Great SAST solution for DevSecOps Pipeline
October 23, 2020
Great SAST solution for DevSecOps Pipeline
Score 10 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
Overall Satisfaction with Veracode
My client uses Veracode for scanning code. It is used to verify that Java, NodeJS, & Python micro-services as part of CI/CD Pipeline (Bamboo, Jenkins, & Gitlab CI). Veracode is constantly run throughout internal applications source code to ensure the security hygiene of the code.
Pros
- The newly launched Veracode pipeline scan is pretty awesome. It’s quick & synchronous pipeline friendly.
- Veracode has a selection of workflows, documentation, and integration tools that make it useful for keeping all of my teammates on the same page.
- Veracode is very user-friendly. Its UI is organized and keeps all the different scans we have set-up in a very clean visual.
Cons
- Fewer false positives
- Veracode could improve on language-specific recommendation, e.g., you scan Python source code and get remediation instruction on Java language.
- Veracode price is in the high range. I believe with all its competition; the pricing could be a little better.
- 30% reduction in vulnerability remediation efforts
- Veracode helped us meet Industry standards and made security an integral part of our XL release cycle.
Do you think Veracode delivers good value for the price?
Not sure
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes
Comments
Please log in to join the conversation