What is most valuable?
The SAST feature is the most valuable aspect of the solution.
The stability has been quite good overall. The performance is reliable.
The scalability on offer is good. I don't see any constraints.
From a usability standpoint and the way it can be integrated into the pipelines, etc., it's very good.
It's comprehensive from a feature standpoint.
What needs improvement?
The reports on offer are too verbose. They might want to consider t restructuring their reports to better give a very good summary or overview in the first five or so pages and then go ahead and drill into the details of each and every vulnerability beyond that.
The documentation could be improved. They could, for example, provide more details in terms of how to fix issues related to sign-ups. There isn't enough detailed information out there to assist users.
For how long have I used the solution?
I joined this company very recently. Therefore, I've only used the solution for a few months. However, this company has used Veracode for at least the last two to three years. They've had it for a while.
What do I think about the stability of the solution?
The stability overall is quite reliable. There are no bugs or glitches. It doesn't crash or freeze. Its performance is very good.
What do I think about the scalability of the solution?
The solution can scale well. If a company is considering expanding, it should be able to do so without issue.
We do have a limited amount of users on the solution right now.
How are customer service and technical support?
I've never had a need, up to this point, to reach out to technical support. I haven't really come across any technical issues during my short tenure with the product. Therefore, I can't speak to how helpful or responsive they are. I don't have any insights I could share.
How was the initial setup?
We have a few team members that specialize in the solution.
Our team handles the maintenance of the solution.
What's my experience with pricing, setup cost, and licensing?
I don't have enough information to be able to comment on the cost of licensing the product. That's more of a sales question. I don't handle any aspect of that part of the solution.
What other advice do I have?
We are customers and end-users. We don't really have a business relationship with Veracode.
I'm more from the performance testing side of things. I've just added the security testing to my list of responsibilities recently.
We're using a mix of deployment models. We use both on-premises and cloud deployments.
It's a good tool. I've done some comparisons with both SAST and DAST. It gives us this end-to-end sort of feature that we appreciate. Therefore, rather than you doing SAST with one tool and DAST with another tool, I prefer going with Veracode, which offers both.
You can learn both static and dynamic scans with a single tool. You could effectively negotiate a price and do that. If you got some simple apps, from a CAC standpoint, I'd recommend folks to use Veracode.
I'd rate the solution at a seven out of ten.
Which deployment model are you using for this solution?