A must-use tool in all CI/CD pipelines
October 08, 2021
A must-use tool in all CI/CD pipelines
Score 9 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Penetration Testing
Overall Satisfaction with Veracode
Veracode usage decision was made by the corporate security team and is used across multiple projects that are customer-facing. One of the goals of the corporate security team was to ensure all applications that are developed and deployed to our customers follow secure development practices. There are no security vulnerabilities that can be exploited and in turn affect the business of our customers. Our current project is specifically a distributed system where each customer has their own environment setup. In this environment, we cannot ensure the customer environment is secure as it is not under our control. The only control we could put in place was the security of the application. With Veracode, we run manual penetrations tests at the end of each release and static scans each week to ensure we comply with the corporate-defined security standards. At the same time also ensuring that there are no security vulnerabilities.
- Static scan.
- Penetration testing.
- Integration with Jenkins.
- Static scan.
- Penetration testing.
- We are confident now that our application is secure and our customer's faith in us is reinforced.
- As developers, we got to learn all the secure coding practices.
Visual Studio Static Scan only shows best practices to follow for the code. But Veracode suggests best practices for secure code. There is no Manual Penetration testing option in Visual Studio. We have not explored any other tool.
Do you think Veracode delivers good value for the price?
Not sure
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Veracode go as expected?
I wasn't involved with the implementation phase
Would you buy Veracode again?
Yes