Rough start, but smooth sailing after
October 01, 2020

Rough start, but smooth sailing after

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)

Overall Satisfaction with Veracode

Several of our lines of business are using Veracode to scan our various project codebases for vulnerabilities or potential security holes. We also scan our 3rd-party static libraries and freeware to make sure that code is compliant. In my department, we scan our server code as well as our mobile client code.
  • Veracode quickly finds common code issues,
  • Veracode makes it easy to turn issues into Jira tickets.
  • Veracode integrates well with our CI/CD workflow.
  • Getting our iOS app set up to use Veracode took a lot of time and working with their support team to get our app to scan properly.
  • You need to make a special build target and then use Veracode's standalone app to package your iOS app for scanning.
  • Integration with Xcode would be ideal.
  • I feel safer knowing my code is secure.
We didn't really test any other products. Our IT department was using Black Duck before, but by the time we started doing scans on our codebase, they had decided on Veracode.
It was difficult at first to get our codebase set up so that Veracode could scan it. At first, the scan was very quick but found nothing wrong with the code. Then, the scan would hang for several days and then find nothing wrong with the code. We had to work with the support team and do some significant changes to our code to get it to the point where Veracode could scan it correctly. However, once that setup was done, scanning has been easy and very helpful.
Now that we know how Veracode wants us to prepare and submit our code for scanning, it's pretty straightforward. Still, I would like for Veracode to have a module that would connect with Xcode so that creating and submitting the archives for scanning is more baked-in.

Do you think Veracode delivers good value for the price?

Not sure

Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

I wasn't involved with the implementation phase

Would you buy Veracode again?


Atlassian JIRA Align (formerly AgileCraft), Atlassian Confluence, Bitbucket Server (formerly Stash)
Veracode is well suited for any business, with large codebases or multiple codebases, that needs to verify that their apps are secure from vulnerabilities. It works into some workflows better than others, though, so test drive it first to make sure it will work in your environment (especially if scanning iOS apps).