1. Home
  2. Application Security Tools
  3. Veracode Reviews
  4. User Review of Veracode
Software engineer's take on the product after using it for a few weeks
November 04, 2022

Software engineer's take on the product after using it for a few weeks

Tom Toups | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)
  • Interactive Analysis (IAST)
  • Dynamic Analysis (DAST)
  • Penetration Testing
  • Developer Training

Overall Satisfaction with Veracode

Our company maintains highly confidential information about our clients. Keeping our systems and data secure and protected is at the heart of what we do. We use Veracode to help us in this endeavor. We rely on Veracode's products and services to ensure that we maintain the level of trust and confidence that our clients give to us.
  • Double checking the security of our code
  • Integrating into our CI/CD process to help us catch and resolve new flaws
  • Helping us maintain our compliance
  • The documentation could really use some work
  • I am skeptical of the thoroughness of the scans on newer languages and frameworks
  • The scan takes too long
  • The IDE tools leave much to be desired
  • Too many false positives
  • Maintaining our compliance
  • Reducing the risk of a security hole
The documentation is poor, and this prevents me from leaving a perfect score. On its own, the documentation is not verbose enough to provide self-sufficiency. However, the level of human support we have received has been excellent. I had challenges trying to get the developer training labs to function properly. As a developer who came into this product fresh, I had difficulty trying to find basic answers, such as what does the scan do? How would it be integrated? Does it use AI? Does it support the latest languages in frameworks? How to integrate it into our CI/CD. What files need to be sent? How would I scan an Angular project that also uses an in-house npm library.
Their marketing website uses a lot of flowerily, catch phrase, buzzword business jargon, but it does not speak to anyone with technical knowledge who is coming in just trying to figure out what it does and how it can help our software development.
All stages
It identified some areas in our code that is susceptible to being exploited.

Do you think Veracode delivers good value for the price?

Not sure

Are you happy with Veracode's feature set?

No

Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

No

Would you buy Veracode again?

Yes

It is useful for maintaining security compliance.
The manual penetration test is very useful to have in addition to the flaw identification algorithm.

Due to the lengthy amount of time it takes to scan, it's not useful for testing every commit.
The Visual Studio extension to not make it easy for developers in day-to-day programming