Veracode Review

We do release with both static and dynamic scans, and mitigating the flaws identified


What is our primary use case?

To have a third-party analyze our code and make recommendations from a security perspective.

How has it helped my organization?

We do not pass our release without performing a static and a dynamic scan, and mitigating the flaws identified.

In terms of how our customers have benefited from the added application security of our applications, they are aware of our development process and it makes them comfortable that we have implemented industry best practices.

What is most valuable?

All the features provided by Veracode are valuable.

What needs improvement?

We use Ruby on Rails and we still don't have any support for that from Veracode.

The static scans on Java lack microservices architecture scanning. We have developed an in-house pattern for this and the scans can't take care of it as a single entity.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability.

How is customer service and technical support?

The support is good but has room for improvement. Issues don't get acknowledged quickly, repeated updating is required.

What was our ROI?

The cost savings are the efforts that it would take to do this at a stretch if this was not implemented early on in our development cycle.

What's my experience with pricing, setup cost, and licensing?

I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform.

Which other solutions did I evaluate?

WhiteHat.

What other advice do I have?

We have made process changes and improvements, although Veracode is not tightly integrated into our CI/CD platform yet.

I am very likely to recommend to colleauges that they work with CA Veracode.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Keep your software secure

Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

Add a Comment
Guest
Sign Up with Email