There are quite a few features that are very reliable, like the newly launched Veracode Pipelines Scan, which is pretty awesome. It supports the synchronous pipeline pretty well. We been using it out of the Jira plugin, and that is fantastic.
We are using the Veracode APIs to build the Splunk dashboards, which is something very nice, as we are able to showcase the application security hygiene to our stakeholders and leadership.
We have been using Veracode Greenlight for the IDE scanning.
Veracode has good documentation, integrations, and tools, so it has been a very good solution.
Veracode is pretty good about providing recommendations, remedies, and guidelines on issues that are occurring.
It is an excellent solution. It finds a good number of the securities used, providing good coverage across the languages that we require at our client site.
We have been using the solution’s Static Analysis Pipeline Scan, which is excellent. When we started, it took more time because we were doing asynchronous scans. However, in the last six months, Veracode has come with the Pipeline Scan, which supports synchronous scans. It has been helping us out a lot. Now, we don't worry when the pentesting report comes in. By using Veracode, the code is secure, and there are no issues that will stop the release later on in the SDLC.
The speed of the Pipeline Scan is very nice. It takes less than 10 minutes. This is very good, because our policy scans used to take hours.
Veracode is good in terms of giving feedback.