Vericode Use for Companies ERP Product offerings
August 23, 2023
Vericode Use for Companies ERP Product offerings
Score 8 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Software Composition Analysis (SCA)
- Dynamic Analysis (DAST)
Overall Satisfaction with Veracode
We use Vericode to provide initial and ongoing security analysis of our software products. We supply ERP software solutions to the paper manufacturing industry. We are a leading supplier of software to this industry and it is important to us to provide a product that is thoroughly tested and free of known critical vulnerabilities. We have incorporated Vericode into our SLDC cycles and perform SCA and Dynamic scans within our release cycles. Our application is a very large full ERP application using many third party libraries. Without Vericode we would be flying without a net.
- Automated scanning of software libraries for vulnerabilities
- Management of multiple application, statuses and helps on security remediation
- Vericode Verified program to leverage the security investment as competitive advantage
- The time it takes to scan large projects makes it difficult to fit into our CI/CD/pipeline
- One of our app scans times out after 2 hours and we have to upload it and scan manually but there is no visibility the CI system has as to vulnerabilities found
- Integration with older development languages to scan. We have old 4GL based application that is not compatible with the tools
- Higher compliance and overall security standards and awareness within our software products.
- Competitive advantage
- Marketing clout, being able to tout that we are verified with one of the industry leaders on a continual basis vs just saying 'yes we have our software tested on a annual basis for vunerabilities'
As stated earlier in this survey, we have incorporated Vericode to be part of our Teamcity automated build and deploy process. We perform scan on our software during our build cycles and then review the results to accept or reject the latest checkin of code changes. We have our build cycle then email the developers responsible for the vulnerability that was found.
When we performed our initial scans with the toolset it was an eye opening experience for us. Third party libraries had been ignored for years and the results had us scurrying to find alternatives and upgrades for fixes of these findings. This renewed focus on security had us also pursuing other areas that we could add security improvements within our applications like adding MFA abilities.
Mend.IO formerly WhiteSource software is a product we used prior to Vericode. It did not have all of the capabilities or depth of Vericode. Additionally, Whitesource did not offer automatic scanning as part of their product and there was no Certification program to speak of.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes