Veracode helps create secure software for publishing in the cloud.
Overall Satisfaction with Veracode
We used Veracode across our entire secure software development lifecycle as a key component of our Jenkins pipelines to analyze code for security issues. We have rules to remedy all critical, high, and medium issues for non-PCI applications. PIC applications also require the remediation of low vulnerability classification. I like that we have a standards tool for code analysis that uses the same rules and thresholds for our code.
Pros
- Identify OSWAP issues.
- Easy integration into the developer environment with Greenlight.
- Ability to be integrated into the Jenkins pipeline.
Cons
- Failing the Jenkins pipeline build process. But this requires faster processing of the sources and returning the results quickly to the build process.
- Speed of the website should be quicker.
- Allowing preferences for the web display. In one application we have 223 sandboxes. I want my default rows per page to be >10 (I have a 4K monitor).
- Easier access to the reports and information we need for resolving vulnerabilities.
- Identify security vulnerabilities.
- Information on resolving those vulnerabilities.
- Tool used across the enterprise.
- No critical, high, or medium security issues in scanned applications—must be resolved. PCI apps also need to resolve low issues.
- Our customers know our software is very secure and they can be confident of our security measures.
- Our developers have a standardized tool across all of our business lines for creating secure applications.
Do you think Veracode delivers good value for the price?
Not sure
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Veracode go as expected?
I wasn't involved with the implementation phase
Would you buy Veracode again?
Yes
Comments
Please log in to join the conversation