Veracode Review

Ad-hoc scanning during the development cycle, reporting for audits, are key features

What is our primary use case?

We test each major release of our software using Veracode static and dynamic testing. We also do manual penetration testing annually.

How has it helped my organization?

Ensures our code and system are 100% compliant. In terms of APPSec best practices and guidance to our team, the Knowledgebase available on the Veracode system is a great resource for our developers.

For our customers, the added security assurance is a requirement.

What is most valuable?

  • Ad-hoc scanning during the development cycle
  • Reports for audits

In terms of integrating Veracode into our existing software development lifecycle, there are regular milestones in the SDLC to perform Veracode scans.

What needs improvement?

  • Entering comments for internal tracking
  • Entering a priority
  • Reports that show the above

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability.

How are customer service and technical support?


Which solution did I use previously and why did I switch?

We did use a previous solution. It didn't satisfy our needs technically, and the customer service and its cost were not satisfactory.

How was the initial setup?


What was our ROI?

We don't do a detailed enough analysis to reflect on any cost savings relating to code fixes made since we implemented Veracode.

What's my experience with pricing, setup cost, and licensing?

Negotiate some, but their prices are reasonable.

Which other solutions did I evaluate?

HPE Fortify.

What other advice do I have?

Have them guide you through your first scan - make sure to add hours to your initial contract for that.

I am very likely to recommend Veracode to colleagues.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Keep your software secure

Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

Add a Comment
Sign Up with Email