Veracode Meets Our Needs
Updated June 09, 2022
Veracode Meets Our Needs
Score 8 out of 10
- Static Analysis (SAST)
Overall Satisfaction with Veracode
We employ Veracode's static and dynamic scanning offerings to scan our application code for vulnerabilities on a regular basis. We also use the software composition testing of third-party, open-source libraries as a check against our use of a second similar tool. These features, as well as others we employ external to Veracode, help to increase our application's security posture. We have also recently contracted for their manual APT offering.
- Static scanning is quick and efficient
- The scan reports are easy to read and informative
- Interaction with both account management and support staff is great
- The contracting process is easy
- The platform's interface could be a little more intuitive
- Sometimes we get a notification that our static license use has been exceeded but it has not
- Sometimes the static scan reports many, many potential flaws but it turns out the tool has not been programmed to correctly recognize a particular use case
- The configuration of dynamic scanning is a bit disjointed.
- It may just be our application but the dynamic scanning process needs to be improved. Note that we have an open case with Veracode on this so we do expect a resolution.
- Scanning capabilities
- Reporting capabilities
- Our use of the tools has allowed us to pass large client security requirements
- Our use of the tools has allowed us to more easily pass RFP security requirements
- Our use of the tools is beneficial in helping to meet general security audit requirements
We have not evaluated other solutions similar to those offered by Veracode.
Do you think Veracode delivers good value for the price?
Are you happy with Veracode's feature set?
Did Veracode live up to sales and marketing promises?
Did implementation of Veracode go as expected?
Would you buy Veracode again?
Use of this platform allows us to better control vulnerabilities and demonstrate to clients that we take our security posture seriously. Of course this, though important, is only one aspect of ensuring our code is as secure as possible. The feature set of the tool is quite mature and serves our needs quite well for the most part.
2 - Software Development management Software developer
2 - Knowledge in software development and software security is helpful if not required.
- Static scanning capabilities
- Dynamic scanning capabilities
- Manual APT offering
- We may integrate the dynamic scanning tool into our build process. The capability is there, we just have not explored it yet.
It is likely we will renew our use of the Static scanning tool. We will be evaluating and determining later whether we continue with the Dynamic scanning offering and the Manual APT service.
Evaluating Veracode and Competitors
- Product Features
Though it would have been smart to evaluate other, similar offerings, we did not due to time constraints. We would next time.
Quite painless for the most part though dynamic scanning configuration issues were encountered.
- Implemented in-house
Yes - Static scanning
Change management was minimal
- Dynamic scanning configuration
- No Training
Most areas can be figured out on your own. Other areas, depending on needs, may require a bit of assistance.
Just about right.
No - there is no facility to customize the interface
No - the product does not support adding custom code
We have only had to contact support a few times in the nine years we've used their products. For the most part, Veracode has been very responsive either via email or on calls. These requests have either been for something that did not seem to be right in the interface or for scan-finding call-outs.
Problems get solved
Kept well informed
No escalation required
Immediate help available
Support understands my problem
Support cares about my success
Quick Initial Response
No. Did not feel it was necessary. Standard support is fine for our requirements.
There have been a couple of times when their support staff has helped us collaboratively determine an appropriate direction in remediating a reported flaw. We have found them to be very knowledgeable and helpful in these situations.
Overall Veracode's static scanning tool works well and is pretty intuitive. I do find myself trying to remember how to find certain features or screens from time to time, but I eventually stumble upon them. To be fair, I am only in the tool once every three months. I do find their dynamic scanning tool a bit confusing regarding the setup and configuration of a target URL. I do eventually find things but I do believe this process could be improved upon.
- Scan reports
- Dynamic scan configuration
It meets our needs.
Veracode has always been up and available to us.
At this point, it runs well and mostly in a timely fashion. Dynamic scans take days but this may be a config issue still to be resolved.
Relationship with Veracode
They have always been very responsive to our needs.
They have always been responsive to our needs.
Not really. Members of all teams have been great to work with.