Overall Satisfaction with Veracode
Veracode is used in the software R&D department. It is an important stage in our quality process. With using Veracode, we make sure that our source code corresponds to high security standards. We also use it for checking security in 3rd party libraries used in our products. For us, Veracode address the static scanning part of security testing. So together with Secure design principles, penetration testing, and security scanning Veracode adds its value into our company security program and helps to make products better from security and code quality perspective.
- Tools for Continuous integration (Jenkins integration, Pipeline plugin, Agent-based SCA.
- Intuitive interface.
- Great reporting capabilities.
- Great technical support.
- Maybe more connection between tools. E.g. promoting Agent-based SCA scans to a policy. But it is minor inconvenience. Actually we're really pleased with Veracode functionality and tools.
- Less false-positives in scan results as we have to spend time to analyze those issues.
- Sometimes issues that should already be mitigated are appearing in scan results again, which also adds some work to review them again and mitigate.
- It is hard to say about business impact at this moment of time as we're spent a lot of efforts in order to comply with organizational security policy. We expect to see positive impact in nearest future.
In our case we were pleased with quality and amount of findings, ease of use, and reporting capabilities. This 3 points helped us to make a decision about using Veracode as a main static scanner in our organization. Also CI tools from Veracode fit our needs.
Do you think Veracode delivers good value for the price?
Are you happy with Veracode's feature set?
Did Veracode live up to sales and marketing promises?
Did implementation of Veracode go as expected?
Would you buy Veracode again?
Veracode as a set of tools can benefit any software development process. I also think that Veracode tools ecosystem can be appropriate for any team that wants to make their project more secure. Although [the] amount of issues, especially after first scans of product, may be shocking. So to comply with Veracode levels may need a lot of effort and investments.