Veracode Previous Solutions

Reyansh Kumar - PeerSpot reviewer
Technical Specialist at Accenture

We previously used some open-source software, but our developers generally manually performed code-checking. Our requirement is for a solution that takes care of our software code and security throughout the SDLC. Following evaluation, we found Veracode more useful in terms of licensing, pricing, and features.

View full review »
Robert Hood - PeerSpot reviewer
Information Security Architect at a tech vendor with 5,001-10,000 employees

I previously utilized a solution provided by IBM in my previous organization, but later we transitioned to a company named WhiteHat Security. The reason for this switch was that when we conducted a scan using the IBM solution, it returned a result of ten thousand vulnerabilities. It was my responsibility to review the vulnerability report and clear out any false positives. However, this task was extremely time-consuming, taking nearly forty hours to complete. The reason behind the prolonged effort was the spidering scan performed by the IBM solution, which continually traversed different pages through various links, leading to repetitive errors that required matching and deduplication. Out of the ten thousand vulnerabilities, approximately a thousand were legitimate, and the scanning capability was limited to DAST. To address these challenges, we migrated to WhiteHat Security. With WhiteHat's scanning process, the number of vulnerabilities was reduced significantly to around six or seven hundred. Their approach outperformed my manual efforts in identifying duplicates and further eliminated non-duplicate vulnerabilities that were caused by the same piece of code.

When I joined my current company they were already using Veracode.

View full review »
SumalyaGuha - PeerSpot reviewer
Security Engineer at a comms service provider with 10,001+ employees

We have only used Veracode, right from the start.

View full review »
Buyer's Guide
Veracode
March 2024
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Rishabh Khanna - PeerSpot reviewer
Security Engineer at a tech services company with 5,001-10,000 employees

I started my career with Veracode, a DAST review tool. I worked there for two-and-a-half years.

View full review »
KK
CEO and App Developer at DroidForge

We did not previously use a different solution. 

View full review »
Ashish Upadhyay - PeerSpot reviewer
Founder at BlockMosiac

I used to use Fortify before using Veracode. 

Veracode is more mature in its scanning features. It also has better security. It's very easy to use and has good cloud elements. The SaaS model is better as well. It has bigger advantages for a smaller company looking for a more straightforward deployment. The framework and programming language are far better in Veracode compared to Fortify.

View full review »
Boyapati Sivannarayana - PeerSpot reviewer
Devops Engineer at Accenture

We have used SAP and Jenkins in the past.

View full review »
Shashank Niranjan - PeerSpot reviewer
Senior Software Engineer at Capgemini

We previously used some open source solutions and the management teams decided to switch over to Veracode.

View full review »
Devid William - PeerSpot reviewer
Application Security Architect at Banco Votorantim

I previously used Checkmarx in the past, as well as Fortify. I used it in another company. However, in banking, it's not possible to use something like Checkmarx. Veracode is more secure and more trusted. 

View full review »
OK
Sr. Development Manager at RWS Holdings PLC

We used SonarQ, but it's somewhat different because it's a pure static code analysis tool. Veracode has a stronger focus on web security, and we produce a web-facing product, so that's important to us. SonarQ is strictly a static code analysis tool. 

View full review »
PavanKumar18 - PeerSpot reviewer
Senior Testing Engineer at TollPlus LLC.

We evaluated another solution briefly but we decided to keep Veracode. Veracode has some issues with container scanning, and we have some container-based applications. We considered bringing in another tool for container scanning, but it was too expensive and Veracode was able to mitigate the issues well enough. 

View full review »
JS
Manager of Application Development and Integrations at a university with 1,001-5,000 employees

I previously used Qualys. It had terrible support and wasn't supported well enough at the university. Also, Qualys is not a full-app security solution. It only did dynamic scanning and lacked the flexibility we needed.

View full review »
Alex Fuglaar - PeerSpot reviewer
Manager at a financial services firm with 1,001-5,000 employees

I cannot recall working with other solutions. I do have experience with a more traditional way of looking at code and identifying errors. That's where this product came in with the ability to just automatically catch those errors.

View full review »
Freddy Bang. - PeerSpot reviewer
Chief Technology Officer at ELEARNINGFORCE International ApS

We use SonarCloud, which does a different type of analysis on the static code but not on the compiled code. It's a different way of detecting security flaws.

View full review »
Arnab Paul - PeerSpot reviewer
Cyber Security Consultant at a consultancy with 10,001+ employees

Before transitioning to Veracode, the client had been utilizing a free community version tool. However, the count of false positives was exceedingly high with that specific tool. This prompted the client to seek a solution that could deliver superior results with fewer false positives. As a result, the decision was made to switch to Veracode.

View full review »
Prateek Agarwal - PeerSpot reviewer
Manager at Indian Institute of Management Visakhapatnam

We didn't use any other solution previously. All our security scans were run manually by a third party, which cost a lot of money and time. We had to place a request to them, and then they used to schedule that.

View full review »
RB
Security Analyst at a insurance company with 10,001+ employees

I have worked with Checkmarx in another job. I prefer Checkmarx over Veracode. Checkmarx provides a better visibility of the code flow. Veracode also has code flow, but it is in IDE, so you need to manually jump through the code and check the flow. It is easier for someone with experience, but someone new to the security domain will find it tough, especially when there is no clear picture of the workflow to know what is going on. This is a feature that I would like in Veracode.

View full review »
Nantabo Jackie - PeerSpot reviewer
Sales Manager at Soft Hostings Limited

We didn't have a previous solution.

View full review »
Oscar Narvaez - PeerSpot reviewer
COE Head at a tech services company with 1,001-5,000 employees

I haven't used a commercial tool like Veracode before. It depends on where I'm working, but the most common tool we use is an open-source solution called SonarQube. 

View full review »
Daniel Krivda - PeerSpot reviewer
DevOps Engineer at a insurance company with 10,001+ employees

We also use SonarCloud, which is a code quality tool. We use both of them because both these platforms are good in some areas. While the Veracode is very good at finding security-related issues, the SonarQube Sonar suite is very good at determining code quality. Also, when I was looking into the topic, the SonarQube team answered that there is no point for them to go further into code security since there are already great competitors who have years of experience and development behind them, specifically mentioning Veracode as masters in their field. That is the reason why we use both solutions: We benefit from using them both. These solutions compliment each other.

View full review »
Vikas Agrawal - PeerSpot reviewer
DevOps Lead at HealthEdge Software, Inc.

We used to use Snyk and other tools. The switch to Veracode was an enterprise-level discussion, and I was not involved.

View full review »
Muhammed Shabreen - PeerSpot reviewer
CTO at RIZEK

We didn't use a different solution previously. The company started just a year ago. 

View full review »
KN
Junior Developer Intern at a insurance company with 10,001+ employees

I didn't use a previous solution before Veracode.

View full review »
Satheesh Bojedla - PeerSpot reviewer
Senior engineer at a financial services firm with 5,001-10,000 employees

My company used Code Insight, a very similar solution to Veracode Static Analysis, but not the same.

Code Insight scanned even first-party libraries, which includes what we used to develop in our company.

Code Insight's vulnerabilities in the database completely differed from Veracode Static Analysis, but I can't recollect where it differs. If both Veracode Static Analysis and Code Insight were the same, we would not have used both in our company, so there is a difference between them. Veracode wasn't of any support when it came to dynamic scans in the past, though Veracode has recently started to support it, which I haven't used yet. I don't see any drawbacks with Veracode, so I am satisfied with whatever Veracode offers.

View full review »
Oluseyi Osifalujo - PeerSpot reviewer
Executive Director at Precise Financial Systems Limited

We used a tool in the past that was free, but we couldn't depend on the quality of the scans it provided in the free version.

View full review »
MC
Vice President of Engineering at Avant Assessment

We haven't used another solution. Veracode is the first solution of this kind that we have worked with.

View full review »
Jagusztin Laszlo - PeerSpot reviewer
Lead Architect, Presales lead at Alerant Zrt.

We used SonarQube because the developers liked it. We also used Checkmarx. We switched to Veracode SCA because of the binary scanning ability. Neither Checkmarx nor SonarQube is able to do that.

View full review »
MH
Chief Software Architect at a tech services company with 51-200 employees

We used a product called Mend.io, formerly WhiteSource, before Veracode to look at vulnerabilities.

View full review »
Prakash Pillay - PeerSpot reviewer
Director - Product Solution/Architecture at a tech vendor with 10,001+ employees

We didn't use anything prior to this.

View full review »
Evan Gertis - PeerSpot reviewer
Penetration Tester at a tech vendor with 51-200 employees

We used a combination of things. We use Sonar, Veracode, and JFrog Artifactory just give us a diverse picture of what vulnerabilities are in the application and how we can fix them. Veracode seems to always provide the best feedback. Other platforms really aren't at the same level, they provide reports and those reports are usually very static and they're not very informative. Whereas with Veracode, the platform is very interactive. You can tell that it was designed for users and Sonar is the same way. Sonar is very static. Even in Bitbucket, you can now scan your code with Snyk.

View full review »
Calinescu Tudor - PeerSpot reviewer
Security Project Leader at ATOSS AG

We have used certain plugins from Teamscale, which is also a static code analyzer, and it integrates with various plugins in Sonar. We have also used OWASP for static composition analysis, and we are still using the third-party application scanning from OWASP as a Maven plugin. We have also evaluated Black Duck.

Veracode was the first choice for doing static application security testing. It was ranked first a couple of times in the last few years, so it was a natural choice to go with the top product. Also, SAP has a partnership with Veracode for the application that they are selling. It was a win for us, SAP, and for Veracode.

View full review »
Vladimir Shilov - PeerSpot reviewer
DevSecOps at Ciklum ApS

I have experience with Snyk. I used Snyk a year ago. Snyk doesn't support the version of the .NET applications we use in our company, so we decided to move to Veracode.

View full review »
SR
IT Manager at a financial services firm with 5,001-10,000 employees

We used to have a tool called CAST, which determined code quality. It wasn't a security tool or scanner.

View full review »
Walwasa Mulutazah Yahaya - PeerSpot reviewer
Project officer at BRAC Uganda

I haven't used any other solution. I have just used Veracode. 

View full review »
Peter Westin - PeerSpot reviewer
Backend Engineer at a tech company with 1,001-5,000 employees

I was previously working with Secure Code Warrior which is very different, but it's within the security field.

View full review »
Naushath Raja - PeerSpot reviewer
Senior Director at a tech vendor with 10,001+ employees

We tried some Indian solutions and used third-party scans for static analysis, but Veracode is the first time we have fully integrated an enterprise code security solution.

View full review »
JA
IT Project Manager at Orange España

We have used Armor, as well as a tool from Palo Alto. We switched to Veracode because of the product's stability, the community it has, the vendor services and support, and because it has the functionality that we required.

View full review »
Sairam Bathini - PeerSpot reviewer
DevSecOps Engineer at Tata Consultancy

We have used the JFrog XRAY tool for SCA (software composition analysis).

View full review »
SA
Manager IT at a tech company with 201-500 employees

We had been using a third-party service for vulnerability checking. 

View full review »
JV
Manager Consultant at a tech services company with 1-10 employees

In addition to previously using SonarQube, we also employed several other solutions before transitioning to Veracode due to its superior reporting capabilities.

View full review »
Shiva Prasad Reddy - PeerSpot reviewer
Program Analyst at a tech services company with 10,001+ employees

We were using a couple of other tools along with Veracode. One was SonarQube and the other was Acunetix.

View full review »
Fiorina Liberta - PeerSpot reviewer
Principal SRE Engineer at AIA Singapore

While Veracode SCA may take some time to scan, it helps to reduce the number of scans that we need to do. Before, we needed to scan manually multiple times. Whereas, with SCA, we can just check one by one, then send it as a batch and scan it again. We used to scan 10 times or so. With this automated system, we now scan on average five or six times.

View full review »
GG
Technical Program Manager at a engineering company with 10,001+ employees

I use a portfolio of tools for security consulting, but Veracode is the main app I rely on because customers are happy to be able to track the status of each individual issue or vulnerability.

