One-stop SDLC Security
December 19, 2024

One-stop SDLC Security

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)
  • Dynamic Analysis (DAST)

Overall Satisfaction with Veracode

We use Veracode as part of our SDLC, to provide for our SAST, DAST and SCA

Pros

  • Assemblies
  • Code scanning
  • Dynamic scanning
  • Presenting results

Cons

  • The web interface needs some getting used to
  • Some parts seem a little off, as its a different piece of software that Veracode is trying to fit in
  • It makes our software offering safer
  • It educates developers
  • It saves time to have everything in 1 tool
One vendor
Very important, it needs to give rhe right info for management who might be less technical, but also for technical people
During checkins, nightly builds and the end result with a DAST

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

Yes

Did implementation of Veracode go as expected?

Yes

Would you buy Veracode again?

Yes

Veracode might be less appropriate for small companies, which need the functionality but can’t afford it (yet)

Using Veracode

10 - Mostly Developers and Security specialists
2 - A mix is great, people who know how Veracode works, combined with infra, development and Security specialists works well
  • Detect possible security vulnerabilities early in the SDLC
  • Detect Vulnerabilities for a release begore it’s released with DAST
  • Good reporting which can be understood by less technical management with a little help :)
  • It was thought of to be an extra ‘burden’ but it’s not, we use it way more often then we thought we would
  • We might be able to offer clients who use our software, but are able to customize it, extra security for their customized version

Evaluating Veracode and Competitors

Yes - Zed attack Proxy and some other free tools to get us started
  • Cloud Solutions
  • Ease of Use
Having a Company behind us that know what they’re talking about and provide us with the best rooling possible when it comes to security
I would have asked for a trial with more functions available, this was very limited

Veracode Implementation

It can be overwhelming but just start little, involve a dev, you’ll get there
  • Implemented in-house
Yes - We took it bit by bit, started focussing on SAST, then moved on to SCA and finally DAST. As we progressed we tweaked everything while we experienced and learned
Change management was minimal
  • The tool needs getting used to
  • One thing is to detect vulnerabilities, but actually having a process to solve important findings in time is even more important

Veracode Support

ProsCons
Quick Resolution
Good followup
Knowledgeable team
Problems get solved
Kept well informed
No escalation required
Support understands my problem
Support cares about my success
Quick Initial Response
None
I don’t think we did, first time i hear about it
I had trouble logging in with Google Authenticator, but was in a hurry to log in. From ticket creation to solution took 3 minutes
I make alot of use of the documentation, it’s great

Comments

More Reviews of Veracode

  1. Home
  2. Application Security Tools
  3. Veracode Reviews
  4. User Review of Veracode