Secure your code from IDE to production
May 09, 2025
Secure your code from IDE to production
Score 9 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Software Composition Analysis (SCA)
Overall Satisfaction with Veracode
We use it a a SAST and SCA tool for all the developments in our organization. All our developers analyze the code they write using the IDE plugin and Veracode Fix to help make the software more secure.
Pros
- IDE integration
- GitLab Enterprise integration
- Reporting for Product Owners
Cons
- SAML integration when you have multiple domains
- Scan whole repos to get a sense of security maturity
- Authorization model for reports and dashboard
- No critical or high vulnerabilities get to production
- Complex onboarding on teams that don't work following enterprise guidelines or that doesn't have experts devs
- Once the devs have it working and integrated to the IDE it is easy to use for them
Always consolidate in one vendor
They are essential, as it allow us to measure security maturity in different devs, teams, squads and tribes. It is part of our tools te find good security champions.
We use the from the time they write the first line of code to when they ship to production.
It has helped detect several vulnerabilities in our code (and fix them) and to update old third party libraries.
We selected Veracode after testing these tools with 3 important solutions and Veracode had a great ratio of findings, with low false positive, and the best price between the tools that were good enough.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
No
Would you buy Veracode again?
Yes
Comments
Please log in to join the conversation