Veracode Primary Use Case

MT
Marcello Teodori
Software Architect at Alfresco Software

The use case is that we have quite a few projects on GitHub. As we are a consulting company, some of these projects are open source and others are enterprise and private. We do security investigating for these projects. We scan the repository for both the static analysis—to find things that might be dangerous—and we use the Software Composition Analysis as well. We get notifications when we are using some open source library that has a known vulnerability and we have to upgrade it. We can plan accordingly.

We are using the software as a service.

View full review »
Karen Meohas
Information Assurance Manager at xMatters

We have three use cases. We have the dynamic scans that we use to scan the production, public-facing URLs. We also use the static scan where we work with the Dev team and scan the code base for the web application and the mobile application on both iOS and Android. Our third use case is manual penetration tests, which my team manages. We do annual manual penetration tests.

It's deployed to our platform infrastructure, which is in a public cloud.

View full review »
SS
reviewer1451973
Head Of Information Security at a media company with 51-200 employees

We use Veracode for static analysis of source code as well as some dynamic analysis.

View full review »
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2021.
476,892 professionals have used our research since 2012.
Srinivasa Rao Kuruba
Manager, Information Technology at Broadcom Corporation

Veracode has both static application security testing as well as dynamic application security testing, also called Dynamic Analysis. Our primary use case was on the static analysis side, not on the dynamic, because we have an automated tool in the dynamic analysis scope. So our primary use was static analysis security testing.

View full review »
SM
reviewer1450479
Principal for the Application Security Program and Access Control at a engineering company with 10,001+ employees

We use it for dynamic scanning and Static Code Analysis as well as for Software Composition Analysis (SCA).

We do use this solution's support for cloud-native applications.

View full review »
Sebastian Toma
Engineering Security Manager at Nextiva

Our primary use case of this solution is for static and dynamic analysis along with the source gear for the third party dependency (not IDM). 

We were looking into actually moving towards IDM, but that's the extent of my knowledge. They are licensed as two separate products. They're part of the same platform, but they are licensed separately.

We have Veracode, Veracode Developer Training, Veracode Software Composition Analysis, and SourceClear. SourceClear and SCA are pretty much the same. They just support different languages. Veracode as a whole, the top option, is the one that includes everything.

View full review »
Deepak Naik
Product Owner - DevOps at Digite

We use Veracode primarily for three purposes:

  1. Static Analysis, which is integrated into our CI/CD pipeline, using APIs. 
  2. Every release gets certified for a static code analysis and dynamic code analysis. There is a UAT server, where it gets deployed with the latest release, then we perform the dynamic code scanning on that particular URL.
  3. Software Composition Analysis: We use this periodically to understand the software composition from an open source licensing and open source component vulnerability perspective.
View full review »
Mauro Verderosa
Cybersecurity Expert at PSYND

We use both the static and the dynamic scanning. What we do is run the code through the scanner once we make any modifications. And periodically, we also run the dynamic to connect several applications. We use Veracode to check for specific vulnerabilities such as cross-site scripting. When we are checking for those vulnerabilities, we take a portion of code that is going to be generated and we run the scanner.

View full review »
RL
reviewer1448070
Security Architect at a financial services firm with 1,001-5,000 employees

We use it to scan our web applications before we publish them to see if there are any security vulnerabilities. We use it for static analysis and dynamic analysis.

View full review »
AS
reviewer1436241
DevSecOps Consultant at a comms service provider with 10,001+ employees

We use the Veracode SAST solution to scan the Java, Node.js, and Python microservices as part of our CI/CD pipeline, wherein we are using our CI/CD server as Bamboo, Jenkins, and GitLab CI/CD. 

We have teams for both our cloud pipeline and on-prem pipeline, and both teams use this solution. We are using Veracode to constantly run the internal application source code and ensure the code's security hygiene.

View full review »
YT
reviewer1451970
R&D Director at a computer software company with 201-500 employees

We focus on these two use cases: 

  1. Our first use case is for Static Analysis (SAST). The purpose of it is to scan our code for any vulnerabilities and security breaches. Then, we get some other reports from the tool, pointing us to the problematic line of code, showing us what is the vulnerability, and giving us suggestions on how to fix or mitigate them.
  2. The second use case is for the Software Composition Analysis (SCA) tool, which is scanning our open sources and third-party libraries that we consumed. They scan and check on the internal database (or whatever depository tool it is using), then they return back a report saying our open sources, the versions, and what are the exposures of using those versions. For any vulnerability, it suggests the minimum upgrades to do in order to move to another more secure version.
View full review »
DM
reviewer1450191
IT Cybersecurity Analyst at a educational organization with 11-50 employees

We use it to scan our biggest applications, our bread and butter. We've got a lot of developers using it in our organization, and we've got quite a few applications using it as well.

View full review »
Heythem Ben Fadhel
Product Software Engineer at a tech services company with 1,001-5,000 employees

We use the Static Analysis, Dynamic Analysis, and SCA, the software composition analysis.

View full review »
Christian Camerlengo
Senior Programmer/Analyst at a financial services firm with 10,001+ employees

We're required to make sure we have no high or very high security issues in our code. Veracode is a code reviewer to prevent hacking and other bad things from happening.

View full review »
reviewer1360617
Sr. Security Architect at a financial services firm with 10,001+ employees

We are using Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Static Component Analysis (SCA). We use different types of scanning across numerous applications. We also use Greenlight IDE integration. We are scanning external web applications, internal web applications, and mobile applications with various types/combinations of scanning. We use this both to improve our application security as well as achieve compliance with various compliance bodies that require code scanning.

View full review »
Divakar Rai
Senior Solutions Architect at NessPRO Italy

I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code.

View full review »
SeshagiriSriram
Vice President of Technology at Cogniphi Technologies Pvt Ltd

We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes.

View full review »
Riley Black
Senior Security Analyst at a wellness & fitness company with 1,001-5,000 employees

Veracode is a cornerstone of our Development Security Operations Program, particularly scanning automation and remediation tracking.

We've been able to monitor the release cycle and verify our Security Standards are met by setting policy and ensuring scans are taking place. If a scan fails to meet our standard the build breaks and the flaws are remediated before releasing to Stage and ultimately Production -  where the potential impact is much more costly. 

We have discovered opportunities to make our code even better thanks to Veracode!

View full review »
RR
reviewer1310136
Founder & CEO at a healthcare company with 1-10 employees

We use this solution for Digital Health.

View full review »
MA
Princip677
Managing Principal Consultant at a tech vendor with 11-50 employees

Our primary use case for this solution is application security.

View full review »
reviewer1359297
Software Engineer at a financial services firm with 501-1,000 employees

This was intended to scan all of our custom development efforts to ensure a certain level of (secure) code quality. Right now the scope of that effort is limited to web exposed systems but with maturity, we hope to increase that scope.

View full review »
reviewer1360623
VP Engineering at a tech services company with 201-500 employees

Our primary use cases are for comprehensive security assessment using static analysis, dynamic analysis, source code composition, and manual penetration tests. We also use it for security training for developers.                         

View full review »
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2021.
476,892 professionals have used our research since 2012.