View full review »
AR
DevOps Engineer at a consultancy with 10,001+ employees

We have two scanning stages. The first one uses SonarQube, which only does code analysis. It doesn't scan third-party libraries that we use in our code. Veracode is the second level of check. We work on a banking project. The bank trusts Veracode and they recommended Veracode to scan our products.

View full review »
CD
Vice President QE Practice at a computer software company with 1,001-5,000 employees

We did not have a previous solution.

View full review »
Chris Sawyer - PeerSpot reviewer
Full Stack Engineer at TCDRS
KA
Cyber Security Consultant at a computer software company with 51-200 employees

I have used different solutions. I have used Darktrace. I have used CrowdStrike and Carbon Black. In my current company, I am using CrowdStrike.

When I was using Veracode, each agent needed to be deployed on each machine. I do not know what they are using now. CrowdStrike is a single platform with a single agent. You can deploy it on all the machines. That is one of the advantages. Moreover, I have become used to the GUI of CrowdStrike over the last year or so. I am more comfortable with CrowdStrike, but it depends on person to person. I would rate Veracode an eight and CrowdStrike a nine out of ten. I am a bit biased toward CrowdStrike because I am currently using it in my organization. I am not using Veracode here.

View full review »
David Jellison - PeerSpot reviewer
Senior Director, Quality Engineering at Everbridge

We have used Veracode the entire time I have been with this organization. However, I know that they used Coverity and WhiteSource prior to switching to Veracode. The main reason my organization chose Veracode is its comprehensive dashboard. 

View full review »
EricOlson1 - PeerSpot reviewer
Application Security Program Manager at a tech services company with 5,001-10,000 employees

We haven't worked with something like this before. This is the first time the organization has picked up this type of scanning solution.

View full review »
FranckGafsou - PeerSpot reviewer
Security Architect Lead at a comms service provider with 10,001+ employees

Prior to Veracode Static Analysis, the company was using the Black Duck solution. The reason for switching could be to have a SaaS-based solution, though I am unsure if Black Duck was an on-premises or a SAAS-based solution.

Veracode has a good recommendation and good scoring, so it was the opportunity to move to a more powerful solution with DAST, SAS, and SCA capabilities.

Since this solution also has DAST capabilities, with the midterm or long-term projects, it was expected to unify all those capabilities within one platform. It's more of a strategic reason why the company switched to Veracode Static Analysis.

View full review »
KB
Sr. VP Engineering at a computer software company with 51-200 employees

We did not have a previous solution for application security testing in this company.

View full review »
NS
Delivery Manager at a tech vendor with 10,001+ employees

SonarQube is another solution we've used. SonarQube has some limitations, and we feel like it isn't keeping pace with the technology landscape. We had to reconsider our tool, which led us to adopt Veracode.

View full review »
Rafael Mesquita - PeerSpot reviewer
Full Stack Software Developer at DreamDev

I used a tool called Black Duck when I worked for another company two years ago. The client chose to use Veracode. It wasn't my option. 

View full review »
PR
Senior Security Consultant at a financial services firm with 1,001-5,000 employees

I use SonarQube with Veracode Static Analysis.

View full review »
Nathan S - PeerSpot reviewer
VP of Product at a healthcare company with 51-200 employees

We used HCL AppScan prior to Veracode Static Analysis.

View full review »
Ajit Matthew - PeerSpot reviewer
Sr. Partner IT and Information Security at TheMathCompany

We did not use another similar solution prior to Veracode.

View full review »
ST
Engineering Security Manager at Nextiva

We never did use other products. The reason we started looking into IBM and WhiteSource was because of the hiccups or the speed bumps we were encountering with our springboard artifacts. We were in the process of evaluating other products and I think it's still a valid option. I wouldn't advertise it, but we were in the process of changing from Veracode just because of that one particular issue.

We had to build our artifacts differently than before just to scan them, i.e. instead of scanning the ones we were publishing. It's not a big deal overall, but it would be nice for the solution to work out of the box with everything that's out there. Instead, many companies are changing the way they're doing business just for this small little step in the delivery process.

View full review »
SM
Security Analyst at a tech services company with 11-50 employees

I tried a few solutions before using Veracode. Veracode is better because it is convenient to use. The solution’s dashboard and features are pretty good. It is the topmost product among the other tools that I used. It is pretty simplified. Veracode has a lot of options to do authenticated scans. Veracode’s simplified features are helpful for people who use different authentication methodologies.

View full review »
BahatiAsher Faith - PeerSpot reviewer
Software Developer at Appnomu Business Services

I haven't used a different solution. This is the first solution I've used.

View full review »
SP
Software development program leader at Vendavo

Prior to using Veracode, we used other code quality scanning tools, but not anything at the level of Veracode for security issues.

View full review »
SM
Principal for the Application Security Program and Access Control at a engineering company with 10,001+ employees

We were previously using WhiteHat Security. Their lack of customer service prompted us to switch. Every question that we asked was just going into a black hole. The only time that we got any response was when our account was up for renewal. We had a long discussion with them to get a rationale behind their lack of response, and that was the only time they listened. There was no follow-up. That is when we decided that this is not a partnership that we wanted to continue anymore.

Veracode has automated a lot of the manual stuff that we were doing in terms of scanning third-party libraries. With any given release, I was spending from eight to 10 hours manually scanning through all 3rd-party libraries for vulnerabilities. Now, it is all within the Pipeline. So, I am saving about 10 hours in a given month with it.

View full review »
Deepak Naik - PeerSpot reviewer
Chief Security Officer at Digite

Before Veracode, we had a manual process where we hired white hat hackers. They used to do all the scanning, then submit a report. That process was pretty lengthy. It sometimes could go on for three to six months. Nowadays, for static code scanning, we are doing it on regular basis. Since there are not many issues reported, we can fix them on the fly. For dynamic code analysis, it still takes a week's time because the scanning itself takes three days sometimes. Then, once the scanning is done, we check if there is an issue, fix it, and then start the scan. That is a week-long process, but the rest is pretty under control.

View full review »
DC
Chief Technology Officer

Veracode was really my first introduction to static code analysis. The way I came across it in my previous company was, they were going through security due diligence and we didn't have any code analysis software. The company, a very large health plan, said, "Here are three that we recommend." Veracode happened to have been one of them, along with HPE and another company, maybe it was IBM, I don't know. We took a look at all of them and we made a decision to go with Veracode.

View full review »
‌B
Senior software engineer at a tech services company with 1,001-5,000 employees

We used CodeSonar to analyze various aspects of our source code, and we already utilize OWASP to assess the security risks of our dependencies.

View full review »
Anshuman Kishore - PeerSpot reviewer
Director Product Development at Mycom Osi

We previously used a free tool that is integrated into the Eclipse.

View full review »
VD
Lead Security Architect at a comms service provider with 1,001-5,000 employees

I've used Checkmarx and HPE Fortify. Now, I am using Micro Focus. As compared to Veracode, Checkmarx takes input as plain text. It takes the code as it is and does not compile the code. This is the main difference between Checkmarx and Veracode. Checkmarx also has an on-prem solution, but Veracode does not have an on-prem solution. 

There is also a major difference in the cost and licensing model. Veracode's license model is quite complex. Comparatively, Checkmarx's license model is straightforward. You can upload any amount of code. For example, it could be 1 Gig or 2 Gig. They charge based on the number of applications, but Veracode's licensing model is pretty different. They charge based on the amount of code that has been analyzed.

View full review »
reviewer1360617 - PeerSpot reviewer
Sr. Security Architect at a financial services firm with 10,001+ employees

Yes. We used a legacy, heavyweight dynamic scanning product. It would produce hundreds of pages of (mostly) false positives that were nearly impossible to digest and tune. We also didn't have a static scanning product. Moving to Veracode gave us much higher quality dynamic scanning with very few false positives (in part due to their model of human-assisted tuning, provided by them) and a robust static scanning solution.

View full review »
RB
Senior Security Analyst at a wellness & fitness company with 1,001-5,000 employees

Previously used Burp Suite, OWASP Zed Attack Proxy, Python scripts / Powershell and Batch, Retire.JS, Vulners, and Wappalyzer browser plugins.

