You don't need a security team anymore!
December 22, 2021
You don't need a security team anymore!

Score 10 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Software Composition Analysis (SCA)
- Developer Training
- Pipeline Scan
Overall Satisfaction with Veracode
Veracode helps in providing solutions to fix flaws as early as possible through their portfolio of scans. We run multiple scans during the lifecycle of our softwares to not only identify but also remediate these issues. Veracode helps us in making sure the apps are always secure before they are released to the production environment. We have regular reviews from the security team for our applications and Veracode helps us in clearing them without any issues.
- The pipeline scan is a very fast way to scan code and inform developers if a new flaw is introduced by their pull requests.
- Upload & Scan provides an in-depth analysis of the codebase, which features like reporting being made easy.
- SCA Scans help us not only identify the vulnerabilities but also in helping fix them and in identifying if our application is using that part of the vulnerable library or not.
- Veracode is very easy to integrate into the CI/CD pipelines (especially Jenkins)
- It was very difficult for me to navigate around on their Dashboard. There's certainly room to improve on that and make it more intuitive.
- The Agent-based SCA scan can have a feature for adding a baseline file (like Pipeline Scan)
- SAST
- SCA
- Pipeline Scan
- CI/CD Integration
- Support Service
- Positive: We rest assured that applications are being scans regularly and are free from any vulnerabilities
- Positive: Developers are aware of good coding practices
- Negative: Developer time is taken to fix vulnerability at the earliest, and sometimes we don't have the bandwidth for that.
Veracode has a very good integration within its products, which makes it easy for a developer. Veracode helps in providing support both actively and through resources on their platform to remediate and fix the issues found in one's application. The reporting section being handled by Veracode makes it easy for the developers in big-tech companies to easily share analysis of the scan results with the concerned authorities and thus saves a lot of the developer's time.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes