Good solution for our project
October 23, 2020
Good solution for our project
Score 8 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Dynamic Analysis (DAST)
- Penetration Testing
Overall Satisfaction with Veracode
Veracode is currently used as a code-scan and penetration testing solution for a major project at our company, as mandated by our client. It is not currently used across our organization.
- Support is very helpful and responsive.
- The quality of vulnerability findings is good. Generally not too many false positives and if there are, there is a process for mitigating them so they do not keep appearing.
- Documentation on suggested resolutions for findings is good. There is ample explanation and links to helpful resources to aid in researching the best mitigation solution.
- The portal can be a little confusing to navigate around. It can be difficult to find what you're looking for and I would sometimes have to reach out to support to get detailed instructions on where to click.
- The organization of the reports could be better. Would prefer to have all the information for a vulnerability in one section.
- The process for mitigation is confusing and seems to change every year. Our team was unsure of what the next steps were and what meetings needed to be held and had to reach out to support to clarify. The terminology also seemed to change from previous years.
- Veracode satisfied a requirement from our client and also helped highlight important vulnerabilities that our team was able to mitigate.
Veracode was selected by our client so a comparison against other vendors was not done.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes