Veracode SAST--what a blast!
October 01, 2020

Veracode SAST--what a blast!

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)
  • VeraCode Pipeline Scan

Overall Satisfaction with Veracode

We currently utilize Veracode primarily for Static Analysis Security Testing (SAST). Additionally, we are in implementing Veracode's pipeline scanning as part of CI/CD pipelines for static analysis in the DEV, STAGING environments for our applications. Veracode is primarily used by the Information Security team as well as our in-house development teams across the organization. One of the core business problems it addresses is managing the risk introduced by our in-house applications.

Pros

  • Veracode performs Static Analysis Security Testing very well and does not contain a lot of false positives (if any).
  • Great for automation especially with pipeline scanning in the CI/CD for automating SAST.
  • User friendly
  • Integrations for many platforms
  • Supported languages

Cons

  • Supported languages improvement
  • More documentation around pipeline scanning
  • Microservices support
  • Veracode has increased security posture of mission-critical applications
  • Microservices have been easily scanned with Veracode
  • Positive impact for CI/CD SAST with Veracode
I give this a 10/10 regarding overall support for VeraCode because they always meet the customers expectations when it comes to support, especially during consultation services, they strive to ensure the customer leaves satisfied and all issues are addressed.
I give this a 10/10 score because Veracode is pretty straightforward when it comes to overall usability.

Do you think Veracode delivers good value for the price?

Not sure

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

Yes

Would you buy Veracode again?

No

Qualys Web Application Scanning (WAS), Acunetix
If asked by a colleague how likely I would be to recommend Veracode on a scale from 1 to 10, I would go with an 8. Veracode is well suited for static analysis security testing (SAST), especially with the new pipeline scanning for easily being able to automate SAST within any CI/CD pipelines. I cannot really think of anything where Veracode is less appropriate, it's a great security asset.

Comments

More Reviews of Veracode

  1. Home
  2. Application Security Tools
  3. Veracode Reviews
  4. User Review of Veracode