have an Advanced Application Security Program.
- Scan as a service
- Less false positives
- Helpful support
- Scans can take a long time.
- Need more feedback for active scans.
- Has to compile.
- Catch vulnerabilities during development.
- Make security a priority.
- Increase confidence.
- HCL AppScan (formerly from IBM) and Checkmarx
I used AppScan for dynamic scanning when it was IBM, but it was too clunky and hard to use. Developers and testers needed to spend quite a bit of time configuring scans. I also used Checkmarx for static scanning and it was faster, but it requires you to install on your own infrastructure.
Do you think Veracode delivers good value for the price?
Not sure
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes