Veracode or SonarQube? How about both?
December 08, 2021
Veracode or SonarQube? How about both?
Score 7 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Software Composition Analysis (SCA)
Overall Satisfaction with Veracode
We use Veracode to scan our code for static code analysis and 3rd party dependency to identify security vulnerabilities. Scanning is done using pipelines in our continuous integration process.
- Identify vulnerabilities in static code without too many false positives[.]
- Identify vulnerabilities in 3rd party dependencies without too many false positives[.]
- The speed of scanning can use some improvement, especially when trying to use automated scans in continuous integration pipelines.
- Static Code Analysis
- Software Composition Analysis
- Too soon to tell[.]
Do you think Veracode delivers good value for the price?
Not sure
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
No