1. Home
  2. Application Security Tools
  3. Veracode Reviews
  4. User Review of Veracode
Veracode Review
Updated September 24, 2021

Veracode Review

Oleksandr Klymenko | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)

Overall Satisfaction with Veracode

Veracode is used in the software R&D department. It is an important stage in our quality process. With using Veracode, we make sure that our source code corresponds to high security standards. We also use it for checking security in 3rd party libraries used in our products. For us, Veracode address the static scanning part of security testing. So together with Secure design principles, penetration testing, and security scanning Veracode adds its value into our company security program and helps to make products better from security and code quality perspective.
  • Tools for Continuous integration (Jenkins integration, Pipeline plugin, Agent-based SCA.
  • Intuitive interface.
  • Great reporting capabilities.
  • Great technical support.
  • Maybe more connection between tools. E.g. promoting Agent-based SCA scans to a policy. But it is minor inconvenience. Actually we're really pleased with Veracode functionality and tools.
  • Less false-positives in scan results as we have to spend time to analyze those issues.
  • Sometimes issues that should already be mitigated are appearing in scan results again, which also adds some work to review them again and mitigate.
  • Veracode static scanning quality.
  • Veracode software composition analysis.
  • It is hard to say about business impact at this moment of time as we're spent a lot of efforts in order to comply with organizational security policy. We expect to see positive impact in nearest future.
In our case we were pleased with quality and amount of findings, ease of use, and reporting capabilities. This 3 points helped us to make a decision about using Veracode as a main static scanner in our organization. Also CI tools from Veracode fit our needs.

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

Yes

Did implementation of Veracode go as expected?

Yes

Would you buy Veracode again?

Yes

Veracode as a set of tools can benefit any software development process. I also think that Veracode tools ecosystem can be appropriate for any team that wants to make their project more secure. Although [the] amount of issues, especially after first scans of product, may be shocking. So to comply with Veracode levels may need a lot of effort and investments.