You don't need a security team anymore!
December 22, 2021

You don't need a security team anymore!

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)
  • Developer Training
  • Pipeline Scan

Overall Satisfaction with Veracode

Veracode helps in providing solutions to fix flaws as early as possible through their portfolio of scans. We run multiple scans during the lifecycle of our softwares to not only identify but also remediate these issues. Veracode helps us in making sure the apps are always secure before they are released to the production environment. We have regular reviews from the security team for our applications and Veracode helps us in clearing them without any issues.

Pros

  • The pipeline scan is a very fast way to scan code and inform developers if a new flaw is introduced by their pull requests.
  • Upload & Scan provides an in-depth analysis of the codebase, which features like reporting being made easy.
  • SCA Scans help us not only identify the vulnerabilities but also in helping fix them and in identifying if our application is using that part of the vulnerable library or not.
  • Veracode is very easy to integrate into the CI/CD pipelines (especially Jenkins)

Cons

  • It was very difficult for me to navigate around on their Dashboard. There's certainly room to improve on that and make it more intuitive.
  • The Agent-based SCA scan can have a feature for adding a baseline file (like Pipeline Scan)
  • SAST
  • SCA
  • Pipeline Scan
  • CI/CD Integration
  • Support Service
  • Positive: We rest assured that applications are being scans regularly and are free from any vulnerabilities
  • Positive: Developers are aware of good coding practices
  • Negative: Developer time is taken to fix vulnerability at the earliest, and sometimes we don't have the bandwidth for that.
Veracode has a very good integration within its products, which makes it easy for a developer. Veracode helps in providing support both actively and through resources on their platform to remediate and fix the issues found in one's application. The reporting section being handled by Veracode makes it easy for the developers in big-tech companies to easily share analysis of the scan results with the concerned authorities and thus saves a lot of the developer's time.

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

Yes

Did implementation of Veracode go as expected?

Yes

Would you buy Veracode again?

Yes

Veracode is well-suited for companies making sure their products are always flawless. Through their portfolio of products, one can make sure every application is free from any vulnerabilities at the earliest in its development lifecycle. It may not suit companies having legacy codebases and applications written in languages that Veracode doesn't support.

Comments

More Reviews of Veracode

  1. Home
  2. Application Security Tools
  3. Veracode Reviews
  4. User Review of Veracode