Very good SAST tool provider
October 14, 2021

Very good SAST tool provider

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)

Overall Satisfaction with Veracode

Our company uses the Veracode SAST tool to ensure the code quality. We run it on a weekly basis as part of our CI / CD pipeline. The Veracode tool creates reports, and we check the report. If a report includes high, very high or critical issues - we fix these issues immediately and rerun the
SAST tool.
  • Great SAST analysis for Java.
  • Very professional security consultants.
  • Great SAST analysis for Javascripts.
  • Easy way to export reports.
  • The platform performance (UI) should be improved. Now each action takes a lot of time.
  • The SAST analysis for Angular should be improved.
  • The Veracode SAST tool.
  • We can send the reports created by the platform to our customers: they are created in a very professional way.
We have evaluated the Veracode DAST tool in 2019. [From my experience] the Veracode DAST tool was in the very initial state and was not ready for enterprise: The main reason is that it was not the automatic solution. It is not good to wait for the manual verifications of the finding and results were not reported automatically by the Veracode DAST tool.

Do you think Veracode delivers good value for the price?


Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?


Did implementation of Veracode go as expected?


Would you buy Veracode again?


The Veracode SAST tool provides very good analysis for Java. If you need a security consultation, you will discuss it with professionals. They will explain to you in a very good way why some flaw are raised and why some flow are not raised. If the tool has some problem in the scan, the problem will be resolved in a reasonable time frame.

There is room for improvement:
  • The UI reacts very slowly and sometimes takes a lot of time till you see the next screen.
  • SAST tool should add support in a faster way for new languages like new versions of Angular.