We utilize Veracode to assist in establishing secure-by-design and development processes for our web applications, as well as transitioning from other systems to microservices.

In our company, we have various projects, and before beginning the development process, we utilize Veracode to scan the repository for any potential security issues. For instance, if we are using a third-party API or client dependency, such as a payment system, we require a third-party dependency. Once we have implemented this feature and scanned it using Veracode, any security vulnerabilities or code issues are highlighted. It is imperative that we resolve any Veracode issues to ensure our build is successful. To solve these issues, we may need to upgrade the version of our dependencies or investigate any security issues with the versions we are currently using.

The code is checked for any security issues, as well as any potential code issues or code smells that could cause major critical blockers. In this context, blockers have the highest priority, and if any are identified, they must be addressed urgently. The bugs or code smells are analyzed, and priority or severity is assigned accordingly. Dependencies used in the code are also checked for security issues.

Our primary uses are for reviews of our code and overall software environment, bug fixes, and detection of security flaws.  

We use the solution across multiple locations and regions, including Asia Pacific, EMEA, and North America. Our user base consists of 5200 individuals. 

We use Veracode mainly for identifying any vulnerabilities in the software. We do a lot of development, and before we deploy any product to our client environment, we want to make sure there are no vulnerabilities in the code and also follow best practices. 

We run scans to identify the criticality of these bugs and vulnerabilities, and we try to mitigate them. If it's not possible, we get an exception. At least we are aware of the vulnerabilities in our code, making sure our code is secure and not exposed to any threats like hacking.

My company is a financial and technical enterprise with involvement in healthcare as well. We use Veracode for scanning, utilizing both SAST and DAST approaches. The purpose of static testing is to assess our code for vulnerabilities before deployment. After completing this step and addressing any identified issues, we run dynamic application security testing on the applications we've created to ensure there are no vulnerabilities introduced after the build. These could be issues that arise during the execution of the code, rather than being inherent to the code itself.

Additionally, we are currently considering or in the process of transitioning to Veracode for a specific function known as Software Composition Analysis, which is among the services they offer.

In terms of my use cases, I oversee approximately 200 development teams managing around three to four hundred projects. About 30 percent of these projects are connected to Veracode. Moreover, I manage a user base of over 700 individuals, and many of our build pipelines include immediate SAST scanning during the building process.

We currently use Vericode Cloud, specifically the public cloud. At the moment, I am in the process of deploying two Veracode ISM management servers from their platform. These servers will be responsible for scanning our internal applications that are not exposed to the external world. One significant aspect is that our company decided to transition to the cloud approximately three years ago. Initially, we had 27 data centers scattered worldwide, but now we have reduced that number to five. By the end of this year, we plan to further decrease it to three, and eventually, we will likely have only one or two data centers in the future. However, there are certain things that we cannot migrate to the cloud.

We use Veracode for static application security testing, dynamic testing, and software composition analysis. My company's engineering team has about 50 people who use Veracode across multiple product lines. 

We use Veracode to scan our websites at the beginning of the development process. When we are ready to launch a new application on the website, we upload it to Veracode for scanning. Veracode finds any vulnerabilities in the code and returns the results to us. We must then resolve all of the vulnerabilities and mitigate any risks before we can publish the application. We have also set up recurring scans, so that any time we release a new version of the same application, Veracode will automatically scan it again to ensure that we have not missed any vulnerabilities. We have been using Veracode for six or seven of our websites.

Veracode helps us identify bugs and flaws in our code while operating it. We use the solution's static analysis feature to analyze code before running applications dynamic analysis that scans the app while it's running.

We typically run Veracode at the end of the development phase when we are ready to launch our software. We also scan for vulnerabilities after the software goes into production. It's the final phase of our development cycle.

We use Veracode for static code analysis, dynamic code analysis, and software composition analysis. In our organization, we have a bunch of applications that are running on a monorepo or microservice level. We have to do SAST on those applications so that we have a code review done on a bit level. 

Going forward through the application pipeline, we do it on the dynamic level, as well, where we are scanning the public URLs of those applications to see what people can see externally. It's a type of out-to-in scanning in which we are analyzing the traffic that is sent out and even the traffic that is coming in, the response and request headers of the URLs, whenever someone is at a single URL. 

Finally, for the software composition, Veracode uses a third-party analysis tool in which it has the libraries and the functions that are being used at a source code level. They are open source or dependent files that are used for building that in-house application.

I worked as a security tester for a service-based Indian IT company. I had the admin right on the application where I used to provide access to other developers so they could execute unit-level tests directly from their console. There are many types of security testing activities, such as false positive analysis or looking into the code from a secure point of view, getting the mitigations done, and then retesting the applications.

Our company does app development. The primary use case for this product lies in ensuring the security and integrity of the apps we craft. Through Veracode, we implement robust security measures conducting comprehensive code analysis and vulnerability assessments. This allows us to detect and address potential security loopholes and safeguard our applications against cyber attacks or unauthorized access. Veracode is fortifying the reliability and stability of our apps by identifying and rectifying any code issues, irregularities, or inefficiencies. Its integration streamlines our development workflow, enabling us to deliver high-quality, resilient applications that meet the strengths and demands of our clients.

We're a blockchain-focused company specializing in data, visualization of finance applications. So our main motivation was to use the solution for the defense of finance applications. 

We use it for security and the integrity of data. It helps us with the dynamic analysis of code to help prevent potential exploits. We are able to check for vulnerabilities before and after our products have been published. It's a very secure and reliable solution. 

We have data deployments for B2B and B2C with the product. Before we used a deployment center like Jenkins. We use it for backend content.

We use Veracode for application scanning.

It's a fast solution, so we use it to search for vulnerabilities in our code, software composition analysis, and to search for vulnerabilities in our libraries. 

Veracode is part of our overall security program. We use it to scan our daily build pipelines and all our fielded releases. The primary features we use are static application security testing and software composition analysis.

We analyze third-party libraries for known vulnerabilities and taking action. Veracode is also part of our release procedure. We put the artifacts from the record and attach them to the release documentation to provide our customers with those documents if needed. 

We use Veracode as part of our development pipelines. It gives us security feedback when we run our applications. Our applications are completely containerized in Docker images with a .NET 4.6 architecture. These are web-based applications, so we want to know that all the HTTP requests are secured. The tool provides us with feedback to ensure that our application security is robust. 

We are primarily running Veracode to check for vulnerabilities after the build. There is no pre-build process. We are running a post-build static analysis and dynamic analysis. We run it at the end of the development process. 

We use it primarily for our application security concerns. We use the dynamic, static, and SCA scanning tools. We run our static scans after the code is compiled, and that gets uploaded automatically through our DevOps tool. We have installed an agent in one of our cloud servers that is behind a firewall to run the dynamic scan against the runtime. We run our SCA scans when we do the static scans, which is after compilation.

We use Veracode for dynamic, static, and software composition scanning. Veracode is a SaaS solution.

We were looking into compliance. I'm a consultant, and we're looking at it from the perspective of using Veracode to ensure that the organization we were consulting for was meeting its compliance expectations.

Our primary objective when using Veracode was to ensure the security of website development and other application developments we were working on. We aimed to prevent any security breaches and also closely monitor any potential vulnerabilities that could arise from code deployment. Fortunately, we were successful in identifying and addressing these vulnerabilities. 

Although the responses were somewhat mixed, we managed to go two years without a single security breach, which was a significant achievement. In addition to monitoring security breaches, we utilized Veracode for continuous monitoring. The difference lies in the fact that once the code is deployed and access to the server is initiated, there is a high possibility of connecting to a different server or encountering interference from unauthorized individuals. This continuous monitoring allows us to observe each step of the server, including the IP addresses and protocols, and ensure their proper functioning. Veracode facilitated us in carrying out this monitoring effectively.

We use it for security, to analyze our code.

