1. Home
  2. Application Security Tools
  3. Veracode Reviews
  4. User Review of Veracode
A solid offering for the right company
June 09, 2022

A solid offering for the right company

Alexander Montgomery | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)
  • Dynamic Analysis (DAST)

Overall Satisfaction with Veracode

Veracode is used at Cox Automotive as a swiss army knife of products. It can be used for most languages and use cases for reasonably trustworthy static analysis, SCA analysis, and dynamic analysis for external products. This from a crawl, walk, run perspective gives teams the ability to meet them where they are and get security a foot in the door for our products.
  • Static Scans
  • SCA Analysis
  • API Documentation
  • API random failures
  • Customization
  • Automation speed
  • Support
  • Workflow and Process improvements for support
  • Locked Down team structures
  • Consistent Findings
  • Asset Tagging
  • Legal compliance protection
  • Audit trails
  • The ability to see metrics on how long the average vulnerability is open for

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

Yes

Did implementation of Veracode go as expected?

Yes

Would you buy Veracode again?

Yes

If you are a smaller company or run less than 500 apps with a very vertical ownership structure, Veracode can be a great tool. Its fairly consistent, fairly mature nature means that it's much less likely to break your existing integrations. Where they struggle is when you are a big enough org where you need to rely on automation and integration support. I have yet to have a single developer that didn't get off a project attempting to integrate with it that didn't look mentally defeated. Their language integrations are not maintained, forcing devs to the web interface, which doesn't always have what you need, meaning you might have to restart and go back to the XML interface rather than their rest interface because they never finished converting to the rest interface. Their API can docs can be at times out of date, but on the whole, are mostly fine. Interfacing with support will also be unavoidable because of limitations around soft deletes and admins have left my team unable to manage the account more times than I am sure support appreciates having to fix.