Veracode Software Composition Analysis Review

Stable with good technical support and a moderately easy implementation process


What is our primary use case?

The primary use case was scanning a single-digit number of applications. We scanned them about twice a year and that's about it. It was just to get the results. We used the results to gauge our security health.

What is most valuable?

The feature that was most valuable to us was the ability to point locally in a quorum.

What needs improvement?

The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified. 

The solution needs to be more flexible. It needs to work with clients more effectively. 

Right now, the licensing model is based on the number of applications as opposed to being flexible and based on the number of developers or based on some other parameters. This constrains our company in terms of defining what an application is and doing the scans. We have an application with multiple deposit rates, but Veracode has a hard time recognizing the different components sitting in different depositories as one application. 

The solution is pretty similar to others. There wasn't anything that was so startlingly different it would make us want to stay.

For how long have I used the solution?

I had been using the solution for a while, but I am currently in the process of moving off of it.

What do I think about the stability of the solution?

The solution is stable. we've never had any issues surrounding its stability.

What do I think about the scalability of the solution?

There's nothing to scale. Asking if the solution is scalable or not isn't applicable in this case. It's not an active load balancer. It's just a static scan. If it was dynamic, there may be a question around scalability, but it is not.

How are customer service and technical support?

Technical support team is quite good. However, if we're talking in terms of how Veracode recognizes clients and deals with them, I'd rate them as bad.

Which solution did I use previously and why did I switch?

We did not previously use a different solution. We've only used Veracode.

How was the initial setup?

The initial setup has a moderate level of difficulty. It's neither simple or complex.

What about the implementation team?

We handled the implementation ourselves.

What's my experience with pricing, setup cost, and licensing?

The solution recently doubled in price over the past year, which is why I've decided to move away from it. The price jump doesn't make sense. It's not like there was a sudden influx in new features or advancements.

Without getting too specific, I'd say the average yearly cost is around $50,000. The costs include licensing and maintenance support.

What other advice do I have?

I handle software composition analysis. Currently, I'm moving away from Veracode.

I don't know which version of the solution I am using currently. It's not quite the most up-to-date version.

If a company is looking for a long-term partner, and not just a transactional solution, I'd suggest a different company.

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

Private Cloud
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Veracode Software Composition Analysis reviews from users
...who compared it with Veracode
Add a Comment
Guest