Veracode - The Best Code Scanning Tool
February 04, 2022
Veracode - The Best Code Scanning Tool
Score 10 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
Overall Satisfaction with Veracode
We use Veracode for Static analysis and integrate it with Jenkins and Azure DevOps. We work on different technologies like ASP.net, React, Java, Spring, Maven, etc. We are mainly using it in the CICD pipelines to detect the vulnerabilities before we promote it to production, and it has become a mandated requirement for most of the applications.
Pros
- Developers scan the application code to detect the malicious code ahead of the release to avoid any security issues.
- As Veracode supports various different languages, it helps in scanning most of the application requirements needed for the firm.
- Veracode has good integrations, plugins supporting major CICD tools like Jenkins & Azure DevOps, which eases up the integration between them.
Cons
- Sometimes veracode takes a long time to open sandbox scan for getting the detailed information.
- More documentation around the languages supported and how to use it would be helpful.
- Jira Integration would be good so bugs can be automatically created as tickets
- Static Analysis
- Dynamic Analysis
- Multiple Language Support
- Multiple Platform Support
- Great for vulnerability scanning
- Great for malicious code scanning
- With all of its features it's a great tool
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes
Comments
Please log in to join the conversation