Impressive code security scanning tool
October 18, 2020

Impressive code security scanning tool

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)

Overall Satisfaction with Veracode

The application development and IT security teams use Veracode in my company. We use Veracode for security scanning of application code developed in-house. Our IT security team uses Veracode to set up security policies on security scans of in-house applications. It is part of security implementation to use Veracode for code security scanning to ensure our in-house development team follows and pertains to the industry standard of developing with secure code.


  • Easy to follow the scanning process and scan results with suggestions on how to remediate security flaws discovered
  • Proactive support to customers. Our account manager at Veracode constantly set up meetings with us to understand our progress of code scanning and provides us advice on any problems and questions we come across in using Veracode.
  • Our yearly subscription to Veracode allows us to set up up to three consulting service sessions to address our problem in security risk remediation. We just set up one consulting service session lately and the representative from Veracode is very knowledgeable about the programming language/framework we use and provides us very helpful advice on remediation of specific types of flaws.


  • Provide better documentation and information on using their integration component. We use the Veracode extension for TFS but have a problem understanding based on what conditions the component will return a "Pass" or "Failed" status of security scan back to TFS.
  • Assists in ensuring application development adheres to security standards
  • Transparency of application quality to other IT groups, stakeholders, and even to our business users
SonarQube or Sonar Cloud focuses on scanning for coding good practice and code security is not covered as extensively as Veracode. SonarQube is free but required installation on an on-prem server. Subscription to Sonar Cloud (Saas version of Sonar Qube) is cheaper but does not meet our requirements on a security scan of application code.

I think support for Veracode is excellent. Their Helpdesk service is quick in response. I can receive suggested solutions within a day after I submit a ticket through email. They have allocated an account manager who constantly sets up follow-up meetings to ensure their customers can fully utilize Veracode and follow best practices. We can also request to set up a Consulting Service session to address specific code scanning issues we come across.

It offer versatile interface for kicking off code security scanning. We can submit for code scanning from Visual Studio on application we are still working on. We can manually upload our application files for scanning using the web interface. We can also install Veracode extension to our TFS instance to kick off automatic code scanning in our building/release definitions.

Do you think Veracode delivers good value for the price?


Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?


Did implementation of Veracode go as expected?


Would you buy Veracode again?


I really like the product as well as the quality of custom services provided by Veracode staff.


More Reviews of Veracode