Veracode helps to improve the security in applications
October 07, 2022
Veracode helps to improve the security in applications
Score 9 out of 10
Vetted Review
Modules Used
- Static Analysis (SAST)
- Software Composition Analysis (SCA)
- Dynamic Analysis (DAST)
- Developer Training
Overall Satisfaction with Veracode
Veracode helps our clients to deliver secure applications in an agile way in less time and focus the efforts of developers to work on real flaws, this can be done from a single SAST scan to a complete integration in a CI/CD enviroment, analyzing vulnerabilities in the code of the developers, thrid party libraries, executing dynamic anlysis all automated to be compaint to security standards and best practices
- SAST analysis in the pipeline it's very quick and helps to identify flaws
- Third party libraries analysis it's effective to review vulnerabilities and recommend a secure version
- Integration in the pipeline with various DevSecops Tools/Platforms
- More coverage in the languages/frameworks
- The crawl script for SAST analysis could be improved to support more functions
- More coverage for different versions of the IDEs
- Faster time to market
- Effective reviews and recommendations
- Compliance of security standards
- SaaS platform for a quick and agile start
Our clients use Veracode in each phase of the SDLC, integrating the IDE Scan to analyze the code from the first steps of the development, executing static and dynamic analysis in the pipeline including the analysis of third-party libraries, the integrations are in different systems like GitHub, bitbucket, Azure DevOps
Using Veracode in the first steps of the development helps to reduce the possible flaws that could be introduced in the early stages, this is complemented by the security labs that enable the developers to create secure code, also the capability of Sandbox allows the developers to evaluate the code against the security standard, all this helps to deliver a secure applications
The maturity of the Veracode and the continuous improvements in its products it's one of the principal characteristics of chosee it, Veracode it's a SaaS platform and was born in the cloud, so this is a great option for our clients to be quick to implement also the easy of their integrations it's some valuable
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes