Veracode Implementation Team
The implementation was completed in-house.
View full review »PB
Pradeep Honaganahalli Basavaraju
ML engineer at a consultancy with 10,001+ employees
In the beginning, two or three years back, we were pretty new to Veracode, and we did seek help from the Veracode consulting team. Their support is amazing. If I send an email for any help, they respond within 30 minutes. Their response time is good, and they provide clear guidance.
I've personally interacted with them recently for a few issues, and their support is amazing.
So, initially, we did take consultation when we set it up, but once we became comfortable and familiar with the process and the documentation was also clear, we started managing it ourselves.
For the implementation process, a developer pushes changes to the master branch or a feature branch the first step is to trigger the Veracode scan in the CI/CD pipeline. We use Azure DevOps for this.
The next step is to include the code in the Veracode scan. This is the second step. Before going into further steps like building the Docker image and containerizing the application for deployment, we have a condition in place. If the Veracode scan doesn't complete successfully, we don't proceed to the next step, and the entire build fails.
We don't need a lot of members for the deployment part. It's only me and my technical expertise, like, one or two people. Any DevOps is enough.
We don't see much need for maintenance. It's pretty easy to manage. Veracode is also maintained by a dedicated team internally, and they provide support for everyone within the organization. So, if there are any upgrades or maintenance required, they take care of it. But from our team's perspective, there's no need for ongoing maintenance. We set it up once, and that's it.
View full review »We utilized a value-added reseller, and they provided integrators themselves. Additionally, we have direct connections with Veracode. So, my understanding is that we likely received assistance from both the value-added reseller's team and Veracode.
We have monthly calls with Veracode. I work directly with engineers and have access to their email addresses and telephone numbers. This way, whenever there's a problem or an issue, I can easily reach out to someone. Additionally, I receive almost daily emails regarding recent developments and occurrences.
View full review »Buyer's Guide
Veracode
March 2024
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,740 professionals have used our research since 2012.
The implementation was completed in-house.
View full review »KK
Krishna Kant Upadhyay
CEO and App Developer at DroidForge
We handled the implementation ourselves.
View full review »They do have dedicated professionals who demonstrate a deep understanding of unique challenges.
View full review »The deployment is automated using Jenkins. We just need some parameters to deploy the code to the environment.
View full review »We used a third party to help with the deployment. Our experience was good.
View full review »We implemented it with the help of a third-party vendor. They had two people on their team who were working on the deployment along with me. My responsibilities included adding all of our software to the tool to run scans against it, integrating it with our DevOps solution, discussing the tool itself with internal stakeholders as to how they can use it and showing programmers how to use the tool from an internal adoption standpoint.
View full review »The implementation was completed in-house.
View full review »We got help directly from Veracode. I would rate their help at eight or nine out of 10. They helped us implement it into our pipelines, daily processes, and software. And they helped us understand how to mitigate the flaws and how to open up consultation hours if there was something we disagreed with, such as false positives. They gave us very good onboarding and implementation.
View full review »There were team members from the engineering, product, and consulting for procurement, implementation, and final roll-out of the solution.
Its maintenance is a part of the implementation pricing plan and subscription. They are providing the maintenance and upgrade of the system. Because it is cloud-based, it is not managed by us. Veracode currently manages all the upgrades and updates. For any operational issues or additional change management, there is an additional cost.
There are 10 to 15 people in our networking infrastructure and the cloud team who are responsible for handling all the issues and the requirements for the developers. I'm also responsible for that. We are coordinating with their sales team and the account management team for any new requests or ongoing issues.
View full review »We did it in-house. I worked with two of my colleagues.
View full review »We implemented the solution in-house.
View full review »We had assistance from our local reseller, and the experience was great because we had a direct connection from the partner to the brand. We have a local team member who was in charge of the resell process.
MC
Michael Calabrese
Vice President of Engineering at Avant Assessment
I did the original Amazon CodePipeline implementation by myself and got it hooked up. As we went to more complex things, with Jenkins, that was done through an integrator DevOps team. On our side, it was just me involved.
View full review »JW
reviewer2287986
Lead Product Security Engineer at a computer software company with 1,001-5,000 employees
We used the experience of engineers who had used Veracode in the past, as well as feedback from Veracode's engineers.
View full review »MH
Mark Handzlik
Chief Software Architect at a tech services company with 51-200 employees
We implemented Veracode in-house with only three people involved.
View full review »The implementation was completed in-house.
View full review »The implementation was completed in-house.
View full review »The initial setup was easy since it is a SaaS solution and a well-documented product at the same time. In our company, we don't need to spin up a server to install something since we simply use the web interface and integrate the web interface with the DevOps environment.
On a scale of one to ten, where one is a hard setup and ten is an easy setup, I rate the initial setup phase an eight or nine.
The solution is deployed on the cloud. In our company, we use Microsoft Azure DevOps for our environment, but I don't know the environment in which Veracode gets used in our company. Veracode offers a web interface and API, so I don't know their cloud solutions.
The deployment is quite fast, but its overall quickness in terms of deployment depends on the number of applications you want to scan. If you want to scan one application, the deployment can be quickly done since we need to integrate Veracode into our DevOps environment.
It was done in-house. I didn't hire anyone for deployment.
JA
Jai Agarwal
Technical Architect at Orange España
We worked with Veracode, without any third-party vendor involved. Their solution and architectural team, and their product demos team, gave us good product demos, and we had a chance to evaluate Veracode before fully implementing it in our organization.
On our side, it involved seven to eight people, because we have multiple applications and multiple source codes.
View full review »Implementing Veracode doesn't take much time. It takes only a few hours to implement the solution. Veracode was deployed by a team consisting of two to three members.
View full review »JV
reviewer2183154
Manager Consultant at a tech services company with 1-10 employees
The implementation was completed in-house.
View full review »The implementation was completed in-house.
View full review »SS
ShubhamSharma5
Senior Consultant at Material Vision
Everything was done in-house.
View full review »KA
Kaushil Ambatkar
Cyber Security Consultant at a computer software company with 51-200 employees
We had a consultant from Veracode. His name was Dennis. We were satisfied with his job.
View full review »We deployed Veracode in-house.
View full review »We deployed Manual Penetration Testing ourselves, but we have an arrangement with Veracode to provide the necessary professional services to support us. Consulting is part of the package they provide.
View full review »KB
reviewer1705929
Sr. VP Engineering at a computer software company with 51-200 employees
In terms of implementation services, we didn't go to any third party. Veracode was pretty good. They were very responsive and answered questions. We were able to get the help we needed.
If Veracode thinks that it's best to bring in an integrator for the first 30 days, they should build that into the cost of the contract. I don't think I would have blinked if they had told me, "We suggest paying a little bit extra for the first year because we want you to purchase a professional services contract from this company. They will work with you for a month and guarantee to get you up and running with best practices within 30 days."
View full review »PR
Paul Rice
Senior Security Consultant at a financial services firm with 1,001-5,000 employees
We did the deployment of the solution in-house.
View full review »We deployed Veracode Static Analysis in-house.
View full review »We did the deployment of the solution in-house. We typically can do the deployments with one person.
View full review »We completed the deployment ourselves.
There were two people involved. The first was our IT person, and the second was a senior member of the engineering team. There is no maintenance required.
View full review »SM
Swarup M
Security Analyst at a tech services company with 11-50 employees
One person can deploy the product. I haven’t had any maintenance-related issues with the solution. Whatever new vulnerabilities come, they are already updated in the database. Since we are a partner, it will be helpful if Veracode notifies us whenever it releases the vulnerability reports. We cannot always check the portal.
View full review »I implemented it.
View full review »SP
Stephen Pack
Software development program leader at Vendavo
We implemented the solution in-house. It is not that complicated.
In terms of maintenance, there is certainly some overhead involved for each team. They have to make sure that the build pipeline integration is still working and essentially, that we're still getting results. Occasionally, for whatever reason, it breaks and somebody has to go in and fix it.
I can't say that there is no staffing required for maintenance but it's rare. In total, a few hours a month across the company is spent keeping it going. More time is spent evaluating and resolving the findings, which is part of our development work. That's not imposed by the solution but rather a positive outcome from using Veracode. As such, I wouldn't count that as maintenance.
SM
reviewer1450479
Principal for the Application Security Program and Access Control at a engineering company with 10,001+ employees
The solution was implemented by an internal consultant and me.
View full review »We do the setup and implementation ourselves.
View full review »VD
reviewer1526550
Lead Security Architect at a comms service provider with 1,001-5,000 employees
When I used to maintain this for 1,000 developers, two or three people were enough to maintain it.
View full review »We implemented with all in-house resources.
View full review »RB
Riley Black
Senior Security Analyst at a wellness & fitness company with 1,001-5,000 employees
Implementation was in-house (Deployment, Automation Engineers, Myself)
View full review »LF
reviewer1699062
Sales Engineer at a computer software company with 51-200 employees
I implemented it myself. I work with DevOps and security teams. In some cases, I also work with developers.
It does not require any maintenance. Because it is a SaaS solution, the maintenance is provided by them.
View full review »CG
reviewer1258986
Enterprise Architect, VP at a financial services firm with 501-1,000 employees
We did not use integrators. We did have the training and we did have professional services in the form of customer support from Veracode.
View full review »AS
reviewer1436241
DevSecOps Consultant at a comms service provider with 10,001+ employees
Customer support was amazing during the evaluation phase.
View full review »FN
reviewer2131128
Application Security Engineer at a financial services firm with 1,001-5,000 employees
We implemented the solution in-house.
View full review »RL
reviewer1448070
Security Architect at a financial services firm with 1,001-5,000 employees
We did it in-house with Veracode. Working with Veracode for the deployment was pretty easy, pretty straightforward.
View full review »Our IT team did the implementation with support from the Veracode team. The Veracode team was very good.
View full review »DJ
DavidJellison
Senior Director, Quality Engineering at a tech services company with 1,001-5,000 employees
We implemented it through an in-house team. This a Quality Engineering Shared Service team with a part-time custodian that performs other roles, as well. We found the need to have a designated custodian per application scrum team to assure scans capability, and the scan frequency for that team is maintained, escalating any issue to the shared service team and/or Veracode directly, and for shepherding vulnerabilities through the backlog routinely.
View full review »HJ
Hemanth Jayakumar
Sr Director at a non-profit with 51-200 employees
We handled the implementation ourselves.
View full review »RR
reviewer1310136
Founder & CEO at a healthcare company with 1-10 employees
We have a team in-house to implement this solution.
View full review »AB
Reviewer64985
Principle Consultant at a tech services company with 11-50 employees
For both SCA and SAST tools, including documentation, providing the code, writing the code for the pipeline, and giving some training to the developers, a deployment can take us close to two weeks.
Deploying automated process tools, like Veracode, Qualys, and Checkmarx, does take more effort than uploading the code manually each time.
View full review »YT
reviewer1451970
R&D Director at a computer software company with 201-500 employees
An Israeli sales representative for Veracode came to our office and worked very closely with us. They escorted us through the process of doing the PoC, examining the results and tools, and how to use them. We found it straightforward. There were some hiccups and some problems in the beginning, but not something significant in the general overview. It was easy and fast to adopt.
MV
Mauro Verderosa
Cybersecurity Expert at PSYND
The Veracode team is replying fast and the proved a strong expertise in every challenge.
View full review »SH
ChiefInfaf47
Chief Information Security Officer with 501-1,000 employees
We did not use an integrator or a third-party. We did it with the help of Veracode.
View full review »We work on the deployment process. The solution is deployed both on-prem and in the cloud environment.
The solution doesn't require any maintenance.
View full review »JS
reviewer1345386
Senior Software Developer at a pharma/biotech company with 201-500 employees
I don't think there was any in-house work. I think it was just all on their server. We didn't have any equipment or any software per se other than just downloading a plugin or IDE, which essentially did the same sort of code analysis.
View full review »EP
Elina Petrovna
Professor at BitBrainery University
Since we are based in the UK, the original Veracode Team (not CA) was helping us directly during the setup, then trained us.
View full review »RO
reviewer1596348
IT security architect at a consumer goods company with 10,001+ employees
We did the implementation ourselves.
View full review »AC
reviewer1276710
Associate Consultant at a comms service provider with 201-500 employees
It would be better to have some assistance when implementing this solution.
View full review »In-house.
View full review »Buyer's Guide
Veracode
March 2024
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,740 professionals have used our research since 2012.