Veracode helps create secure software for publishing in the cloud.
September 22, 2021

Veracode helps create secure software for publishing in the cloud.

Brian Bezanson | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)

Overall Satisfaction with Veracode

We used Veracode across our entire secure software development lifecycle as a key component of our Jenkins pipelines to analyze code for security issues. We have rules to remedy all critical, high, and medium issues for non-PCI applications. PIC applications also require the remediation of low vulnerability classification. I like that we have a standards tool for code analysis that uses the same rules and thresholds for our code.

Pros

  • Identify OSWAP issues.
  • Easy integration into the developer environment with Greenlight.
  • Ability to be integrated into the Jenkins pipeline.

Cons

  • Failing the Jenkins pipeline build process. But this requires faster processing of the sources and returning the results quickly to the build process.
  • Speed of the website should be quicker.
  • Allowing preferences for the web display. In one application we have 223 sandboxes. I want my default rows per page to be >10 (I have a 4K monitor).
  • Easier access to the reports and information we need for resolving vulnerabilities.
  • Identify security vulnerabilities.
  • Information on resolving those vulnerabilities.
  • Tool used across the enterprise.
  • No critical, high, or medium security issues in scanned applications—must be resolved. PCI apps also need to resolve low issues.
  • Our customers know our software is very secure and they can be confident of our security measures.
  • Our developers have a standardized tool across all of our business lines for creating secure applications.

Do you think Veracode delivers good value for the price?

Not sure

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

I wasn't involved with the implementation phase

Would you buy Veracode again?

Yes

Positives
  • Very good at scanning code for security vulnerabilities.
  • Has an IDE tool called Greenlight to catch issues before they are committed to the code management system.
Improvements Needed
  • Web site response speed is slow and sluggish for our applications.
  • Confusing on some of the gaps where it wants other libraries uploaded. Need good examples for developer training and education.
  • Since this is run as part of the Jenkins build process, one assumes the system could get those assets, just like it gets the source code that is used for analysis.

Comments

More Reviews of Veracode