1. Home
  2. Application Security Tools
  3. Veracode Reviews
  4. User Review of Veracode
Best in Security
Updated March 03, 2024

Best in Security

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)
  • Developer Training

Overall Satisfaction with Veracode

It's being used across whole organization, multiple engineering teams are using it for third-party libraries scan i.e. software composition analysis and static application security testing. There is security labs for engineers and those who are interested in learning about security vulnerabilities and remediation, secure code training (labs). These labs are being used for encouraging developers in learning about secure coding by conducting secure code tournaments.
  • SCA
  • SAST
  • Secure Code Training
  • Add more labs in Secure Code Labs.
  • Supporting perl would be great.
  • Better to have standard deployment for all packages in upload and scan.
  • Minimizing false positives.
  • Secure coding labs for learning.
  • Shift left process -IDE-Sandbox-CICD.
  • Need to support Perl-SCA.
  • Need to add more labs.
  • Shift left process is really helpful.
We prefer to consolidate solutions to one vendor , it simplifies management and streamlines processes, as there is a unified interface for monitoring and control. This can reduce complexity of security structure. Its easier for integration between different security products , offering a seamless experience and better threat detection. This opinion might change, due our organization needs and budget constraints.
The reporting and analytic features of a solutions for our use case is absolutely imperative. We have integrated Veracode with Jira, Brinqa and Service Now to streamline the process of reporting issues to our engineering team. These integrations are the cornerstone of our workflow, allowing us to communicate security findings to engineering team for remediations.
We use Veracode at almost all stages of SSDLC , In planning and development stage to assess security considerations and requirements which helps in establishing security architecture and controls.
Coding stage to perform static analysis while code is being written,
Building Stage, during CI and CD pipelines, to identify vulnerabilities.
And finally post-deployment stage, to monitor emerging new threats or vulnerabilities,
It has been immensely helpful by proactively identifying and addressing vulnerabilities throughout the lifecycle.
Reduced false positives, developers can identify vulnerabilities at early stage -shift left process. The security labs help developers.

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

I wasn't involved with the implementation phase

Would you buy Veracode again?

Yes

It's more suited in software composition analysis for third library scans (SCA) and static application security testing (SAST). Currently being utilised by us and security labs, we are using these labs for tournaments for developers to learn about secure coding, even for learning purposes. It's helpful in the IDE stage - greenlight where developers can find issues/vulnerabilities during coding (Shift left).

Using Veracode

100 - Its being handled/Managed by Security team , who help engineering teams to use Veracode.
5 - In our organization its being supported by Application Security Team. Skills needed are proficient in analyzing Veracode scan results, interpreting vulnerabilities, and providing actionable insights for remediation. Involved in incorporating Veracode into the overall security architecture, designing secure systems, and guiding developers in secure coding practices. Conduct training programs to educate developers and other stakeholders on secure coding practices and the importance of Veracode in maintaining a secure development lifecycle.
  • Software Composition Analysis
  • Static Application Security Testing
  • Secure Code Training
  • We have been using Veracode integrated with Brinqa (which is more of Risk Management tool) , where vulnerabilities from different source of security tools are consolidated .
  • Might utilize it for Secure Cloud Development

Evaluating Veracode and Competitors

Yes - It replaced Checkmarx SAST tool .Reason for replacing is Veracode's simplicity and ease of integration into CI/CD pipelines, facilitating seamless automation of security testing.
Lower rate of false positives, helping to focus on genuinely critical vulnerabilities.
  • Integration with Other Systems
  • Ease of Use
Its simplicity and ease of integration into CI/CD pipelines, facilitating seamless automation of security testing.
We will follow the same process, but will also consider any new features offered by the tools into consideration.