Item: Veracode
Rating: 6
Author: Verified User

Use Cases and Deployment Scope

We use it to have all our security scanning tools under one platform (DAST, SAST, and SCA). We use it for our main software product. The issue it addresses is keeping all of the security scans under one platform, so it's easy to see at a glance where we stand.

Pros and Cons

SCA - Very simple to run and results are actionable

DAST - We are in the process of trying to switch from Acunetix, but have yet to run a successful DAST scan as there are 'technical issues' each time.
SAST - While it has been boasted as being fast, it does take quite a while for our codebase to be scanned (roughly 1 day). Otherwise, the results seem OK.

Return on Investment

Currently, neutral until we get the DAST scanning working well. The pricing model is also very confusing and doesn't make much sense to us.

Alternatives Considered

Acunetix, Detectify and Cobalt

Veracode is an all-in-one solution, whereas the others have various tools, but not an all-encompassing solution.

Support Rating

They're generally responsive, but haven't been able to figure out our issues yet.

Usability

Some products are straightforward to use and 'just work', whereas others are not. The instructions are well documented.

Key Insights

Do you think Veracode delivers good value for the price?

Not sure

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

Yes

Did implementation of Veracode go as expected?

Would you buy Veracode again?

Yes

Likelihood to Recommend

If you are a company that has to meet ever-growing security needs and doesn't have a super security-savvy workforce that can do their own analysis and testing, then I would recommend moving forward with Veracode. It does put everything under one umbrella.

Good security platform, but run trial first.

Modules Used

Overall Satisfaction with Veracode