Veracode Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
Kyle Engibous
Real User
Systems Architect at a tech vendor with 201-500 employees
Mar 26 2018

What is most valuable?

The most important one is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to… more»

How has it helped my organization?

We have a large developer base at our company ranging in a variety of skills sets. Some are very security aware, others really don't have the knowledge. What Veracode… more»

What needs improvement?

From a technical standpoint, I'm pretty happy with everything. The one thing I'd like to be able to do is schedule dynamic scans. Today we're kicking those off manually… more»

What's my experience with pricing, setup cost, and licensing?

If you're licensing, and you're looking at licensing models, you might want to ask Veracode about their microservice, depending on the company. If you are a microservice… more»

If you previously used a different solution, which one did you use and why did you switch?

We had never done anything like this in the past. This was the solution that we chose. We didn't really evaluate anything else. I know that my boss has been a fan of some… more»

What other advice do I have?

I would advise that you figure out a way to integrate it into your software development lifecycle in a way that it's not intrusive to your developers. That was really… more»

Which other solutions did I evaluate?

There were some, but we didn't get serious about them because they didn't have everything that we wanted.
Real User
Director Security and Risk OMNI Cloud Operations at a tech vendor with 1,001-5,000 employees
Apr 12 2018

What is most valuable?

* The static scanning of the software is very important to us. * The ability to set policy profiles that are specific to us. * The software composition analysis, to give… more»

How has it helped my organization?

We do automated scanning, so we use it as part of our development cycle. We do both automated security scanning as well as our own automated testing. We run the two in… more»

What needs improvement?

It's really hard to criticize something that has become somewhat seamless for us. If they wanted to expand their capabilities into other areas of security, that would be… more»

What's my experience with pricing, setup cost, and licensing?

We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what… more»

If you previously used a different solution, which one did you use and why did you switch?

Prior to working with Veracode, we used a self-applied application. That is, we had the solution on-premise, but just could never quite get the routine approach that we've… more»

What other advice do I have?

We recommend Veracode to colleagues all the time. I'd give the advice of not getting hung up on trying to compare the static scanning to the dynamic scanning, that's… more»

Which other solutions did I evaluate?

I'd rather not give out competitor names. But the method we were using in the past was what is called dynamic scanning, or DAST. That required we have an environment that… more»
Find out what your peers are saying about Veracode, SonarQube, Micro Focus and others in Application Security. Updated: June 2019.
353,754 professionals have used our research since 2012.
Sebastian Toma
Real User
Engineering Security Manager at Nextiva
May 26 2019

What is most valuable?

With Veracode, it's not about features for us. It is about the pricing model that they offer. To be honest, with their vulnerability database, the total amount of false… more»

How has it helped my organization?

We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the… more»

What needs improvement?

Veracode owns SourceClear. They bought them in 2017 or 2018, and they still are not fully integrated with the actual Veracode dashboards. Right now, you have to use two… more»

What's my experience with pricing, setup cost, and licensing?

They just changed their pricing model two weeks ago. They went from a per-app license to a per-megabyte license. I know that the dynamic scan was $500 per app. Static… more»

If you previously used a different solution, which one did you use and why did you switch?

We never did use other products. The reason we started looking into IBM and WhiteSource was because of the hiccups or the speed bumps we were encountering with our… more»

What other advice do I have?

If the springboard issue doesn't hold them back and the pricing model stays the same as the one that we have right now for this year with them, it's a good deal. Veracode… more»

Which other solutions did I evaluate?

We looked at IBM before we decided to go with Veracode. I've seen the documentation that our director of information security put together. We looked at six different… more»
Real User
Information Security Engineer Team Lead at a hospitality company with 1,001-5,000 employees
May 02 2018

What is most valuable?

The reporting and mitigation features which allow our people to work on their own.

How has it helped my organization?

It has given us insight into the actual flaws that are out there, and the speed at which they're getting mitigated. Now, we're starting to see quantitative metrics to show the overall risk with code… more»

What needs improvement?

The only areas that I'm concerned with are some of the newer code libraries, things that we're starting to see people dabble with. They move quickly enough to get them into the Analysis Engine, so I… more»

What's my experience with pricing, setup cost, and licensing?

I think the pricing is in line with the rest of the tools. I think you get what you pay for. It is certainly not inexpensive, but the value proposition is there. There are certainly cheaper tools, but… more»

If you previously used a different solution, which one did you use and why did you switch?

We used HP WebInspect, which is now under the Fortify umbrella. HP WebInspect was just terrible. Had we used the on-demand cloud piece - which is why I perhaps have to pull my comment back - maybe we… more»

What other advice do I have?

My advice is what I mentioned in the pricing/licensing section above, you really need to understand what it is you are looking to do. Also, take into account a data sensitivity for the applications… more»
Real User
Chief Information Security Officer with 501-1,000 employees
Nov 19 2018

What is most valuable?

* Having the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important. * Utilizing the software as a service. We do the scanning… more»

How has it helped my organization?

We are a state agency, we're not a private-sector company. What we're able to do is take our main web-based application, which is not only for internal use but which the citizens of Ohio also use, and… more»

What needs improvement?

I attended a meeting of one of the security organizations I am associated with. At the meeting were security professionals from several major retail companies. The topic of discussion happened to be… more»

What's my experience with pricing, setup cost, and licensing?

We're always looking to save the taxpayers' money. I used to tell my vendors, sharpen those pencils and make the tip laser-sharp. When it can be, I want it to be less expensive, but you get what you… more»

What other advice do I have?

I would absolutely recommend Veracode. I've suggested to one of the larger agencies that they implement the solution and that they come to see what we've experienced and how we use the tool. I really… more»

Which other solutions did I evaluate?

The state of Ohio decided to bring AppScan in and that's an IBM tool. IBM became a major vendor in the state of Ohio. But what happened is that AppScan does not offer static code vulnerability… more»
GL32aS
Real User
Global Application Security at a pharma/biotech company with 10,001+ employees
Apr 09 2018

What is most valuable?

The Static and Dynamic Analysis capabilities are very valuable to us.

How has it helped my organization?

We are able to create business policies, and the Veracode system allows us to enforce those policies. That's at the very high level. We're looking at improving the overall security quality of our software. We use it as a platform to help enable that process. Veracode, in and of itself, is doing… more»

What needs improvement?

They've improved the speed of the inspection process. I'd never want the inspection process to become something that's suspect. False positives would diminish confidence in the results; if we don't continue to focus on reducing false positives... that is number one. The on-platform reporting needs… more»

What other advice do I have?

I hold Veracode in high regard. It's a good organization to work with, and it's a very conscientious organization. I'm always a recommender of the solution set.
Dave Cheli
Real User
Chief Technology Officer
Mar 15 2018

What is most valuable?

Certainly it eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code… more»

How has it helped my organization?

Firstly, it prevents me from putting out software that has security vulnerabilities, which is a big thing and can be one of the most important things. Also, we just… more»

What needs improvement?

The Web portal, at times, is not necessarily intuitive. I can get around when I want to but there are times when I have to email my account manager on: "Hey, where do I… more»

What's my experience with pricing, setup cost, and licensing?

I think it's a great value. It's at a price point that a small company like mine can afford to use versus, if it was too exorbitant, I wouldn't be able to use this… more»

If you previously used a different solution, which one did you use and why did you switch?

Veracode was really my first introduction to static code analysis. The way I came across it in my previous company was, they were going through security due diligence and… more»

What other advice do I have?

CA Veracode provides application security (AppSec) best practices and guidance to our teams in a couple ways. First of all, they have an e-learning module that has courses… more»

Which other solutions did I evaluate?

When I was at the last company, I looked at HPE (now Micro Focus) Fortify vs Veracode and maybe IBM had a product, but they were overly complex and overly expensive. I… more»
Real User
Associate Director
Jul 05 2018

What is most valuable?

It has several components in that help you identify abilities in the core. It also provides security of different Shadow IT activities in our environment, especially… more»

How has it helped my organization?

It has helped us identify all the applications flaws, especially with so many open source licenses available to the developers. With this product, it allows you to plug in… more»

What needs improvement?

They are already working on, but we are looking forward to seeing it. We would like the consolidation of all the different modules. This would help, so then we would be… more»

What's my experience with pricing, setup cost, and licensing?

It is pricey. There is a lot of value in the product, but it is a costly tool. The customer should demand better turnaround times for the money that they are paying… more»

If you previously used a different solution, which one did you use and why did you switch?

We did not previously use another solution.

What other advice do I have?

I would rate the product as an eight out of 10 for recommend it to colleagues. I would rate the overall product as a seven out of 10.

Which other solutions did I evaluate?

We did a PoC with Black Duck.
See 35 More Veracode Reviews

Articles

User Assessments By Topic About Veracode

Find out what your peers are saying about Veracode, SonarQube, Micro Focus and others in Application Security. Updated: June 2019.
353,754 professionals have used our research since 2012.

Veracode Questions

Veracode Projects By Members

What is Veracode?

Veracode is an application security company that offers an automated cloud-based service for securing web, mobile and third-party enterprise applications. Veracode provides multiple security analysis technologies on a single platform, including static analysis, dynamic analysis, mobile application behavioral analysis and software composition analysis.

Veracode customers

State of Missouri, Rekner

Highlights
The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future.
We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it.
Tech support is outstanding. Best in class. Absolutely. They bend over backwards to help us. We'll come up with questions and within minutes, we'll get answers. It's amazing. It's truly amazing.
It has the ability to scale, and the fact that it doesn't produce a lot of false positives.
The ability on static scans to be able to do sandbox scans which do not generate metrics.
Wide range of platforms and technology assessments.
Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester.
See more »
BUYER'S GUIDE
Download our free Application Security Report and find out what your peers are saying about Veracode, SonarQube, Micro Focus, and more!
Sign Up with Email