Helps provide security policy reassurance to clients
October 10, 2020

Helps provide security policy reassurance to clients

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)

Overall Satisfaction with Veracode

It is used by our IT group to detect security flaws on a regular basis. We have different policies/security gates for different clients that we need to comply with and Veracode provides a detailed report from our scans that goes directly to our clients.
  • Detailed Report provided to our clients
  • Identify flaws in our development
  • Provides proposed solution to identify the problem
  • We opened an issue with Veracode that was never resolved. We need a better response when something is not right.
  • Too many false positives
  • The interface could be a bit more user friendly.
  • I am a software architect and do not have access to this information.
These are not like Veracode, but things that we use in addition to Veracode to make sure we reduce our vulnerabilities, not only in our application but also in the dependencies that we add to our application.
The only reason I use 8 is because of the issue that was never resolved. The problem is that the application that we use is currently in production in Java 7. The scanner that Veracode provides prints as Java 8. This is either the wrong scanner or the version being printed in the report is incorrect.
I think this is a place that could be improved. Maybe you guys need a good UX architect. There is plenty that the product can do, but sometimes you need to do a lot of digging to find it.

Do you think Veracode delivers good value for the price?

Not sure

Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

I wasn't involved with the implementation phase

Would you buy Veracode again?


I think it really works well for companies that provide services to other companies or integrate their software to other companies (as we do) and need to provide a level of security to their clients. It works as a testament to how secure your application is and how you address ongoing threats.