View full review »
AF
Cloud system engineer at a consultancy with 1-10 employees

I recently changed companies, and my current employer does not use Veracode. However, I have discussed implementing it with them because it offers more mature features compared to other solutions.

View full review »
LF
Sales Engineer at a computer software company with 51-200 employees

I have not used any other solution previously. I have only worked with Veracode.

View full review »
SM
Sponsorship Sales Specialist

This is the first such tool we are using.

View full review »
Calinescu Tudor - PeerSpot reviewer
Security Project Leader at ATOSS AG

We use various techniques to improve our security. We use an OWASP software application networking model to improve security in our different products. We use a number of native plugins to check licenses and vulnerabilities in the third-party libraries that are part of the application. We also have several plugins from SonarLint that are integrated in another tool that we use for quality assurance.

We put Veracode in place because we have an agreement with SAP and we must fulfill some security checks to become partners for their solution. Veracode's functionalities resolve all of the security checks that were demanded of us.

We use a different company for pen tests, three times per year, and it usually takes two or three weeks each time.

View full review »
KE
Cybersecurity Executive at a computer software company with 51-200 employees

Our previous solution was difficult to configure. Setting up the login process was very difficult, as it was tied to your browser and there were a lot of hoops you had to jump through. The reporting was also hard to follow sometimes and didn't provide a good view into previous findings versus new findings. That made things difficult too. Once we did the evaluation of our old solution against Veracode, it was very clear that it was finding fewer vulnerabilities, which lowered our confidence level in that tool.

View full review »
NS
Lead Cyber Security engineer at a manufacturing company with 10,001+ employees

We were using SonarQube previously, but just as a code quality tool.

View full review »
CG
Enterprise Architect, VP at a financial services firm with 501-1,000 employees

We did have a different product, but it was a little bit for a different purpose. We were using a different product but complemented the Veracode product. 

View full review »
KM
Information Assurance Manager at xMatters

We were using WhiteHat. We switched because the dashboard was very bad and there were no analytics. The UI was also very bad, so it was not easy to manage it. Also, most of our big clients were using Veracode and asking us to migrate to Veracode. It was a combination of things.

View full review »
AS
DevSecOps Consultant at a comms service provider with 10,001+ employees

Because of my consulting background, I have used other solutions prior to the use of Veracode. However, Veracode was the first solution implemented of its type. Before Veracode, developers didn't know how they could develop secure software. After Veracode was implemented, developers knew when they wrote code that they could scan it in their IDEs. Also, while pushing a deployment, they can get feedback from the Pipeline Scan.

View full review »
ST
Associate Director

We did not previously use another solution.

View full review »
SN
SVP Application Security at a financial services firm with 10,001+ employees

At a previous company, we were using HPE Fortify. We couldn't scale because it was an on-prem solution. Therefore, after five years, we decided to break out of the mold and use a SaaS solution. We were comfortable at the time doing so because we weren't sending source code, for the most part. As soon as we went to a cloud solution we scaled dramatically.

What I look for in a vendor is 70 percent a technical match with the features and benefits we need and for the remaining 30 percent, I look at the culture of the company because, for me, it is a relationship. I want to have a partnership and I want it to feel like a win-win. If they feel like it is a short-term decision, get in get out, I want to know that. I want to be able to talk to them at any time and add service enhancements, feature enhancements, those kinds of things. It's a 70-30 split for me.

View full review »
CS
Executive Assistant at a tech company with 51-200 employees

Before I joined my organization, they used a third-party application to check code. Since I joined, we have been using Veracode.

View full review »
FN
Application Security Engineer at a financial services firm with 1,001-5,000 employees

I've used quite a few other solutions including SonarQube which is similar to Veracode. The challenge with SonarQube was financial, it charges per line of code while Veracode charges per application.

View full review »
DR
Senior Solutions Architect at NessPRO Italy

I have used multiple tools similar to Veracode that integrate with the IDE.

View full review »
Product Security Engineer at a tech services company with 5,001-10,000 employees

I don't have experience with other SAST products.

View full review »
DJ
Senior Director, Quality Engineering at a tech services company with 1,001-5,000 employees

We previously use WhiteSource open-source scanning and switched to Veracode for consolidation of scanning tools with one vendor dashboard.

View full review »
HJ
Sr Director at a non-profit with 51-200 employees

We did not previously use a different solution. We've only used Veracode.

View full review »
RR
Founder & CEO at a healthcare company with 1-10 employees

Previously, I did not use another solution. Because I knew Veracode for many years, my approach with the company was that it was a startup and we need to do it securely. This is s why we went with Veracode.

View full review »
AB
Principle Consultant at a tech services company with 11-50 employees

One of the reasons why we decided on Veracode is because they have an integrated solution of SAST and SCA within the same platform. Instead of relying upon two different, separate products, the attraction of using a Veracode was that we could use one platform to cover SAST and SCA. 

View full review »
it_user831864 - PeerSpot reviewer
Application & Product Security Manager at a insurance company with 1,001-5,000 employees

IBM Security App Scan. In looking at Veracode vs IBM Security App Scan, I switched because of the CI/CD offerings of Veracode.

View full review »
MT
Software Architect at Alfresco Software

We started with WhiteSource, but it didn't have some features like the static analysis, so it was an incomplete solution. And we were already using Veracode for the static analysis, so when Veracode bought SourceClear, we decided to switch.

View full review »
it_user873351 - PeerSpot reviewer
CISO at Laboratory Corporation of America Holdings

Any previous solutions would have been more than 10 years ago, and I don't remember why we switched. It's like the car you drive or the shoes you like to wear: Once they work - and it has worked in multiple sectors - there is no reason to change.

When selecting a vendor, the important criteria are relationships and support. When I pick up the phone and I get a Sam King or a Bob Brennan on the line, things happen.

View full review »
it_user836430 - PeerSpot reviewer
Senior Infrastructure Engineer at a healthcare company with 5,001-10,000 employees

We were not using a previous vendor prior to this. We've used other vendors like Nessus for pen testing. We still use those. Veracode was just more of an addition.

View full review »
Christian Camerlengo - PeerSpot reviewer
Senior Programmer/Analyst at a financial services firm with 10,001+ employees

We used Fortify. I was not involved in the decision to switch.

View full review »
MV
Cybersecurity Expert at PSYND

The previous solution that we were working with was mainly focused on the quality of the coding. We are happy with Veracode because it's focused on security.

View full review »
JS
Senior Software Developer at a pharma/biotech company with 201-500 employees

There was no other solution.

View full review »
it_user673734 - PeerSpot reviewer
Chief Technology Officer at a tech vendor with 201-500 employees

We had no previous solution. Our choice of Veracode was due to Veracode being a customer and requiring that we use their tool to scan our solution.

View full review »
EP
Professor at BitBrainery University

I used SonarQube. It lacks of real enterprise-wide security detection. I continue to use Fortify and AppScan, while I am using Veracode.

View full review »
it_user866175 - PeerSpot reviewer
Information Security Engineer Team Lead at a hospitality company with 1,001-5,000 employees

We used HP WebInspect, which is now under the Fortify umbrella. HP WebInspect was just terrible. Had we used the on-demand cloud piece - which is why I perhaps have to pull my comment back - maybe we would have had a different experience. But we had a WebInspect instance on a single server that was inside of our own data center. It was very, very kludgy, very slow, didn't work very well. We were hitting the required specs for it but we'd have a dynamic website scan, which should not have taken very long, taking a week. It not only should have been very close to the scanning engine, but had its own dedicated route for pieces that live in the cloud. It was bad, and it was slow, and their reporting was terrible. There was no real support for it. It was just very bad.

View full review »
it_user797976 - PeerSpot reviewer
Global Application Security at a pharma/biotech company with 10,001+ employees

We had no previous solution. We didn't know we needed to invest in Veracode. It worked out that way through our evaluation process that it was the right solution for us.

View full review »
SS
Head Of Information Security at a media company with 51-200 employees

We didn't have a previous solution. 

View full review »
it_user854784 - PeerSpot reviewer
Director Security and Risk OMNI Cloud Operations at a tech vendor with 1,001-5,000 employees

Prior to working with Veracode, we used a self-applied application. That is, we had the solution on-premise, but just could never quite get the routine approach that we've developed with Veracode. The program management features that Veracode offers to help us get our program up and going, along with the low false-positive rates that their solution provides - versus what we had done in the past - gave us some immediate traction. I think that we were able to make progress in the first five or six months working with Veracode, that we had not made in four or five years with previous approaches.

It was a dynamic scanning solution but, again, it was on-premise. Veracode is a cloud-based platform, where they manage all the back-end, and they do a lot of analysis during the scans, and they do a lot of post-scan reconciliation, where the other solution was a good solution, but all of that work fell upon us to do for ourselves. Our focus is on developing features and functions for our application, and running an application security platform in-house is just not practical, just not our core competency.

View full review »
it_user842937 - PeerSpot reviewer
Systems Architect at a tech vendor with 201-500 employees

We had never done anything like this in the past. This was the solution that we chose. We didn't really evaluate anything else. I know that my boss has been a fan of some CA products in the past and really recommended this one. I did some digging on it, from a technical standpoint, and I said I believed it would be able to scan all our stuff, support our platforms, the languages that we write our applications in, so that's how we landed on Veracode.

View full review »
it_user854049 - PeerSpot reviewer
Chief Compliance Officer at a financial services firm with 51-200 employees

We did use a previous solution. It didn't satisfy our needs technically, and the customer service and its cost were not satisfactory.

View full review »
it_user873345 - PeerSpot reviewer
Cyber Security Engineer at a consumer goods company with 1,001-5,000 employees

I have done a lot of product comparisons in my time, in information security. A lot of them are modules of a product, there is no single pane of glass. When I talk about metrics, I want to see everything in a single pane of glass, I want to see all of my results in one location. A lot of the other application security products out there can't do that yet. They are getting there but Veracode has already been able to do that for years. Veracode can run multiple types of tests and you can see all the results in one area.

When selecting a vendor the most important criteria are 

  • scalability
  • reliability of results - we want to see results-oriented success.
View full review »
it_user846645 - PeerSpot reviewer
VP Development

We used the built-in solution inside of Microsoft Visual Studio, and we switched because Veracode had more cohesive scanning abilities and found a lot more issues with our code, when we first scanned it.

View full review »
it_user837504 - PeerSpot reviewer
Information Technology at a insurance company with 51-200 employees

VCG (Visual Code Grepper) but I am not even going to compare them. VCG is as good as they come, but Veracode is a different breed. An application went through VCG and we were pretty confident. Then, Veracode results just blew us out of our shoes.

View full review »
it_user835104 - PeerSpot reviewer
Project Manager at a tech vendor with 501-1,000 employees

We did not have a previous solution. We picked this product because our partner (SAP) uses it.

View full review »
it_user833553 - PeerSpot reviewer
CISSP, CISM at a tech services company with 1,001-5,000 employees

Never. I've been using it for 20 years. I tried others, like HPE's and IBM's, when I was with Visa, but this is the best.

View full review »
it_user697020 - PeerSpot reviewer
Software Developer/Architect at a insurance company with 201-500 employees

We did not use a previous solution. This was the first security application we used.

View full review »
it_user841116 - PeerSpot reviewer
Information Security Lead Analyst at a consumer goods company with 10,001+ employees

Veracode is the first professional solution I've used. It was in place when I got to the company.

View full review »
it_user873405 - PeerSpot reviewer
Lead Security Engineer at a tech vendor with 201-500 employees

We used SonarQube but to improve security in SAST we choose this.

View full review »
it_user920715 - PeerSpot reviewer
Managing Principal Consultant at a tech vendor with 11-50 employees

We did not use another solution prior to this one.

View full review »
AC
Associate Consultant at a comms service provider with 201-500 employees

We have also used Checkmarx, where you can train the tool for false positives and ultimately reduce them.

View full review »
it_user712167 - PeerSpot reviewer
General Manager - Application Security at a tech consulting company with 51-200 employees

Quality levels, service offerings, pricing, and mainly the features and abundance of technologies provided by others made us switch to a different solution.

View full review »
Buyer's Guide
Veracode
March 2024
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.