Overall Satisfaction with Veracode
Veracode is being used on our core system. For our customers, trust in the security of our software is critical. Being able to show our commitment to software security and the use of a trusted brand to check our code helps with turning prospective clients into paying customers. It also helps us in audits for the industry regulations we must meet.
- A focus only on code security--rather than cluttering up their offerings, Veracode focuses only on products and services around code security.
- Scanning code--their scanning engine seems to be among the best in class and has a very low false-positive rate.
- Reporting on the flaws found--the ability to review flaws from either a web interface or an IDE plugin helps speed up remediation.
- Security profiles--these aren't laid out very well and can be intimidating.
- Dynamic scanning--for some web applications, the dynamic scanner doesn't work well. It's one of the reasons we're not currently using it.
- User permissions--some of the permissions are confusingly labeled or don't make sense if different permission isn't enabled. Having cascading access profiles or grouping permissions would help a lot here.
- Increased trust in system security from clients
- Easier security audits for regulation compliance
- Faster remediation of security flaws before they get published
SonarQube is a great general code quality analyzer, and we do use it as a companion to Veracode. However, it's not security-focused and tends to have a higher false-positive rate for security issues it flags. It's also not as easy to generate reports from the findings unless you pay for the very expensive Enterprise edition. Qualys Cloud Platform only offers dynamic scanning, which we feel misses over half our platform code and thus is an incomplete solution for us.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes