Veracode Meets Our Needs
Updated June 09, 2022
Veracode Meets Our Needs
Score 8 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
Overall Satisfaction with Veracode
We employ Veracode's static and dynamic scanning offerings to scan our application code for vulnerabilities on a regular basis. We also use the software composition testing of third-party, open-source libraries as a check against our use of a second similar tool. These features, as well as others we employ external to Veracode, help to increase our application's security posture. We have also recently contracted for their manual APT offering.
Pros
- Static scanning is quick and efficient
- The scan reports are easy to read and informative
- Interaction with both account management and support staff is great
- The contracting process is easy
Cons
- The platform's interface could be a little more intuitive
- Sometimes we get a notification that our static license use has been exceeded but it has not
- Sometimes the static scan reports many, many potential flaws but it turns out the tool has not been programmed to correctly recognize a particular use case
- The configuration of dynamic scanning is a bit disjointed.
- It may just be our application but the dynamic scanning process needs to be improved. Note that we have an open case with Veracode on this so we do expect a resolution.
- Scanning capabilities
- Reporting capabilities
- Our use of the tools has allowed us to pass large client security requirements
- Our use of the tools has allowed us to more easily pass RFP security requirements
- Our use of the tools is beneficial in helping to meet general security audit requirements
We have not evaluated other solutions similar to those offered by Veracode.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
No
Would you buy Veracode again?
Yes
Using Veracode
2 - Software Development management Software developer
2 - Knowledge in software development and software security is helpful if not required.
- Static scanning capabilities
- Dynamic scanning capabilities
- Manual APT offering
- We may integrate the dynamic scanning tool into our build process. The capability is there, we just have not explored it yet.
Evaluating Veracode and Competitors
- Product Features
Though it would have been smart to evaluate other, similar offerings, we did not due to time constraints. We would next time.
Veracode Implementation
- Implemented in-house
Yes - Static scanning
Manual APT
Dynamic scanning
Manual APT
Dynamic scanning
Change management was minimal
- Dynamic scanning configuration
Veracode Training
- No Training
Most areas can be figured out on your own. Other areas, depending on needs, may require a bit of assistance.
Configuring Veracode
No - there is no facility to customize the interface
No - the product does not support adding custom code
Veracode Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success Quick Initial Response | None |
No. Did not feel it was necessary. Standard support is fine for our requirements.
There have been a couple of times when their support staff has helped us collaboratively determine an appropriate direction in remediating a reported flaw. We have found them to be very knowledgeable and helpful in these situations.
Using Veracode
Pros | Cons |
---|---|
None | None |
- Scan reports
- Dynamic scan configuration
Veracode Reliability
Relationship with Veracode
Pricing
Not really. Members of all teams have been great to work with.
Comments
Please log in to join the conversation