Veracode Previous Solutions
We previously used some open-source software, but our developers generally manually performed code-checking. Our requirement is for a solution that takes care of our software code and security throughout the SDLC. Following evaluation, we found Veracode more useful in terms of licensing, pricing, and features.
View full review »I previously utilized a solution provided by IBM in my previous organization, but later we transitioned to a company named WhiteHat Security. The reason for this switch was that when we conducted a scan using the IBM solution, it returned a result of ten thousand vulnerabilities. It was my responsibility to review the vulnerability report and clear out any false positives. However, this task was extremely time-consuming, taking nearly forty hours to complete. The reason behind the prolonged effort was the spidering scan performed by the IBM solution, which continually traversed different pages through various links, leading to repetitive errors that required matching and deduplication. Out of the ten thousand vulnerabilities, approximately a thousand were legitimate, and the scanning capability was limited to DAST. To address these challenges, we migrated to WhiteHat Security. With WhiteHat's scanning process, the number of vulnerabilities was reduced significantly to around six or seven hundred. Their approach outperformed my manual efforts in identifying duplicates and further eliminated non-duplicate vulnerabilities that were caused by the same piece of code.
When I joined my current company they were already using Veracode.
View full review »We have only used Veracode, right from the start.
View full review »Buyer's Guide
Veracode
March 2024
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
I started my career with Veracode, a DAST review tool. I worked there for two-and-a-half years.
View full review »KK
Krishna Kant Upadhyay
CEO and App Developer at DroidForge
We did not previously use a different solution.
View full review »I used to use Fortify before using Veracode.
Veracode is more mature in its scanning features. It also has better security. It's very easy to use and has good cloud elements. The SaaS model is better as well. It has bigger advantages for a smaller company looking for a more straightforward deployment. The framework and programming language are far better in Veracode compared to Fortify.
View full review »We have used SAP and Jenkins in the past.
View full review »We previously used some open source solutions and the management teams decided to switch over to Veracode.
View full review »I previously used Checkmarx in the past, as well as Fortify. I used it in another company. However, in banking, it's not possible to use something like Checkmarx. Veracode is more secure and more trusted.
View full review »OK
OleksandrKlymenko
Sr. Development Manager at RWS Holdings PLC
We used SonarQ, but it's somewhat different because it's a pure static code analysis tool. Veracode has a stronger focus on web security, and we produce a web-facing product, so that's important to us. SonarQ is strictly a static code analysis tool.
We evaluated another solution briefly but we decided to keep Veracode. Veracode has some issues with container scanning, and we have some container-based applications. We considered bringing in another tool for container scanning, but it was too expensive and Veracode was able to mitigate the issues well enough.
View full review »JS
Justin Swanson
Manager of Application Development and Integrations at a university with 1,001-5,000 employees
I previously used Qualys. It had terrible support and wasn't supported well enough at the university. Also, Qualys is not a full-app security solution. It only did dynamic scanning and lacked the flexibility we needed.
I cannot recall working with other solutions. I do have experience with a more traditional way of looking at code and identifying errors. That's where this product came in with the ability to just automatically catch those errors.
View full review »We use SonarCloud, which does a different type of analysis on the static code but not on the compiled code. It's a different way of detecting security flaws.
View full review »Before transitioning to Veracode, the client had been utilizing a free community version tool. However, the count of false positives was exceedingly high with that specific tool. This prompted the client to seek a solution that could deliver superior results with fewer false positives. As a result, the decision was made to switch to Veracode.
View full review »We didn't use any other solution previously. All our security scans were run manually by a third party, which cost a lot of money and time. We had to place a request to them, and then they used to schedule that.
View full review »RB
Rajeev B.
Security Analyst at a insurance company with 10,001+ employees
I have worked with Checkmarx in another job. I prefer Checkmarx over Veracode. Checkmarx provides a better visibility of the code flow. Veracode also has code flow, but it is in IDE, so you need to manually jump through the code and check the flow. It is easier for someone with experience, but someone new to the security domain will find it tough, especially when there is no clear picture of the workflow to know what is going on. This is a feature that I would like in Veracode.
View full review »We didn't have a previous solution.
View full review »I haven't used a commercial tool like Veracode before. It depends on where I'm working, but the most common tool we use is an open-source solution called SonarQube.
We also use SonarCloud, which is a code quality tool. We use both of them because both these platforms are good in some areas. While the Veracode is very good at finding security-related issues, the SonarQube Sonar suite is very good at determining code quality. Also, when I was looking into the topic, the SonarQube team answered that there is no point for them to go further into code security since there are already great competitors who have years of experience and development behind them, specifically mentioning Veracode as masters in their field. That is the reason why we use both solutions: We benefit from using them both. These solutions compliment each other.
View full review »We used to use Snyk and other tools. The switch to Veracode was an enterprise-level discussion, and I was not involved.
View full review »We didn't use a different solution previously. The company started just a year ago.
View full review »KN
reviewer2288880
Junior Developer Intern at a insurance company with 10,001+ employees
I didn't use a previous solution before Veracode.
View full review »My company used Code Insight, a very similar solution to Veracode Static Analysis, but not the same.
Code Insight scanned even first-party libraries, which includes what we used to develop in our company.
Code Insight's vulnerabilities in the database completely differed from Veracode Static Analysis, but I can't recollect where it differs. If both Veracode Static Analysis and Code Insight were the same, we would not have used both in our company, so there is a difference between them. Veracode wasn't of any support when it came to dynamic scans in the past, though Veracode has recently started to support it, which I haven't used yet. I don't see any drawbacks with Veracode, so I am satisfied with whatever Veracode offers.
We used a tool in the past that was free, but we couldn't depend on the quality of the scans it provided in the free version.
View full review »MC
Michael Calabrese
Vice President of Engineering at Avant Assessment
We haven't used another solution. Veracode is the first solution of this kind that we have worked with.
View full review »We used SonarQube because the developers liked it. We also used Checkmarx. We switched to Veracode SCA because of the binary scanning ability. Neither Checkmarx nor SonarQube is able to do that.
View full review »MH
Mark Handzlik
Chief Software Architect at a tech services company with 51-200 employees
We used a product called Mend.io, formerly WhiteSource, before Veracode to look at vulnerabilities.
View full review »We didn't use anything prior to this.
We used a combination of things. We use Sonar, Veracode, and JFrog Artifactory just give us a diverse picture of what vulnerabilities are in the application and how we can fix them. Veracode seems to always provide the best feedback. Other platforms really aren't at the same level, they provide reports and those reports are usually very static and they're not very informative. Whereas with Veracode, the platform is very interactive. You can tell that it was designed for users and Sonar is the same way. Sonar is very static. Even in Bitbucket, you can now scan your code with Snyk.
We have used certain plugins from Teamscale, which is also a static code analyzer, and it integrates with various plugins in Sonar. We have also used OWASP for static composition analysis, and we are still using the third-party application scanning from OWASP as a Maven plugin. We have also evaluated Black Duck.
Veracode was the first choice for doing static application security testing. It was ranked first a couple of times in the last few years, so it was a natural choice to go with the top product. Also, SAP has a partnership with Veracode for the application that they are selling. It was a win for us, SAP, and for Veracode.
View full review »I have experience with Snyk. I used Snyk a year ago. Snyk doesn't support the version of the .NET applications we use in our company, so we decided to move to Veracode.
SR
Srinath Raghunathan
IT Manager at a financial services firm with 5,001-10,000 employees
We used to have a tool called CAST, which determined code quality. It wasn't a security tool or scanner.
View full review »I haven't used any other solution. I have just used Veracode.
View full review »I was previously working with Secure Code Warrior which is very different, but it's within the security field.
View full review »We tried some Indian solutions and used third-party scans for static analysis, but Veracode is the first time we have fully integrated an enterprise code security solution.
View full review »JA
Jai Agarwal
IT Project Manager at Orange España
We have used Armor, as well as a tool from Palo Alto. We switched to Veracode because of the product's stability, the community it has, the vendor services and support, and because it has the functionality that we required.
View full review »We have used the JFrog XRAY tool for SCA (software composition analysis).
View full review »SA
Shahnawaz Azam
Manager IT at a tech company with 201-500 employees
We had been using a third-party service for vulnerability checking.
JV
reviewer2183154
Manager Consultant at a tech services company with 1-10 employees
In addition to previously using SonarQube, we also employed several other solutions before transitioning to Veracode due to its superior reporting capabilities.
View full review »We were using a couple of other tools along with Veracode. One was SonarQube and the other was Acunetix.
View full review »While Veracode SCA may take some time to scan, it helps to reduce the number of scans that we need to do. Before, we needed to scan manually multiple times. Whereas, with SCA, we can just check one by one, then send it as a batch and scan it again. We used to scan 10 times or so. With this automated system, we now scan on average five or six times.
View full review »GG
Gustavo_Gonzalez
Technical Program Manager at a engineering company with 10,001+ employees
I use a portfolio of tools for security consulting, but Veracode is the main app I rely on because customers are happy to be able to track the status of each individual issue or vulnerability.
View full review »AR
Akash R.
DevOps Engineer at a consultancy with 10,001+ employees
We have two scanning stages. The first one uses SonarQube, which only does code analysis. It doesn't scan third-party libraries that we use in our code. Veracode is the second level of check. We work on a banking project. The bank trusts Veracode and they recommended Veracode to scan our products.
View full review »CD
reviewer1745850
Vice President QE Practice at a computer software company with 1,001-5,000 employees
We did not have a previous solution.
View full review »I've used Checkmarx and IBM AppScan.
View full review »KA
Kaushil Ambatkar
Cyber Security Consultant at a computer software company with 51-200 employees
I have used different solutions. I have used Darktrace. I have used CrowdStrike and Carbon Black. In my current company, I am using CrowdStrike.
When I was using Veracode, each agent needed to be deployed on each machine. I do not know what they are using now. CrowdStrike is a single platform with a single agent. You can deploy it on all the machines. That is one of the advantages. Moreover, I have become used to the GUI of CrowdStrike over the last year or so. I am more comfortable with CrowdStrike, but it depends on person to person. I would rate Veracode an eight and CrowdStrike a nine out of ten. I am a bit biased toward CrowdStrike because I am currently using it in my organization. I am not using Veracode here.
View full review »We have used Veracode the entire time I have been with this organization. However, I know that they used Coverity and WhiteSource prior to switching to Veracode. The main reason my organization chose Veracode is its comprehensive dashboard.
View full review »We haven't worked with something like this before. This is the first time the organization has picked up this type of scanning solution.
View full review »Prior to Veracode Static Analysis, the company was using the Black Duck solution. The reason for switching could be to have a SaaS-based solution, though I am unsure if Black Duck was an on-premises or a SAAS-based solution.
Veracode has a good recommendation and good scoring, so it was the opportunity to move to a more powerful solution with DAST, SAS, and SCA capabilities.
Since this solution also has DAST capabilities, with the midterm or long-term projects, it was expected to unify all those capabilities within one platform. It's more of a strategic reason why the company switched to Veracode Static Analysis.
View full review »KB
reviewer1705929
Sr. VP Engineering at a computer software company with 51-200 employees
We did not have a previous solution for application security testing in this company.
View full review »NS
delivery908448
Delivery Manager at a tech vendor with 10,001+ employees
SonarQube is another solution we've used. SonarQube has some limitations, and we feel like it isn't keeping pace with the technology landscape. We had to reconsider our tool, which led us to adopt Veracode.
I used a tool called Black Duck when I worked for another company two years ago. The client chose to use Veracode. It wasn't my option.
View full review »PR
Paul Rice
Senior Security Consultant at a financial services firm with 1,001-5,000 employees
I use SonarQube with Veracode Static Analysis.
View full review »We used HCL AppScan prior to Veracode Static Analysis.
View full review »We did not use another similar solution prior to Veracode.
View full review »ST
Sebastian Toma
Engineering Security Manager at Nextiva
We never did use other products. The reason we started looking into IBM and WhiteSource was because of the hiccups or the speed bumps we were encountering with our springboard artifacts. We were in the process of evaluating other products and I think it's still a valid option. I wouldn't advertise it, but we were in the process of changing from Veracode just because of that one particular issue.
We had to build our artifacts differently than before just to scan them, i.e. instead of scanning the ones we were publishing. It's not a big deal overall, but it would be nice for the solution to work out of the box with everything that's out there. Instead, many companies are changing the way they're doing business just for this small little step in the delivery process.
View full review »SM
Swarup M
Security Analyst at a tech services company with 11-50 employees
I tried a few solutions before using Veracode. Veracode is better because it is convenient to use. The solution’s dashboard and features are pretty good. It is the topmost product among the other tools that I used. It is pretty simplified. Veracode has a lot of options to do authenticated scans. Veracode’s simplified features are helpful for people who use different authentication methodologies.
View full review »I haven't used a different solution. This is the first solution I've used.
SP
Stephen Pack
Software development program leader at Vendavo
Prior to using Veracode, we used other code quality scanning tools, but not anything at the level of Veracode for security issues.
View full review »SM
reviewer1450479
Principal for the Application Security Program and Access Control at a engineering company with 10,001+ employees
We were previously using WhiteHat Security. Their lack of customer service prompted us to switch. Every question that we asked was just going into a black hole. The only time that we got any response was when our account was up for renewal. We had a long discussion with them to get a rationale behind their lack of response, and that was the only time they listened. There was no follow-up. That is when we decided that this is not a partnership that we wanted to continue anymore.
Veracode has automated a lot of the manual stuff that we were doing in terms of scanning third-party libraries. With any given release, I was spending from eight to 10 hours manually scanning through all 3rd-party libraries for vulnerabilities. Now, it is all within the Pipeline. So, I am saving about 10 hours in a given month with it.
View full review »Before Veracode, we had a manual process where we hired white hat hackers. They used to do all the scanning, then submit a report. That process was pretty lengthy. It sometimes could go on for three to six months. Nowadays, for static code scanning, we are doing it on regular basis. Since there are not many issues reported, we can fix them on the fly. For dynamic code analysis, it still takes a week's time because the scanning itself takes three days sometimes. Then, once the scanning is done, we check if there is an issue, fix it, and then start the scan. That is a week-long process, but the rest is pretty under control.
View full review »DC
Dave Cheli
Chief Technology Officer
Veracode was really my first introduction to static code analysis. The way I came across it in my previous company was, they were going through security due diligence and we didn't have any code analysis software. The company, a very large health plan, said, "Here are three that we recommend." Veracode happened to have been one of them, along with HPE and another company, maybe it was IBM, I don't know. We took a look at all of them and we made a decision to go with Veracode.
View full review »B
reviewer2099616
Senior software engineer at a tech services company with 1,001-5,000 employees
We used CodeSonar to analyze various aspects of our source code, and we already utilize OWASP to assess the security risks of our dependencies.
We previously used a free tool that is integrated into the Eclipse.
View full review »VD
reviewer1526550
Lead Security Architect at a comms service provider with 1,001-5,000 employees
I've used Checkmarx and HPE Fortify. Now, I am using Micro Focus. As compared to Veracode, Checkmarx takes input as plain text. It takes the code as it is and does not compile the code. This is the main difference between Checkmarx and Veracode. Checkmarx also has an on-prem solution, but Veracode does not have an on-prem solution.
There is also a major difference in the cost and licensing model. Veracode's license model is quite complex. Comparatively, Checkmarx's license model is straightforward. You can upload any amount of code. For example, it could be 1 Gig or 2 Gig. They charge based on the number of applications, but Veracode's licensing model is pretty different. They charge based on the amount of code that has been analyzed.
Yes. We used a legacy, heavyweight dynamic scanning product. It would produce hundreds of pages of (mostly) false positives that were nearly impossible to digest and tune. We also didn't have a static scanning product. Moving to Veracode gave us much higher quality dynamic scanning with very few false positives (in part due to their model of human-assisted tuning, provided by them) and a robust static scanning solution.
View full review »RB
Riley Black
Senior Security Analyst at a wellness & fitness company with 1,001-5,000 employees
Previously used Burp Suite, OWASP Zed Attack Proxy, Python scripts / Powershell and Batch, Retire.JS, Vulners, and Wappalyzer browser plugins.
View full review »AF
reviewer2333736
Cloud system engineer at a consultancy with 1-10 employees
I recently changed companies, and my current employer does not use Veracode. However, I have discussed implementing it with them because it offers more mature features compared to other solutions.
View full review »LF
reviewer1699062
Sales Engineer at a computer software company with 51-200 employees
I have not used any other solution previously. I have only worked with Veracode.
View full review »SM
ShubhamMittal
Sponsorship Sales Specialist
This is the first such tool we are using.
View full review »We use various techniques to improve our security. We use an OWASP software application networking model to improve security in our different products. We use a number of native plugins to check licenses and vulnerabilities in the third-party libraries that are part of the application. We also have several plugins from SonarLint that are integrated in another tool that we use for quality assurance.
We put Veracode in place because we have an agreement with SAP and we must fulfill some security checks to become partners for their solution. Veracode's functionalities resolve all of the security checks that were demanded of us.
We use a different company for pen tests, three times per year, and it usually takes two or three weeks each time.
View full review »KE
Reviewer339593
Cybersecurity Executive at a computer software company with 51-200 employees
Our previous solution was difficult to configure. Setting up the login process was very difficult, as it was tied to your browser and there were a lot of hoops you had to jump through. The reporting was also hard to follow sometimes and didn't provide a good view into previous findings versus new findings. That made things difficult too. Once we did the evaluation of our old solution against Veracode, it was very clear that it was finding fewer vulnerabilities, which lowered our confidence level in that tool.
View full review »NS
Nagaraj Sheshachalam
Lead Cyber Security engineer at a manufacturing company with 10,001+ employees
We were using SonarQube previously, but just as a code quality tool.
View full review »CG
reviewer1258986
Enterprise Architect, VP at a financial services firm with 501-1,000 employees
We did have a different product, but it was a little bit for a different purpose. We were using a different product but complemented the Veracode product.
View full review »KM
Karen Meohas
Information Assurance Manager at xMatters
We were using WhiteHat. We switched because the dashboard was very bad and there were no analytics. The UI was also very bad, so it was not easy to manage it. Also, most of our big clients were using Veracode and asking us to migrate to Veracode. It was a combination of things.
View full review »AS
reviewer1436241
DevSecOps Consultant at a comms service provider with 10,001+ employees
Because of my consulting background, I have used other solutions prior to the use of Veracode. However, Veracode was the first solution implemented of its type. Before Veracode, developers didn't know how they could develop secure software. After Veracode was implemented, developers knew when they wrote code that they could scan it in their IDEs. Also, while pushing a deployment, they can get feedback from the Pipeline Scan.
ST
Associat7de6
Associate Director
We did not previously use another solution.
View full review »SN
Suzan Nascimento
SVP Application Security at a financial services firm with 10,001+ employees
At a previous company, we were using HPE Fortify. We couldn't scale because it was an on-prem solution. Therefore, after five years, we decided to break out of the mold and use a SaaS solution. We were comfortable at the time doing so because we weren't sending source code, for the most part. As soon as we went to a cloud solution we scaled dramatically.
What I look for in a vendor is 70 percent a technical match with the features and benefits we need and for the remaining 30 percent, I look at the culture of the company because, for me, it is a relationship. I want to have a partnership and I want it to feel like a win-win. If they feel like it is a short-term decision, get in get out, I want to know that. I want to be able to talk to them at any time and add service enhancements, feature enhancements, those kinds of things. It's a 70-30 split for me.
View full review »CS
reviewer2249226
Executive Assistant at a tech company with 51-200 employees
Before I joined my organization, they used a third-party application to check code. Since I joined, we have been using Veracode.
View full review »FN
reviewer2131128
Application Security Engineer at a financial services firm with 1,001-5,000 employees
I've used quite a few other solutions including SonarQube which is similar to Veracode. The challenge with SonarQube was financial, it charges per line of code while Veracode charges per application.
DR
Divakar Rai
Senior Solutions Architect at NessPRO Italy
I have used multiple tools similar to Veracode that integrate with the IDE.
View full review »NĐ
reviewer1825527
Product Security Engineer at a tech services company with 5,001-10,000 employees
I don't have experience with other SAST products.
View full review »DJ
DavidJellison
Senior Director, Quality Engineering at a tech services company with 1,001-5,000 employees
We previously use WhiteSource open-source scanning and switched to Veracode for consolidation of scanning tools with one vendor dashboard.
View full review »HJ
Hemanth Jayakumar
Sr Director at a non-profit with 51-200 employees
We did not previously use a different solution. We've only used Veracode.
View full review »RR
reviewer1310136
Founder & CEO at a healthcare company with 1-10 employees
Previously, I did not use another solution. Because I knew Veracode for many years, my approach with the company was that it was a startup and we need to do it securely. This is s why we went with Veracode.
View full review »AB
Reviewer64985
Principle Consultant at a tech services company with 11-50 employees
One of the reasons why we decided on Veracode is because they have an integrated solution of SAST and SCA within the same platform. Instead of relying upon two different, separate products, the attraction of using a Veracode was that we could use one platform to cover SAST and SCA.
View full review »IBM Security App Scan. In looking at Veracode vs IBM Security App Scan, I switched because of the CI/CD offerings of Veracode.
View full review »MT
Marcello Teodori
Software Architect at Alfresco Software
We started with WhiteSource, but it didn't have some features like the static analysis, so it was an incomplete solution. And we were already using Veracode for the static analysis, so when Veracode bought SourceClear, we decided to switch.
View full review »Any previous solutions would have been more than 10 years ago, and I don't remember why we switched. It's like the car you drive or the shoes you like to wear: Once they work - and it has worked in multiple sectors - there is no reason to change.
When selecting a vendor, the important criteria are relationships and support. When I pick up the phone and I get a Sam King or a Bob Brennan on the line, things happen.
View full review »We were not using a previous vendor prior to this. We've used other vendors like Nessus for pen testing. We still use those. Veracode was just more of an addition.
View full review »We used Fortify. I was not involved in the decision to switch.
View full review »MV
Mauro Verderosa
Cybersecurity Expert at PSYND
The previous solution that we were working with was mainly focused on the quality of the coding. We are happy with Veracode because it's focused on security.
View full review »JS
reviewer1345386
Senior Software Developer at a pharma/biotech company with 201-500 employees
There was no other solution.
View full review »We had no previous solution. Our choice of Veracode was due to Veracode being a customer and requiring that we use their tool to scan our solution.
View full review »EP
Elina Petrovna
Professor at BitBrainery University
I used SonarQube. It lacks of real enterprise-wide security detection. I continue to use Fortify and AppScan, while I am using Veracode.
View full review »We used HP WebInspect, which is now under the Fortify umbrella. HP WebInspect was just terrible. Had we used the on-demand cloud piece - which is why I perhaps have to pull my comment back - maybe we would have had a different experience. But we had a WebInspect instance on a single server that was inside of our own data center. It was very, very kludgy, very slow, didn't work very well. We were hitting the required specs for it but we'd have a dynamic website scan, which should not have taken very long, taking a week. It not only should have been very close to the scanning engine, but had its own dedicated route for pieces that live in the cloud. It was bad, and it was slow, and their reporting was terrible. There was no real support for it. It was just very bad.
View full review »We had no previous solution. We didn't know we needed to invest in Veracode. It worked out that way through our evaluation process that it was the right solution for us.
View full review »SS
reviewer1451973
Head Of Information Security at a media company with 51-200 employees
We didn't have a previous solution.
View full review »Prior to working with Veracode, we used a self-applied application. That is, we had the solution on-premise, but just could never quite get the routine approach that we've developed with Veracode. The program management features that Veracode offers to help us get our program up and going, along with the low false-positive rates that their solution provides - versus what we had done in the past - gave us some immediate traction. I think that we were able to make progress in the first five or six months working with Veracode, that we had not made in four or five years with previous approaches.
It was a dynamic scanning solution but, again, it was on-premise. Veracode is a cloud-based platform, where they manage all the back-end, and they do a lot of analysis during the scans, and they do a lot of post-scan reconciliation, where the other solution was a good solution, but all of that work fell upon us to do for ourselves. Our focus is on developing features and functions for our application, and running an application security platform in-house is just not practical, just not our core competency.
We had never done anything like this in the past. This was the solution that we chose. We didn't really evaluate anything else. I know that my boss has been a fan of some CA products in the past and really recommended this one. I did some digging on it, from a technical standpoint, and I said I believed it would be able to scan all our stuff, support our platforms, the languages that we write our applications in, so that's how we landed on Veracode.
View full review »We did use a previous solution. It didn't satisfy our needs technically, and the customer service and its cost were not satisfactory.
View full review »I have done a lot of product comparisons in my time, in information security. A lot of them are modules of a product, there is no single pane of glass. When I talk about metrics, I want to see everything in a single pane of glass, I want to see all of my results in one location. A lot of the other application security products out there can't do that yet. They are getting there but Veracode has already been able to do that for years. Veracode can run multiple types of tests and you can see all the results in one area.
When selecting a vendor the most important criteria are
- scalability
- reliability of results - we want to see results-oriented success.
We used the built-in solution inside of Microsoft Visual Studio, and we switched because Veracode had more cohesive scanning abilities and found a lot more issues with our code, when we first scanned it.
View full review »VCG (Visual Code Grepper) but I am not even going to compare them. VCG is as good as they come, but Veracode is a different breed. An application went through VCG and we were pretty confident. Then, Veracode results just blew us out of our shoes.
View full review »We did not have a previous solution. We picked this product because our partner (SAP) uses it.
View full review »Never. I've been using it for 20 years. I tried others, like HPE's and IBM's, when I was with Visa, but this is the best.
View full review »We did not use a previous solution. This was the first security application we used.
View full review »Veracode is the first professional solution I've used. It was in place when I got to the company.
View full review »We used SonarQube but to improve security in SAST we choose this.
View full review »We did not use another solution prior to this one.
View full review »AC
reviewer1276710
Associate Consultant at a comms service provider with 201-500 employees
We have also used Checkmarx, where you can train the tool for false positives and ultimately reduce them.
View full review »Quality levels, service offerings, pricing, and mainly the features and abundance of technologies provided by others made us switch to a different solution.
View full review »Buyer's Guide
Veracode
March 2024
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.