Veracode Review

Enables us to perform security checks with ease


What is our primary use case?

We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes.

How has it helped my organization?

Technically there is nothing wrong with Veracode. The only issue that we have here is uploading the code, the process of actually uploading and getting our results back. All of that is a little cumbersome. 

What needs improvement?

Technically there is nothing wrong with Veracode. The only issue that we have is uploading the code, the process of actually uploading and getting our results back. All of that is a little cumbersome. 

One of the things that we have from a reporting point of view, is that we would love to see a graphical report. If you look through a report for something that has come back from Veracode, it takes a whole lot of time to just go through all the pages of the code to figure out exactly what it says. We know certain areas don’t have the greatest security features but those are usually minor and we don’t want to see those types of notifications. So we would like to see a kind of a graphical representation of the problem areas. I would like to know which file is the biggest source of issues for me so that I can focus on resolving the issue, as a project manager. With how it is now, I am able to do this but I have to take out the whole PDF file and extract it. It takes up a lot of my time. I would like to see better strategic reporting. It would be great to get better graphical reporting.

For how long have I used the solution?

We have been using it for three years.

What do I think about the stability of the solution?

Stability is very good and there were no issues. I will give it five stars.

What do I think about the scalability of the solution?

It's very good; really very good. I would strongly recommend that. Technically I would be expecting a double concept for Veracode. I would still say this is one of the best products ever on that website. I don't have any issues with the scalability. 

How are customer service and technical support?

I had no technical issues at all.

How was the initial setup?

The initial setup can be a little complex for people or for organizations that don't have technical skills. Another small thing is that you need to have one person who's fluent and technically knowledgeable to help during the upload process. But otherwise, it's pretty much straightforward. It's not an issue, it's perfect.

What other advice do I have?

I would strongly recommend doing an internal analysis first, before setting it across to Veracode to proceed and to use it more as a final verification point. My point is that Veracode is very good, and I would strongly recommend it. I have seen other solutions on the market and that's why I say: don't waste your time on other products, just get Veracode.

I would rate it an eight out of ten. Not a ten because of the reporting issues I mentioned that I would like to see improved.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Keep your software secure

Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

Add a Comment
Guest
Sign Up with Email