I've participated in some of the online courses, which helped. There are some levels that the team should have. You follow some courses, you get to level one, and then you move on to the next level. Each level of certification was really useful to learn about some of the flaws and some of the vulnerabilities that we could face. They give you some great use cases and how to remedy things in C# and many different languages. The online course also shows you how a developer can make some mistakes in his code, and how those mistakes can be used to bypass app security. By knowing that, you can avoid doing it in the future.
There were also some events organized recently—security labs—and they were also useful. There were tasks and I even had to work on them outside of work, but they were really helpful and a challenge.
The training also helped us to identify the existing vulnerabilities in our code and some of the third-parties that we are using that have vulnerabilities in them. We know we need to upgrade them.
My advice is that you should follow the training, initially. It was really helpful, even at the first level. Then, go on and read all the detailed documentation online. There are even some video tutorials which are really helpful. These are the steps that I followed.
There is a section on the supported frameworks. Veracode supports a wide variety of languages, but it would be good to check that before diving into the analysis and why it's not detecting your code.
I have been really satisfied with the areas of Veracode that I have had a chance to work with.