Veracode Review

Our customers get the security of bug-free code, but raw file scans would help

What is our primary use case?

SAST. We have not yet integrated it into our software development lifecycle as it doesn't have the feature that enables us to integrate it with our repository.

How has it helped my organization?

It helps in achieving secure programming. Veracode provides us with industry best practices according to OWASP, CERT, and SANS. Our customers get the security of bug-free code and assurance regarding the application.

What is most valuable?

Scanning of .war and .jar.

What needs improvement?

Raw file scans and dynamic scans would be an improvement, instead of dealing with code binaries.

For how long have I used the solution?

Trial/evaluations only.

What do I think about the stability of the solution?

No stability issues yet.

What do I think about the scalability of the solution?

No scalability issues yet.

Which solution did I use previously and why did I switch?

We used SonarQube but to improve security in SAST we choose this.

How was the initial setup?

Setup is straightforward.

What's my experience with pricing, setup cost, and licensing?

The pricing is good for static code analysis.

Which other solutions did I evaluate?

Checkmarx, SonarQube.

What other advice do I have?

Implement this solution if you see WAF and SOC in your future.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More Veracode reviews from users
...who work at a Financial Services Firm
...who compared it with WhiteSource
Add a Comment