Good product, lives up to the promises ... for a price
March 19, 2021

Good product, lives up to the promises ... for a price

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)

Overall Satisfaction with Veracode

Our Engineering department uses Veracode as a check on the software we develop before release and distribution to our customers or our SaaS environment. It's one of the most important tools in ensuring our security policies are upheld by development teams. We integrate Veracode into our CI/CD pipelines so that we don't have to wait long for results.
  • Accurate results
  • Understandable reports
  • Helps us stay on top of the changing security landscape
  • Good open source analysis
  • Scans can be slow depending on size
  • Some less common programming languages aren't supported
  • IDE integration costs extra
  • High cost
  • Helps demonstrate our security posture to customers and prospects
  • Important tool to point to as evidence in security audits
We selected Veracode because it has performed well for us in the previous period and because it's perceived as a top product by our customers. However, at our next renewal period, I expect to reconsider JFrog Xray for this as it may fit better into our development pipeline and may have a lower price.

Do you think Veracode delivers good value for the price?

Not sure

Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?


Did implementation of Veracode go as expected?


Would you buy Veracode again?


Veracode is good for static analysis of common programming languages. The results are easy to understand and take action on. But it's not immediate, you need some time in the cycle to detect and fix issues: if you're pushing to prod 50 times a day, figure out where this fits in the process. Also, it's not as useful where configuration or deployment are the major concerns.