Good solution for our project
October 23, 2020

Good solution for our project

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Dynamic Analysis (DAST)
  • Penetration Testing

Overall Satisfaction with Veracode

Veracode is currently used as a code-scan and penetration testing solution for a major project at our company, as mandated by our client. It is not currently used across our organization.

Pros

  • Support is very helpful and responsive.
  • The quality of vulnerability findings is good. Generally not too many false positives and if there are, there is a process for mitigating them so they do not keep appearing.
  • Documentation on suggested resolutions for findings is good. There is ample explanation and links to helpful resources to aid in researching the best mitigation solution.

Cons

  • The portal can be a little confusing to navigate around. It can be difficult to find what you're looking for and I would sometimes have to reach out to support to get detailed instructions on where to click.
  • The organization of the reports could be better. Would prefer to have all the information for a vulnerability in one section.
  • The process for mitigation is confusing and seems to change every year. Our team was unsure of what the next steps were and what meetings needed to be held and had to reach out to support to clarify. The terminology also seemed to change from previous years.
  • Veracode satisfied a requirement from our client and also helped highlight important vulnerabilities that our team was able to mitigate.
Veracode was selected by our client so a comparison against other vendors was not done.
The support team was very helpful and responsive, usually replying back to emails within a few hours.
Setting up the scans isn't too difficult and there is documentation on them. Navigating the portal and understanding the report is not as easy as we would've liked. The end to end process was quite confusing and we did not see or receive any documentation on it.

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

Yes

Would you buy Veracode again?

Yes

Veracode was a good solution for our product, but there were aspects of using it that our team found confusing/difficult.

Comments

More Reviews of Veracode