Great Software Composition Analysis
December 13, 2021
Great Software Composition Analysis
Score 8 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Software Composition Analysis (SCA)
Overall Satisfaction with Veracode
Pros
- Identify flaws and indicate its location in the code
- Describe the flaw and vulnerabilities in great detail
- Provide links to solutions on how to fix the flaws
Cons
- Providing the dependency tree to show which dependency is introducing the vulnerability transitively will be helpful
- Ways to automatically exclude vulnerable dependencies via the IDE plugin
- Code suggestions to automatically fix the flaws in the IDE
- Software Composition Analysis
- Reporting
- Jenkins Integration
- Improved application security when using open source
- Reduce time and cost in fixing the issues later in the life cycle
- Help meet compliance requirements
I have used SonarQube for code quality and security analysis in the past, but Veracode's Software Composition Analysis analysis makes a big difference in terms of identifying vulnerabilities in dependencies. It would make it a lot easier if the IDE plugin could show the transitive dependency the introduces the vulnerabilities. I'm very pleased [in] Veracode reporting so far.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes
Comments
Please log in to join the conversation