Veracode Software Composition Analysis Pros and Cons

Veracode Software Composition Analysis Pros

AB
Reviewer64985
Principle Consultant at a tech services company with 11-50 employees
Within SCA, there is an extremely valuable feature called vulnerable methods. It is able to determine within a vulnerable library which methods are vulnerable. That is very valuable, because in the vast majority of cases where a library is vulnerable, none of the vulnerable methods are actually used by the code. So, if we want to prioritize the way open source libraries are updated when a library is found vulnerable, then we want to prioritize the libraries which have vulnerable methods used within the code.
View full review »
CG
reviewer1258986
Enterprise Architect, VP at a financial services firm with 501-1,000 employees
This is a great tool for learning about potential vulnerabilities in code.
View full review »
Nagaraj Sheshachalam
Lead Cyber Security Engineer at Ecolab Inc.
There have been a lot of benefits gained from Veracode. Compared to other tools, Veracode has good flexibility with an easy way to run a scan. We get in-depth details on how to fix things and go through the process. They provide good process documents, community, and consultation for any issues that occur during the use of Veracode.
View full review »
Learn what your peers think about Veracode Software Composition Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
502,499 professionals have used our research since 2012.
DavidJellison
Senior Director, Quality Engineering at a tech services company with 1,001-5,000 employees
The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities.
View full review »
HJ
Hemanth Jayakumar
Sr Director at a non-profit with 51-200 employees
The solution is stable. we've never had any issues surrounding its stability.
View full review »
AldrineEinsteen
Enterprise Architect at a computer software company with 1-10 employees
The article scanning is excellent.
View full review »
AC
reviewer1276710
Associate Consultant at a comms service provider with 201-500 employees
The most valuable feature is the efficiency of the tool in finding vulnerabilities.
View full review »
RN
reviewer1370412
Senior Technical Architect at a tech services company with 51-200 employees
The most valuable feature is the dynamic application security testing.
View full review »

Veracode Software Composition Analysis Cons

AB
Reviewer64985
Principle Consultant at a tech services company with 11-50 employees
Veracode has a few shortcomings in terms of how they handle certain components of the UI. For example, in the case of the false positive, it would be highly desirable if the false positive don't show up again on the UI, instead still showing up for any subsequent scan as a false positive. There is a little bit of cluttering that could be avoided.
View full review »
CG
reviewer1258986
Enterprise Architect, VP at a financial services firm with 501-1,000 employees
There were some additional manual steps or work involved that we should not have needed to do.
View full review »
Nagaraj Sheshachalam
Lead Cyber Security Engineer at Ecolab Inc.
The scanning could be improved, because some scans take a bit of time.
View full review »
Learn what your peers think about Veracode Software Composition Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
502,499 professionals have used our research since 2012.
DavidJellison
Senior Director, Quality Engineering at a tech services company with 1,001-5,000 employees
Improving sorting through findings reports to filter by only what is critically relevant will help developers focus on issues.
View full review »
HJ
Hemanth Jayakumar
Sr Director at a non-profit with 51-200 employees
The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified.
View full review »
AldrineEinsteen
Enterprise Architect at a computer software company with 1-10 employees
The documentation is poor and the technical support isn't helpful.
View full review »
AC
reviewer1276710
Associate Consultant at a comms service provider with 201-500 employees
A high number of false positives are reported and this should be reduced.
View full review »
RN
reviewer1370412
Senior Technical Architect at a tech services company with 51-200 employees
In the future, I would like to see the RASP capability built-in.
View full review »
Learn what your peers think about Veracode Software Composition Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
502,499 professionals have used our research since 2012.