Veracode Review

Allows us to streamline identification of vulnerabilities and quickly address them


What is our primary use case?

Static code analysis for internally developed critical systems.

How has it helped my organization?

When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them. This has also lead to better overall code quality for the team, by pointing out some dated practices that needed updating.

We have required that our critical systems pass a Veracode scan prior to code being deployed into production. We also have included a step in the development stage to run specific code through a Veracode Sandbox to encourage better code quality, early on in the development lifecycle.

Veracode has helped us meet the requirements of our yearly external audits and has improved code quality, leading to less down time and less buggy code that users will encounter.

What is most valuable?

  • Code analysis tool to help identify code issues before entered into production.
  • Vulnerability Management and mitigation recommendations help with resolution of issues found, prior to deployment to production.
  • Developer Sandboxes help move scanning earlier within the SDLC.
  • The platform itself has a lot of AppSec best practices information, especially in the mitigation recommendation process. They have also offered cybersecurity e-learning for our team. 

What needs improvement?

The only notable problem we have had is that when new versions of Swift have come out, we have found Veracode tends to be a bit behind in updates to support the new language changes.

Also the Greenlight product that integrates into the IDE is not available for PHP, which is our primary language.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability.

How is customer service and technical support?

We have rarely needed to use tech support, and when we have it has performed as expected.

How was the initial setup?

Straightforward. Just add the applications in the portal and start scanning.

What was our ROI?

We don’t have the metrics to track specific dollars, but Veracode has saved us the cost of hundreds of employee hours by streamlining our vulnerability discovery process in legacy code, and by improving the quality of code released into production. 

As we support our organization's customer-facing digital channels by writing higher quality code, we have reduced the amount of bugs or downtime a user experiences using our systems. This saves in employee time and also increases engagement with our digital channels.

What's my experience with pricing, setup cost, and licensing?

Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need.

Which other solutions did I evaluate?

Yes, but too long ago to remember which ones.

What other advice do I have?

I would definitely recommend CA Veracode.

Just make sure you define a process for your developers prior to implementing the technology.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
1 visitor found this review helpful
Keep your software secure

Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

1 Comment
Arvin MonConsultant

How good is adding agents working in Banking and financial and Healthcare industries?

13 March 18
Guest
Sign Up with Email