My Veracode Review
Overall Satisfaction with Veracode
We are using the tool to scan our code for vulnerabilities on a regular basis and fix the issues.
Secondly, we are using the software composition for 3rd-party open sources to indicate any vulnerabilities and upgrade possibilities related both to vulnerabilities and license issues and their support types.
Secondly, we are using the software composition for 3rd-party open sources to indicate any vulnerabilities and upgrade possibilities related both to vulnerabilities and license issues and their support types.
Pros
- It's a SaaS, which we aim to use.
- We want a tool to pinpoint real vulnerabilities and not just throw 1000s of them.
- We wanted a tool to support mitigation action and to keep it for the next runs as well.
Cons
- We purchased 2 licenses and sometimes we get alerted on over use. Veracode checks this issue, as it seems to be the tool's problem.
- The UX could be more intuitive.
- It didn't find any vulnerabilities in our client-side code base, which I think is weird.
- Our customers demand that we will use such a tool.
- We keep the code clean from vulnerabilities as much as possible.
- We upgrade our 3rd-party open sources due to the scanning.
With Fortify we got 1000s of vulnerabilities and we just could not overcome them and in each scan we discovered more and more in scales that were not managed. Also, the tool was on-prem and we had to deal with upgrades and server issues and maintain it by our IT guys. The tool didn't support some of our coding languages that Veracode does support.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes
Comments
Please log in to join the conversation