Veracode Review

Gives us every vulnerability that has been identified, so there is no human intervention

What is our primary use case?

The primary use case is application security and application security testing, specifically static and dynamic analysis, and software composition analysis. It has performed excellently.

How has it helped my organization?

The benefits are the fact that it identifies our vulnerabilities, and it has improved us by allowing us to pull everything to the left in agreement with our SDLC and with our developers, and have them not only get buy-in because they can run sandbox scans that allow them not to generate metrics, but also run policy scans where we identify what the policy is and what is acceptable. So, it has helped us secure our company and our applications.

What is most valuable?

  1. The ability on static scans to be able to do sandbox scans which do not generate metrics.
  2. Gives us every vulnerability that has been identified, so there is no human intervention. Therefore, we can actually look and prioritize our own vulnerabilities as opposed to having someone else try to get in between.

What needs improvement?

I would love to be able to do a dynamic sandbox scan. I think that that would allow us to really get a lot more buy-in from the software development teams. We would be able to scan our applications, identify the vulnerabilities, not generate metrics, which would allow the teams to address the vulnerabilities earlier in the cycle, and then have cleaner scans later on.

Also, I would maybe like to see a better report engine.

What do I think about the stability of the solution?

It is extremely stable.

What do I think about the scalability of the solution?

So far, extremely scalable.

How are customer service and technical support?

We do have ongoing technical support. We use them more as a backstop. My team handles most of the calls and issues that any of the developers might have. 

CA support has excellent time frames. They are knowledgeable and get back to you with an actual solution, which is always a plus.

How was the initial setup?

The initial setup was very straightforward.

  1. It is SaaS, so we did not have to install anything locally.
  2. We were able to give our privileged users better roles because it is role-based, and to do multi-factor authentication. All we have to do, once we set up our trust relationship, we have single sign-on and we white-listed everything. So, it is everything that we wanted from a security point of view, and it is easy to roll out.
**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More Veracode reviews from users
...who work at a Financial Services Firm
...who compared it with Coverity
Keep your software secure

Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: August 2021.
534,226 professionals have used our research since 2012.
Add a Comment
ITCS user
1 Comment

author avatarreviewer1384917 (Principal, Customer Advocacy at Veracode)

Thank you for taking the time to share your experience with Veracode. We appreciate your time and hope all is still going well. Please let me know if there's anything I can do to help, my role is new here and I'm fascinated with the customer feedback.