Veracode, a great security tool for everyone
March 18, 2024
Veracode, a great security tool for everyone
Score 8 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Software Composition Analysis (SCA)
Overall Satisfaction with Veracode
To be SoC2 and ISO compliant and also to protect our SaaS, we are using this tool to scan every component that we build for SA and SCA.
we also have an obligation regarding the fix time and we use the dashboards to keep track of it.
we also have an obligation regarding the fix time and we use the dashboards to keep track of it.
- Integrates with any CI CD tool like Jenkins
- Shows result in a simple way using dashboards
- allows mitigations in a clear manner
- Scans fail if another scan is already in progress using the Java CLI
- Module selection is slow to load when it comes to big applications
- Module selection is sometimes not clear on what is scannable and what is not and why
- remediation actions for SCA issue. you can recommend on how to fix it in a clear way and not forcing the user to click many times to understand it.
- Allows a clear way to provide SoC2 evidence
- Allows visibility to stakeholders such as managers, CISO without direct communication
- "Forces" Developers to get into security
i prefer to consolidate everything in one vendor
very, there should be more out of the box dashboards and we would like more reporting features
At build time, right after we build and test the component but before promiting it
a lot, we are now more security aware
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes