Impressive code security scanning tool
October 18, 2020
Impressive code security scanning tool
Score 10 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
Overall Satisfaction with Veracode
The application development and IT security teams use Veracode in my company. We use Veracode for security scanning of application code developed in-house. Our IT security team uses Veracode to set up security policies on security scans of in-house applications. It is part of security implementation to use Veracode for code security scanning to ensure our in-house development team follows and pertains to the industry standard of developing with secure code.
- Easy to follow the scanning process and scan results with suggestions on how to remediate security flaws discovered
- Proactive support to customers. Our account manager at Veracode constantly set up meetings with us to understand our progress of code scanning and provides us advice on any problems and questions we come across in using Veracode.
- Our yearly subscription to Veracode allows us to set up up to three consulting service sessions to address our problem in security risk remediation. We just set up one consulting service session lately and the representative from Veracode is very knowledgeable about the programming language/framework we use and provides us very helpful advice on remediation of specific types of flaws.
- Provide better documentation and information on using their integration component. We use the Veracode extension for TFS but have a problem understanding based on what conditions the component will return a "Pass" or "Failed" status of security scan back to TFS.
- Assists in ensuring application development adheres to security standards
- Transparency of application quality to other IT groups, stakeholders, and even to our business users
SonarQube or Sonar Cloud focuses on scanning for coding good practice and code security is not covered as extensively as Veracode. SonarQube is free but required installation on an on-prem server. Subscription to Sonar Cloud (Saas version of Sonar Qube) is cheaper but does not meet our requirements on a security scan of application code.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes