I use Veracode on a private cloud. When we implement a new solution, it needs to undergo user review. I was specifically interested in learning how the software works and how it can benefit my organization. Once I can get some clarity on this, I can recommend it to my IT team. I have not used the public cloud application yet because I am in the initial stage, and I am still doing trials on my end. 

I use it to scan applications to try and find security flaws.

We have access to the security platform and our applications are updated there. Besides that, we have installed the Greenlight plugin in the IDE. We can run the Veracode scan locally in our laptops thanks to that plugin.

My primary use case is secure programming with C++. This product assists with basic security awareness for computer systems.

I have used it as part of Veracode's Secure Coding Challenges. The challenges are a competition hosted by Veracode, where community members work through the training in a time-limited fashion. The first members to complete the challenges are deemed the winners.

The challenge topics range among OWASP's top 10 topics. I am an application developer, so the Veracode Security Labs are directly relevant to my work. They help illuminate common coding problems and walk through the appropriate way to fix them.

We use Veracode Security Labs along with Veracode Developer Training and other Veracode components in our company for Digitial Health, and security testing.

We use this eLearning product for our developers. We are working on adding it to our enterprise eLearning solution to help get developers to take it.

I have used it and looked at it from the perspective of its analysis, if you will, of database files, SQL, MCL SQL. I also looked at other components, Java and such, but not as in-depth. Personally, I think it was a little difficult trying to get it to profile those particular files to get them loaded in; however, it was honestly probably user error — just my misunderstanding of how to use the software more than anything else which is why it took a little longer. The Java stuff was a lot more streamlined. The database stuff was not as robust.

We used this solution to identify vulnerabilities. Essentially, load stuff up, find out what it finds. The next step is (assuming we have enough people to fix the higher priority ones) to look at some of the tips or remediation. Generally, just to find out what's wrong.

We're a smaller company, we had roughly 10 people or less using this solution. I don't think anyone is actively using it as much now because of project work, etc.

I am not familiar with how many other people are using it currently. Probably not many because the project work is different. Previously, there were more business needs for us to build more software but things have changed a little bit in the company. That requirement is different now from a corporate perspective.

Our use cases are for both dynamic and static scanning of web applications. The application is cloud-based in a major cloud provider. We schedule scans at regular intervals that support various compliance efforts within the enterprise. The application has a modern design with a responsive UI that adapts to the display of the device being used. Veracode seems to have little trouble scanning our application. Overall, we are happy with the service that Veracode provides us although the cost does seem quite high in my opinion.

We are currently evaluating this platform to see if it would help as a company-wide solution. 

If Veracode Security Labs is chosen then in the future, it will help developers, DevOps, and testers to better and more deeply understand threats and remediations related to application code.

In general, Veracode Security Labs will be used to improve the security of the code and help developers in their daily work.

It is one of the best solutions in the market to help train the developers. We mostly use AWS as a server with the solution.