Excellent Code Security Scanning Cloud Service
Overall Satisfaction with Veracode
This is a very thorough tool to statically scan your source code. It works very well for us, and it's always interesting to see how your code writing changes over time as you become more security focused. We are in the process of setting up dynamic scans, but for now we are doing static scans only. They take a little time to complete, but we are scanning our entire software suite so it's to be expected. We have found a number of issues, some of which are in legacy code which we are probably not going to fix as it is actively being replaced.
Pros
- Static scans
- User Interface
- Results of scans with detailed descriptions of what the issue is and how to potentially fix it
Cons
- The time to complete a static scan
- A lot of developers just brush it off - but tickets are coming so they have to fix their issues!
- It's turned me to be a more security-focused developer
Currently, we use it in our development branch
It's turned me more security focused in my development. Once our other developers start getting tickets to fix the security flaws, I'm sure they'll start thinking that way too!
Do you think Veracode delivers good value for the price?
Not sure
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Veracode go as expected?
I wasn't involved with the implementation phase
Would you buy Veracode again?
Yes
Comments
Please log in to join the conversation