Contrast Security Assess Previous Solutions

C. Ray Mallory
Lead Application Security Engineer at FEPOC
When I came aboard we had SonarQube. Our teams weren't using it religiously. They would only spot check. There was really no one pushing to use it. Only a few developers knew how to use it. It was one of those things they bought and that sat on the shelf unless someone pulled it off the shelf to use for their code base. There was no management push to scan code for X number or types of vulnerabilities before putting that code into production. We did an analysis of what FEPOC needs right now. We looked at several tools and we settled on Contrast Assess because * it was scalable or for our needs * it was an easy set up * there wasn't a high bar or learning curve. The major reason was that we didn't really have a lot of time to spend on the learning curve. The Contrast tool and the Contrast team were there in guiding us every step of the way. We still use SonarQube in our Jenkins pipeline. But the developers are no longer using it. Now they're using Contrast, 100 percent. View full review »
Find out what your peers are saying about Contrast Security, HCL, Veracode and others in Application Security Testing (AST). Updated: May 2020.
418,901 professionals have used our research since 2012.