Veracode User Experience
Updated March 06, 2024
Veracode User Experience
Score 7 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
Overall Satisfaction with Veracode
It is used across the organization. We are using it for static analysis of our code. We have selected the policy that requires our release code to minimize the level of security faults.
Beside static analysis we use Software Composition Analysis and we found it very helpful in rectifying vulnerabilities from third-party libraries.
Beside static analysis we use Software Composition Analysis and we found it very helpful in rectifying vulnerabilities from third-party libraries.
- Good integration with Jenkins and Visual Studio.
- Parsing the code well.
- It has good dashboard.
- SCA graphs for transitive dependencies are very useful in identifying the vulnerabilities.
- The main problem is slow speed of the scan - it took 11 weeks in one instance.
- The problem was ongoing for number of months and eventually they managed to slash the running time to one day. However, since than the running time usually takes 2-3 days as the scan always stop during the run.
- While SCA for Java works very well, there are number of issues on the C++ side. It can not recognize the libraries build by default from source code third-party vendors
- Thorough scan of our code.
- Integration with our release process.
- Accurate info about vulnerabilities in third-party libraries
- At the moment due to very slow speed to the scan, we can not fully integrate it in our development process.
- However, we are using it for our release process.
- The analysis that Veracode software provides gives us and our client confidence that we are producing the secure code.
So far we are mainly happy with the use of Veracode for the checking of vulnerabilities in the code that we produce and ship.
However, we are using other products that ensure that our network is safe. So we are satisfy with the use of a range of leading products that are specialized in their own area of expertise.
However, we are using other products that ensure that our network is safe. So we are satisfy with the use of a range of leading products that are specialized in their own area of expertise.
The reporting side, we mainly use for internal reporting to the executive team, but in some cases we show the report to potential or existing clients.
Analytics is used by our development and operational team to make sure that vulnerabilities are rectified.
Analytics is used by our development and operational team to make sure that vulnerabilities are rectified.
We are using Veracode Static analysis, during the development and UAT phase. By UAT stage we make sure that all vulnerabilities (excluding the cases where client can not move to the newer version e.g. client still on Java 8) are resolved.
Veracode is the essential tool/product that my organization uses to produce the secure software. We take the security of our product very seriously and we relay on Veracode to find potential vulnerabilities in our code. If found, we do not spare resources to eliminate the vulnerabilities.
Veracode has been longer on the market and has build the good reputation. We appreciate that they constantly improving the quality of their software and adding new features.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes