Veracode: Best-in-breed vendor for SAST, DAST & SCA, with enticing additions such as pen testing and developer training
October 16, 2021
Veracode: Best-in-breed vendor for SAST, DAST & SCA, with enticing additions such as pen testing and developer training
Score 9 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Software Composition Analysis (SCA)
- Dynamic Analysis (DAST)
Overall Satisfaction with Veracode
Veracode is used across the whole organisation for static & dynamic application security testing as well as software composition analysis (tracking open-source and other third-party components) to evaluate our security posture and ensure compliance to global security policy & standards. Provides visibility of potential security vulnerabilities in applications, categorised by severity to help prioritise remediation.
Pros
- Static Application Security Testing (SAST).
- Dynamic Application Security Testing (DAST).
- Software Composition Analysis (SCA).
Cons
- Patchy usability and intuitiveness of the platform.
- API functionality could be improved.
- Better integration of functionality such as DAST and SCA, which sometimes appear "tacked on" to the core SAST offering.
- Static Application Security Testing (SAST).
- Dynamic Application Security Testing (DAST).
- Software Composition Analysis (SCA).
- Positive impact on coverage percentage of our application estate across static, dynamic, and agent-based SCA.
- Positive impact on compliance percentage against security vulnerabilities.
- Positive impact on [the] number of development teams with their CI/CD pipelines integrated with Veracode for automated scanning.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
I wasn't involved with the implementation phase
Would you buy Veracode again?
Yes
Comments
Please log in to join the conversation