1. Home
  2. Application Security Tools
  3. Veracode Reviews
  4. User Review of Veracode
Catch Vulnerabilities before Hackers Do
September 15, 2022

Catch Vulnerabilities before Hackers Do

Douglas Perreault | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)

Overall Satisfaction with Veracode

For years Veracode has been an integral part of our process to reduce our security vulnerability footprint. All of our code is scanned through Veracode's static scan process to ensure we are removing any older vulnerabilities and not introducing new ones. We also use the software composition analysis information to ensure we aren't using any versions of third-party software which may have any vulnerabilities.
  • Pointing out use of 3rd-paty software versions that are out-of-date
  • Providing an easy way to triage flaws -- tying together the flaw, source code, and an explanation in one easy-to-use path
  • Providing an easy-to-use plug-in for Visual Studio allowing on-the-fly validation of code without having to complete a full scan
  • It would be nice if we could more easily customize post-scan reports. The reports are fairly lengthy and not everyone on the team needs all of the details.
  • It's not always obvious as to what features are available. For example, for years I had no idea one could promote a sandbox scan to a policy scan without having to resubmit it.
  • Large database of vulnerabilities
  • Thorough scanning and triage capabilities
  • Easy integration with our IDEs
  • As I am a developer, not a stakeholder, I can't speak to the ROI. I can say, though, that anytime someone can produce more secure and more robust code the better.
As the developer, not the business stakeholder, I did not select Veracode specifically. However, after using the application I believe it was the right choice. Veracode is thorough in its analyses, in its database of flaws, in its methodology of uncovering vulnerabilities, and in assisting the end user in resolving those vulnerabilities.

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

I wasn't involved with the implementation phase

Would you buy Veracode again?

Yes

I would say that Veracode is well-suited for any software development it supports. I use it with both Java and .Net based applications and find it works well for both. Veracode cannot provide detailed information if PDB files are not sent with the .Net compiled code.