My experience with Veracode
August 06, 2020

My experience with Veracode

Anonymous | TrustRadius Reviewer
Score 5 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)

Overall Satisfaction with Veracode

Veracode was used to identify possible security issues using static code analysis.
  • It's a robust analysis that looks at all of the code submitted.
  • Veracode is current on the latest CVE issues.
  • The report is hard to work with and requires mouseovers to get at critical information.
  • Exporting the report leaves out critical information.
  • There were many false positives reported.
  • The UI for marking remediations is convoluted and difficult.
  • The process for uploading code is difficult and poorly documented.
  • It helped identify weaknesses, as expected.
We had a client that insisted on the use of Veracode.
When I made support calls, I was able to get to have a good conversation with a competent engineer.

Do you think Veracode delivers good value for the price?


Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?


Would you buy Veracode again?


It does a good job of searching the entire code against all known CVE issues. However, users may be better served by incorporating open source tools instead, to do static code analysis.