Overall Satisfaction with Veracode
We use it in the IT department to scan websites for security vulnerabilities. We aim to catch static and dynamic flaws before releasing code to production. We are incorporating it into our Agile development process with the goal to become more mature with that integration so that we can have an Advanced Application Security Program.
- Scan as a service
- Less false positives
- Helpful support
- Scans can take a long time.
- Need more feedback for active scans.
- Has to compile.
- Catch vulnerabilities during development.
- Make security a priority.
- Increase confidence.
I used AppScan for dynamic scanning when it was IBM, but it was too clunky and hard to use. Developers and testers needed to spend quite a bit of time configuring scans. I also used Checkmarx for static scanning and it was faster, but it requires you to install on your own infrastructure.
Veracode support is prompt and always there to help. They are willing to get on a call with you to resolve the issue as much as possible. I have wanted more information from them at times but I have only interacted with a few support staff. They will have to escalate to other team members depending on complexity.
Do you think Veracode delivers good value for the price?
Are you happy with Veracode's feature set?
Did Veracode live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Veracode go as expected?
Would you buy Veracode again?
Veracode is the most well rounded security tool I have used to scan both dynamic and static code in my career. Scanning as a service means I don't have to setup my own infrastructure and application, or deal with upgrades. But it does mean you will be put in a queue with others.