Veracode SAST--what a blast!
October 01, 2020
Veracode SAST--what a blast!

Score 8 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Software Composition Analysis (SCA)
- VeraCode Pipeline Scan
Overall Satisfaction with Veracode
We currently utilize Veracode primarily for Static Analysis Security Testing (SAST). Additionally, we are in implementing Veracode's pipeline scanning as part of CI/CD pipelines for static analysis in the DEV, STAGING environments for our applications. Veracode is primarily used by the Information Security team as well as our in-house development teams across the organization. One of the core business problems it addresses is managing the risk introduced by our in-house applications.
- Veracode performs Static Analysis Security Testing very well and does not contain a lot of false positives (if any).
- Great for automation especially with pipeline scanning in the CI/CD for automating SAST.
- User friendly
- Integrations for many platforms
- Supported languages
- Supported languages improvement
- More documentation around pipeline scanning
- Microservices support
- Veracode has increased security posture of mission-critical applications
- Microservices have been easily scanned with Veracode
- Positive impact for CI/CD SAST with Veracode
Do you think Veracode delivers good value for the price?
Not sure
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
No