Veracode Review

Enables us to quickly discover, understand, triage, and remediate our software's vulnerabilities


What is our primary use case?

Software security, static code scanning.

It has performed very well.

How has it helped my organization?

The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future.

It helps us gain confidence that the applications we're putting out in the hands of millions and millions of people have that industrial-strength quality to them; that we don't need to worry about as much as we used to. 

What is most valuable?

  • Completeness, comprehensiveness
  • speed
  • ease of use

We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it.

What needs improvement?

I'd like to see an improved component of it work in a DevOps world, where the scanning speed does not impede progress along the AppSec pipeline.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Stability has been great. I've never seen any downtime, in four years.

What do I think about the scalability of the solution?

We went from 50 applications in 2015, we're now up to over 400. There seems to be no limit on how quickly it can scale and operate.

How is customer service and technical support?

They're outstanding. Best in class. Absolutely. They bend over backwards to help us. We'll come up with questions and within minutes, we'll get answers. It's amazing. It's truly amazing.

How was the initial setup?

It was very straightforward. Veracode was very helpful, hand-holding - anything that we needed - they were right there and made it very simple.

Which other solutions did I evaluate?

We had been evaluating various different types of source-code scanners. It was a fundamental element of the program and we knew we had to have the best one that would meet a wide variety of applications: development, apps, as well as a wide variety of geographic dispersion of the people writing these apps. 

We had IBM, we had Fortify, we had PMD, and there was one other scanner at the time that we were evaluating. Veracode came out on top, in almost every category.

By using a cloud-based scanner, we really had no issues with where the developers are geographically located. So we didn't really have setup problems at all. It just kind of happened, and scales fairly naturally, organically.

What other advice do I have?

The most important criteria when selecting a vendor are

  • reliability
  • customer service.

Take advantage of all of the help that Veracode provides, for implementation, operations, and maintenance, because they absolutely know what they're doing.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Keep your software secure

Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

Add a Comment
Guest
Sign Up with Email