Veracode Software Composition Analysis Reviews

Filter by:Reset all filters
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Associate Consultant at a comms service provider with 201-500 employees
Feb 11 2020

What do you think of Veracode Software Composition Analysis?

What is our primary use case?

I am a consultant and SourceClear is one of the solutions that I use to provide services. This solution is used by people who want to verify the security of their own applications.

What is most valuable?

The most valuable feature is the efficiency of the tool in finding vulnerabilities.

What needs improvement?

A high number of false positives are reported and this should be reduced.

For how long have I used the solution?

I have been using SourceClear for about a year and a half.

What do I think about the stability of the solution?

This is a stable solution.

What do I think about the scalability of the solution?

We have no complaints about scalability. We have between 200 and 300 clients.

How are customer service and technical support?


User Assessments By Topic About Veracode Software Composition Analysis

Veracode Software Composition Analysis Questions

What is Veracode Software Composition Analysis?

Veracode Software Composition detects open source vulnerabilities in the software development process with higher accuracy. Veracode SCA reduces false positives by prioritizing vulnerabilities in the execution path of the application. Its proprietary database contains significantly more vulnerabilities than the NVD because it datamines pull requests, bug reports, and release notes. It also looks for vulnerabilities in dependencies several layers deep. Veracode SCA is part of a comprehensive DevSecOps solution that covers multiple assessment types, enables developers, and helps organizations achieve AppSec governance.

Also known as
Veracode SCA, SourceClear