Good integration with Azure DevOps, but the reports need more information on problem resolution
Pros and Cons
"CAST Highlight is easy to use and has a good dashboard."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
What is our primary use case?
We are a solution provider and we used CAST Highlight in a project, last year, for one of our clients.
What is most valuable?
CAST Highlight is easy to use and has a good dashboard.
This solution integrates well with Azure DevOps and you can import the dashboard into that environment.
What needs improvement?
The level of abstraction is a little bit high compared to other solutions, such as Veracode.
The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user. Reducing this type of technical debt would help to manage policy such that it was easier to create and submit for approval. Essentially, it does not provide enough help for the developers.
For how long have I used the solution?
We used CAST Highlight for about one year.
What do I think about the stability of the solution?
The software is stable. It was used on a daily basis during this project. There were often seven builds competed each day that reports were generated for.
What do I think about the scalability of the solution?
I have not seen any issues related to scalability, although we were not using a great deal of code. It was quite possibly only three or four repositories that we were scanning, which means that we did not really test the scalability.
We only had six or seven people in our DevOps team for this project.
How are customer service and technical support?
We did not have to contact technical support.
Which solution did I use previously and why did I switch?
I have also used Veracode and I like it much better. Veracode is easier for developers to work with. I have also worked with SonarQube.
The integration with Azure DevOps means that there are things you can do in CAST Highlight that you cannot do using other solutions.
How was the initial setup?
It is easy to set up and get started.
What about the implementation team?
Our in-house team handled the deployment. It took a couple of days to deploy and learn how to use it.
What's my experience with pricing, setup cost, and licensing?
Basic support is included with the standard licensing fee but it can be upgraded for an additional cost.
What other advice do I have?
In general, this solution is easy to set up, easy to get started, easy to use, and easy to integrate, but the usability is not as high as that of Veracode. It would be great if it were more developer-friendly and it provided more information on how to resolve the problems that it discovers. I have seen other tools that do a better job of providing reports and guidance to the developers.
I would rate this solution a six out of ten.
Which deployment model are you using for this solution?
Disclosure: I am a real user, and this review is based on my own experience and opinions.