My experience using Veracode tool
November 18, 2024

My experience using Veracode tool

Sairam Bathini | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Software Composition Analysis (SCA)
  • Dynamic Analysis (DAST)
  • Penetration Testing
  • Developer Training
  • Static Analysis (SAST)

Overall Satisfaction with Veracode

I have been using Veracode for nearly 2 years, we are using its SAST and DAST features. Previously there was no source code validation in our software development life cycle. We used this tool to shift the security to left, and tried to make the process as automate as possible. The best use case of this tool is that it can be fit anywhere with flexible plugins at different stages of SDLC. Even the support is very good and co-operative.

Pros

  • Veracode does integrate into IDE where the development starts. IDE Scans will help in reducing the versions of code.
  • The best thing about Veracode is, that it is a SAAS platform, and we can run the scan and do our other work parallelly.
  • Veracode dynamic analysis is pretty good as it clearly shows the requests it sends to the server and the response it receives from the server. Which helps in analyzing the vulnerabilities more easily.

Cons

  • Reporting work can be improved.
  • I am a senior security engineer, I could not give you the numbers, but I can see the difference before Veracode and after Veracode into the business.
I would say to diversify the solutions through multiple vendors, depending on the project needs.
Report inside the tool is the best, but report to send to the respective stakeholder such as developers could be better.
At Development IDE, at CI/CD pipelines, post deployment as well.

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

Yes

Would you buy Veracode again?

Yes

SonarQube, Qualys VMDR, JFrog Security (Xray)
It is best suited for the Agile model projects, where business will have the continuous releases of their products. Other than that I can't comment on the scenario where it is less appropriate as I need to experience it more.

Comments

More Reviews of Veracode

  1. Home
  2. Application Security Tools
  3. Veracode Reviews
  4. User Review of Veracode