Review for a Left Shift Security Scanner
April 27, 2022

Review for a Left Shift Security Scanner

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Dynamic Analysis (DAST)

Overall Satisfaction with Veracode

Veracode is mostly being used as a SAST and DAST-based tool. Its been used as part of our Continuous Integration and Continuous Delivery injected in the Devops Pipeline. It helps to identify the vulnerability in your code as a left shift strategy before the code gets actually deployed in the production . The tool can identify defects and bad practices both as Static and Dynamic analysis of the code. It has prevented many defects arising in production , thereby increased efficiency and reduced code rework
  • Static Analysis SAST
  • Dynamic Analysis DAST
  • Software Composition Analysis SCA
  • Interactive Analysis
  • It sometimes can be tricky to use and not straight forward
  • Learning and Training the product can be minimised
  • Static Code Analysis SAST
  • Dynamic Code Analysis DAST
  • Software Composition Analysis
  • It has helped customer in building and delivering efficient code
  • Confidence and Trust has been increased
Once we learn how to use Veracode, its simple and very efficient tool to include in any of your devops environments like Dev, QA, Staging , UAT etc. The configuration is much simpler compared to others. The Enterprise license cost is also competitive compared to others. The code scanning and identify code coverage , generating metrics and reports are much more faster and more elaborative.

Do you think Veracode delivers good value for the price?


Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?


Did implementation of Veracode go as expected?


Would you buy Veracode again?


Veracode is very well suited where lots of code are getting deployed with multiple agile teams on production. It can really bring efficiency in code quality, reduce code rework , reduce number of defects in production. It can be also used to include some compliance specific rules which can actually act as a tailgate to stop the non-compliance code getting deployed in production. Eventually as a SAST and DAST-based tool its can be very much efficiently used If the application is quite simple and not that complex, I feel we do not require to include this kind of tools. As the enterprise might not invest in non-complex applications.