Veracode Software Composition Analysis Review

Efficient at finding vulnerabilities but the number of false positives should be reduced


What is our primary use case?

I am a consultant and SourceClear is one of the solutions that I use to provide services.

This solution is used by people who want to verify the security of their own applications.

What is most valuable?

The most valuable feature is the efficiency of the tool in finding vulnerabilities.

What needs improvement?

A high number of false positives are reported and this should be reduced.

For how long have I used the solution?

I have been using SourceClear for about a year and a half.

What do I think about the stability of the solution?

This is a stable solution.

What do I think about the scalability of the solution?

We have no complaints about scalability. We have between 200 and 300 clients.

How are customer service and technical support?

We have not been in touch with Veracode's technical support.

Which solution did I use previously and why did I switch?

We have also used Checkmarx, where you can train the tool for false positives and ultimately reduce them.

How was the initial setup?

The initial setup is a little bit complex.

What about the implementation team?

It would be better to have some assistance when implementing this solution.

What other advice do I have?

Overall, SourceClear is working fine for us and our main complaint is in regard to the high number of false positives. Nonetheless, I would recommend Checkmarx over SourceClear.

I would rate this solution a six out of ten.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Veracode Software Composition Analysis reviews from users
Learn what your peers think about Veracode Software Composition Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
511,307 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest