A must-use tool in all CI/CD pipelines
October 08, 2021

A must-use tool in all CI/CD pipelines

Ravi L | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Penetration Testing

Overall Satisfaction with Veracode

Veracode usage decision was made by the corporate security team and is used across multiple projects that are customer-facing. One of the goals of the corporate security team was to ensure all applications that are developed and deployed to our customers follow secure development practices. There are no security vulnerabilities that can be exploited and in turn affect the business of our customers. Our current project is specifically a distributed system where each customer has their own environment setup. In this environment, we cannot ensure the customer environment is secure as it is not under our control. The only control we could put in place was the security of the application. With Veracode, we run manual penetrations tests at the end of each release and static scans each week to ensure we comply with the corporate-defined security standards. At the same time also ensuring that there are no security vulnerabilities.
  • Static scan.
  • Penetration testing.
  • Integration with Jenkins.
  • Static scan.
  • Penetration testing.
  • We are confident now that our application is secure and our customer's faith in us is reinforced.
  • As developers, we got to learn all the secure coding practices.
Visual Studio Static Scan only shows best practices to follow for the code. But Veracode suggests best practices for secure code. There is no Manual Penetration testing option in Visual Studio. We have not explored any other tool.

Do you think Veracode delivers good value for the price?

Not sure

Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

I wasn't involved with the implementation phase

Would you buy Veracode again?


In my opinion, Veracode should be used for all software development projects. There are no scenarios where a project can be less secure or more secure. Secure code should be given as much importance as functional code. With the number of security incidents that keep happening, it is never too much to secure the application. Veracode static scans should be part of every CI/CD pipeline. One scenario that needs to be considered is that the static scan currently identifies vulnerabilities that are suited for web applications. There are plenty of vulnerabilities that are not applicable to Desktop applications that can somehow be avoided from being flagged.