Overall Satisfaction with Veracode
Veracode is truly the best AppSec tool available. You don't have to install anything if you don't want to as it's offered as a SaaS. It's as easy to implement as writing a few lines of code or installing a plugin on your CI/CD pipeline, their false-negative ratio is close to zero because of their AI and the pipeline scan really gets the job done within a few minutes while giving you the opportunity to run full-scans to generate reports of your entire environment. Their team is incredible and super helpful when needed. We're using Veracode to scan all of our APIs right in the development environment to make sure that we don't have any critical vulnerability running in our production environment and to reduce costs regarding vulnerability correction/mitigation.
- Super fast CI/CD pipeline scanning.
- BoM when using SCA along with its vulnerabilities and licenses.
- Ease of use and implementation as it's a SaaS.
- Custom policies to break your app's build.
- Pipeline scan sometimes doesn't give you enough debug messages to know what went wrong.
- DAST could have an option to scan APIs using a swagger.json file.
- Pipeline Scanning
- SCA
- SaaS
- Patented AI
- Datacenter/Infrastructure security certifications
- Greater Shift-Left.
- Less worries on app vulnerabilities.
- Better knowledge about our vulnerabilities towards the external world.
Veracode is SaaS, it runs quicker, and it has better results in terms of false positives. The company itself is a lot better than Micro Focus in terms of support and CS, it's easier to license and they truly want to help your company get better results, in terms of AppSec, they don't just sell it and leave you by yourself.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes