The implementation was completed in-house.

In the beginning, two or three years back, we were pretty new to Veracode, and we did seek help from the Veracode consulting team. Their support is amazing. If I send an email for any help, they respond within 30 minutes. Their response time is good, and they provide clear guidance.

I've personally interacted with them recently for a few issues, and their support is amazing.

So, initially, we did take consultation when we set it up, but once we became comfortable and familiar with the process and the documentation was also clear, we started managing it ourselves.

For the implementation process, a developer pushes changes to the master branch or a feature branch the first step is to trigger the Veracode scan in the CI/CD pipeline. We use Azure DevOps for this.

The next step is to include the code in the Veracode scan. This is the second step. Before going into further steps like building the Docker image and containerizing the application for deployment, we have a condition in place. If the Veracode scan doesn't complete successfully, we don't proceed to the next step, and the entire build fails.

We don't need a lot of members for the deployment part. It's only me and my technical expertise, like, one or two people. Any DevOps is enough.

We don't see much need for maintenance. It's pretty easy to manage. Veracode is also maintained by a dedicated team internally, and they provide support for everyone within the organization. So, if there are any upgrades or maintenance required, they take care of it. But from our team's perspective, there's no need for ongoing maintenance. We set it up once, and that's it.

We utilized a value-added reseller, and they provided integrators themselves. Additionally, we have direct connections with Veracode. So, my understanding is that we likely received assistance from both the value-added reseller's team and Veracode.

We have monthly calls with Veracode. I work directly with engineers and have access to their email addresses and telephone numbers. This way, whenever there's a problem or an issue, I can easily reach out to someone. Additionally, I receive almost daily emails regarding recent developments and occurrences.

The implementation was completed in-house.

We handled the implementation ourselves. 

They do have dedicated professionals who demonstrate a deep understanding of unique challenges. 

The deployment is automated using Jenkins. We just need some parameters to deploy the code to the environment.

We used a third party to help with the deployment. Our experience was good. 

We implemented it with the help of a third-party vendor. They had two people on their team who were working on the deployment along with me. My responsibilities included adding all of our software to the tool to run scans against it, integrating it with our DevOps solution, discussing the tool itself with internal stakeholders as to how they can use it and showing programmers how to use the tool from an internal adoption standpoint.

The implementation was completed in-house.

We got help directly from Veracode. I would rate their help at eight or nine out of 10. They helped us implement it into our pipelines, daily processes, and software. And they helped us understand how to mitigate the flaws and how to open up consultation hours if there was something we disagreed with, such as false positives. They gave us very good onboarding and implementation.

There were team members from the engineering, product, and consulting for procurement, implementation, and final roll-out of the solution.

Its maintenance is a part of the implementation pricing plan and subscription. They are providing the maintenance and upgrade of the system. Because it is cloud-based, it is not managed by us. Veracode currently manages all the upgrades and updates. For any operational issues or additional change management, there is an additional cost.

There are 10 to 15 people in our networking infrastructure and the cloud team who are responsible for handling all the issues and the requirements for the developers. I'm also responsible for that. We are coordinating with their sales team and the account management team for any new requests or ongoing issues.

We did it in-house. I worked with two of my colleagues.

We implemented the solution in-house.

We had assistance from our local reseller, and the experience was great because we had a direct connection from the partner to the brand. We have a local team member who was in charge of the resell process. 

I did the original Amazon CodePipeline implementation by myself and got it hooked up. As we went to more complex things, with Jenkins, that was done through an integrator DevOps team. On our side, it was just me involved.

We used the experience of engineers who had used Veracode in the past, as well as feedback from Veracode's engineers.

We implemented Veracode in-house with only three people involved.

The implementation was completed in-house.

The implementation was completed in-house.

The initial setup was easy since it is a SaaS solution and a well-documented product at the same time. In our company, we don't need to spin up a server to install something since we simply use the web interface and integrate the web interface with the DevOps environment.

On a scale of one to ten, where one is a hard setup and ten is an easy setup, I rate the initial setup phase an eight or nine.

The solution is deployed on the cloud. In our company, we use Microsoft Azure DevOps for our environment, but I don't know the environment in which Veracode gets used in our company. Veracode offers a web interface and API, so I don't know their cloud solutions.

The deployment is quite fast, but its overall quickness in terms of deployment depends on the number of applications you want to scan. If you want to scan one application, the deployment can be quickly done since we need to integrate Veracode into our DevOps environment.

It was done in-house. I didn't hire anyone for deployment.

We worked with Veracode, without any third-party vendor involved. Their solution and architectural team, and their product demos team, gave us good product demos, and we had a chance to evaluate Veracode before fully implementing it in our organization.

On our side, it involved seven to eight people, because we have multiple applications and multiple source codes.

Implementing Veracode doesn't take much time. It takes only a few hours to implement the solution. Veracode was deployed by a team consisting of two to three members.

The implementation was completed in-house.

The implementation was completed in-house.

Everything was done in-house.

We had a consultant from Veracode. His name was Dennis. We were satisfied with his job. 

We deployed Veracode in-house. 

We deployed Manual Penetration Testing ourselves, but we have an arrangement with Veracode to provide the necessary professional services to support us. Consulting is part of the package they provide.

In terms of implementation services, we didn't go to any third party. Veracode was pretty good. They were very responsive and answered questions. We were able to get the help we needed.

If Veracode thinks that it's best to bring in an integrator for the first 30 days, they should build that into the cost of the contract. I don't think I would have blinked if they had told me, "We suggest paying a little bit extra for the first year because we want you to purchase a professional services contract from this company. They will work with you for a month and guarantee to get you up and running with best practices within 30 days."

We did the deployment of the solution in-house.

We deployed Veracode Static Analysis in-house.

We did the deployment of the solution in-house. We typically can do the deployments with one person.

We completed the deployment ourselves.

There were two people involved. The first was our IT person, and the second was a senior member of the engineering team. There is no maintenance required.

One person can deploy the product. I haven’t had any maintenance-related issues with the solution. Whatever new vulnerabilities come, they are already updated in the database. Since we are a partner, it will be helpful if Veracode notifies us whenever it releases the vulnerability reports. We cannot always check the portal.

I implemented it.

We implemented the solution in-house. It is not that complicated.

In terms of maintenance, there is certainly some overhead involved for each team. They have to make sure that the build pipeline integration is still working and essentially, that we're still getting results. Occasionally, for whatever reason, it breaks and somebody has to go in and fix it.

I can't say that there is no staffing required for maintenance but it's rare. In total, a few hours a month across the company is spent keeping it going. More time is spent evaluating and resolving the findings, which is part of our development work. That's not imposed by the solution but rather a positive outcome from using Veracode. As such, I wouldn't count that as maintenance. 

The solution was implemented by an internal consultant and me.

We do the setup and implementation ourselves.

When I used to maintain this for 1,000 developers, two or three people were enough to maintain it.

We implemented with all in-house resources.

Implementation was in-house (Deployment, Automation Engineers, Myself)

I implemented it myself. I work with DevOps and security teams. In some cases, I also work with developers.

It does not require any maintenance. Because it is a SaaS solution, the maintenance is provided by them.

We did not use integrators. We did have the training and we did have professional services in the form of customer support from Veracode.  

Customer support was amazing during the evaluation phase.

We implemented the solution in-house.

We did it in-house with Veracode. Working with Veracode for the deployment was pretty easy, pretty straightforward.

Our IT team did the implementation with support from the Veracode team. The Veracode team was very good.

We implemented it through an in-house team. This a Quality Engineering Shared Service team with a part-time custodian that performs other roles, as well. We found the need to have a designated custodian per application scrum team to assure scans capability, and the scan frequency for that team is maintained, escalating any issue to the shared service team and/or Veracode directly, and for shepherding vulnerabilities through the backlog routinely.

We handled the implementation ourselves.

We have a team in-house to implement this solution.

For both SCA and SAST tools, including documentation, providing the code, writing the code for the pipeline, and giving some training to the developers, a deployment can take us close to two weeks. 

Deploying automated process tools, like Veracode, Qualys, and Checkmarx, does take more effort than uploading the code manually each time.

An Israeli sales representative for Veracode came to our office and worked very closely with us. They escorted us through the process of doing the PoC, examining the results and tools, and how to use them. We found it straightforward. There were some hiccups and some problems in the beginning, but not something significant in the general overview. It was easy and fast to adopt.

The Veracode team is replying fast and the proved a strong expertise in every challenge.

We did not use an integrator or a third-party. We did it with the help of Veracode.

We work on the deployment process. The solution is deployed both on-prem and in the cloud environment.

The solution doesn't require any maintenance. 

I don't think there was any in-house work. I think it was just all on their server. We didn't have any equipment or any software per se other than just downloading a plugin or IDE, which essentially did the same sort of code analysis.

Since we are based in the UK, the original Veracode Team (not CA) was helping us directly during the setup, then trained us.

We did the implementation ourselves.

It would be better to have some assistance when implementing this solution.

In-house.