Veracode - The Best Code Scanning Tool
February 04, 2022

Veracode - The Best Code Scanning Tool

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)

Overall Satisfaction with Veracode

We use Veracode for Static analysis and integrate it with Jenkins and Azure DevOps. We work on different technologies like, React, Java, Spring, Maven, etc. We are mainly using it in the CICD pipelines to detect the vulnerabilities before we promote it to production, and it has become a mandated requirement for most of the applications.
  • Developers scan the application code to detect the malicious code ahead of the release to avoid any security issues.
  • As Veracode supports various different languages, it helps in scanning most of the application requirements needed for the firm.
  • Veracode has good integrations, plugins supporting major CICD tools like Jenkins & Azure DevOps, which eases up the integration between them.
  • Sometimes veracode takes a long time to open sandbox scan for getting the detailed information.
  • More documentation around the languages supported and how to use it would be helpful.
  • Jira Integration would be good so bugs can be automatically created as tickets
  • Static Analysis
  • Dynamic Analysis
  • Multiple Language Support
  • Multiple Platform Support
  • Great for vulnerability scanning
  • Great for malicious code scanning
  • With all of its features it's a great tool
SonarQube doesn't have the required code scanning vulnerability detecting service.

Do you think Veracode delivers good value for the price?


Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?


Did implementation of Veracode go as expected?


Would you buy Veracode again?


Veracode excels in providing the required information about various languages that are supported by it. It also has good documentation on how to integrate with CICD tools like Jenkins & Azure DevOps. Oncall support from the team for understanding the scope of analysis and configurations is very helpful. With little more documentation around the configuration and languages, Veracode becomes a great must-have tool.