Veracode User Experience
Updated August 29, 2025
Veracode User Experience
Score 5 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
Overall Satisfaction with Veracode
It is used across the organization. We are using it for static analysis of our code. We have selected the policy that requires our release code to minimize the level of security faults. Beside static analysis we use Software Composition Analysis and we found it very helpful in rectifying vulnerabilities from third-party libraries.
Pros
- Good integration with Jenkins and Visual Studio.
- Parsing the code well.
- It has good dashboard.
- SCA graphs for transitive dependencies are very useful in identifying the vulnerabilities.
Cons
- The main problem is slow speed of the scan - it took 11 weeks in one instance.
- The problem was ongoing for number of months and eventually they managed to slash the running time to one day. However, since than the running time usually takes 2-3 days as the scan always stop during the run.
- While SCA for Java works very well, there are number of issues on the C++ side. It can not recognize the libraries build by default from source code third-party vendors
- Especially newer version produces lots of False Positives
- Thorough scan of our code.
- Integration with our release process.
- Accurate info about vulnerabilities in third-party libraries
- At the moment due to very slow speed to the scan, we can not fully integrate it in our development process.
- However, we are using it for our release process.
- The analysis that Veracode software provides gives us and our client confidence that we are producing the secure code.
So far we are mainly happy with the use of Veracode for the checking of vulnerabilities in the code that we produce and ship. Since January 2025 Veracode changed the code for C++ static analysis and there are many False Positives. However, we are using other products that ensure that our network is safe. So we are satisfy with the use of a range of leading products that are specialized in their own area of expertise.
The reporting side, we mainly use for internal reporting to the executive team, but in some cases we show the report to potential or existing clients. Analytics is used by our development and operational team to make sure that vulnerabilities are rectified.
We are using Veracode Static analysis, during the development and UAT phase. By UAT stage we make sure that all vulnerabilities (excluding the cases where client can not move to the newer version e.g. client still on Java 8) are resolved.
Veracode is the essential tool/product that my organization uses to produce the secure software. We take the security of our product very seriously and we relay on Veracode to find potential vulnerabilities in our code. If found, we do not spare resources to eliminate the vulnerabilities.
Veracode has been longer on the market and has build the good reputation. We appreciate that they constantly improving the quality of their software and adding new features.
Do you think Veracode delivers good value for the price?
Not sure
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes
Using Veracode
2 - Development and Testing
1 - Technical knowledge is required to be able to recognize potential problems. Although for basic support anyone can take that role, in order to make the full use of the features a developer would be the most suitable for this role.
- Static analysis for C++ code
- Static analysis for Java and Java code
- SCA for Java and Java Script
- SCA helped us eliminate vulnerabilities coming from third party code.
- SCA for C++
- AI for automatically removing the vulnerabilities.
Evaluating Veracode and Competitors
- Cloud Solutions
Veracode is known as a market leader in code security industry. The use of Veracode gives reassurance to our clients that our code is safe to use. As well it is convenient that Veracode use Cloud Solution and therefore it is easy to implement it.
Possibly we would evaluate few other products before me make the decision.
Veracode Implementation
- Implemented in-house
- I was not part of the company when Veracode was introduced
- Since I joined we have added SCA as new product
Veracode Support
| Pros | Cons |
|---|---|
Kept well informed Support understands my problem Support cares about my success Quick Initial Response | Slow Resolution Escalation required |
We purchased the standard support that come with package. We are already well accustomed to Veracode solution.
Yes - Some of the bugs were resolved in timely fashion, while other were not.
There was an issue that we had regarding the use of Veracode. I went to the conference and met their consultant Boy Baukema.
He was very helpful and arranged the meeting afterwards.
Soon after that the meeting he managed to resolve the issue that was hindering us for a while.
He was very helpful and arranged the meeting afterwards.
Soon after that the meeting he managed to resolve the issue that was hindering us for a while.
Using Veracode
| Pros | Cons |
|---|---|
Relatively simple Easy to use Technical support not required Well integrated Consistent Convenient Feel confident using Familiar | None |
- Generally the scanning does not require lots of effort
- Documentation is good
- SCA enables you to easily rectify the problem with third party libraries
- The system has good user interface, so it is easy to use
Comments
Please log in to join the conversation