Review for a Left Shift Security Scanner
April 27, 2022
Review for a Left Shift Security Scanner
Score 8 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Dynamic Analysis (DAST)
Overall Satisfaction with Veracode
Veracode is mostly being used as a SAST and DAST-based tool. Its been used as part of our Continuous Integration and Continuous Delivery injected in the Devops Pipeline. It helps to identify the vulnerability in your code as a left shift strategy before the code gets actually deployed in the production . The tool can identify defects and bad practices both as Static and Dynamic analysis of the code. It has prevented many defects arising in production , thereby increased efficiency and reduced code rework
Pros
- Static Analysis SAST
- Dynamic Analysis DAST
- Software Composition Analysis SCA
- Interactive Analysis
Cons
- It sometimes can be tricky to use and not straight forward
- Learning and Training the product can be minimised
- Static Code Analysis SAST
- Dynamic Code Analysis DAST
- Software Composition Analysis
- It has helped customer in building and delivering efficient code
- Confidence and Trust has been increased
- SonarQube and WhiteSource
Once we learn how to use Veracode, its simple and very efficient tool to include in any of your devops environments like Dev, QA, Staging , UAT etc. The configuration is much simpler compared to others. The Enterprise license cost is also competitive compared to others. The code scanning and identify code coverage , generating metrics and reports are much more faster and more elaborative.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes
Comments
Please log in to join the conversation