Veracode Review

Provides the capability to track remediation and the handling of identified vulnerabilities. The application does not support API or Dynamic Application Security Testing

What is our primary use case?

We are planning on introducing a static code analysis tool to support a DevOps effort in our environment. The objective of the solution is to allow the team to identify vulnerabilities in the source code and improve the hygiene of the developed code before deployment.

How has it helped my organization?

This is currently still under evaluation, and it is pending review and assessment against other static code analysis solutions.

What is most valuable?

The solution provides the capability for the application teams to track remediation and the handling of identified vulnerabilities. The system provides workflow capabilities for the application teams to send the completed scans to the security teams for their review. In addition, the security team can track the remediation and risk acceptance statistics.

What needs improvement?

The solution currently does not support Dynamic Application Security Testing which is an important facet of application security testing. In addition, the current version of the application does not support testing for API.

For how long have I used the solution?

Trial/evaluations only.
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Veracode reviews from users
...who work at a Financial Services Firm
...who compared it with Coverity
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
521,637 professionals have used our research since 2012.
Add a Comment
ITCS user