We utilize Veracode in three primary ways. The first is through Dynamic Scans, followed by Static Scans, and Software Composition Analysis Scans. I find this tool to be highly effective. We have various forms of support available. For instance, we can initiate our scans through the CI/CD pipeline or manually if needed. Additionally, we can create separate sandboxes for each of our code modules. Since development involves distinct code modules, each catering to different functionalities, we can conveniently set up corresponding sandboxes within Veracode. This allows us to scan any module whenever required, which is quite advantageous.

Our primary use cases are uploading and assigning scans, uploading compiled codes into the sandboxes, and searching marks to determine whether scans have been completed.

We have multiple locations, teams, and endpoints; we're a worldwide telecommunications company with over 2000 internal and external apps. Some apps communicate from the outside to the inside, but every app goes through Veracode.

Veracode is used to perform the dynamic analysis of our applications for security flaws. We have applications that are being used by millions of users. We needed a security analysis tool to secure the application. Veracode is helping us with the analysis of all the security flaws and discrepancies. 

It is software-as-a-service. It is in the cloud.

We have some applications that connect to external providers or provide external services that users can access from the public internet. We are uploading these applications to Veracode to assess the security threats that our code may pose.

We use Veracode for static application security testing (SAST). We also use it for scan or software composition analysis (SCA) testing purposes. We mainly use it to triage the flaws or vulnerabilities that are found in our coding standards so that we can enforce secure coding practices at the developers' end. Because we are a part of the security team, we provide mitigation for the development team on all the SAST vulnerabilities that we come across.

We use Veracode to identify any security issues or flaws in our code so that we can eradicate them. We also use it to keep developers on their toes, to make sure they don't introduce any new flaws.

We used it for static and dynamic testing to check if there were any vulnerabilities in the code. If there were any vulnerabilities, we would check the report downloaded from the Veracode portal and try to fix the code before deploying it.

We use Veracode to identify and detect security vulnerabilities in our applications before they are uploaded, deployed, or used. This gives us greater confidence in the security of our applications, which leads to positive feedback from our clients.

I use Veracode to ensure the projects I deliver don't have vulnerabilities. 

I use Veracode for static and dynamic analysis.

Our primary use case for Veracode is to secure our software development lifecycle. It's deployed in a couple of countries and connected to multiple applications. It's used by five development teams, each of which has a different focus, such as digital channels, CRM, ERP, backend deployment, and billing. We also have a team that coordinates all of the efforts of the secure development policies. That team sets the guidelines and policies. The entire development team has about 20-30 people. 

We use it for static scans. It is mandatory in our company for every sort of project.

Veracode provides the organization an understanding of security bugs and security holes in our software, finding out if the software is production-ready. It is used as gate management, so we can have a fast understanding if the software is suitable for deployment and production.

My job is to help projects by getting the data integrated in Veracode. I don't own the code or develop code. In this area, I am a little bit like an integration specialist.

We use Azure and AWS, though AWS is relatively fresh as we are now just starting to define guidelines and how the architecture will look. Eventually, within a half year to a year, we would like to have deployments there. I am not sure if dynamic scanning is possible in AWS Cloud. If so, that would be just great.

We use Veracode for SAST and SCA. We are moving towards dynamic analysis as well. We use it now to scan our artifacts and reports, and very soon we are going to use the Veracode plugin for our IDE to have immediate results for security analysis purposes.

We use it for code analysis to see if there are any vulnerabilities in the code. I'm heading a startup for this, and I have a development team of about 14 people. They upload the codebase to Veracode, run an analysis, and take the results. If there are any vulnerabilities, they fix them.

My use case for Veracode is for a front-end application, specifically an agent compensation calculation engine. That application is deployed through an EAR file, and then Veracode scans the EAR file and gives me the scan report to help me change and improve the file for future deployments.

My company uses Veracode Static Analysis for scanning purposes and static analysis. I am a DevOps engineer configuring automation for multiple teams in our company using Veracode Static Analysis. Our company uses the product to identify vulnerabilities in third-party libraries that our teams use internally to secure our products before moving the product outside of our company. The aforementioned features of the solution are used mostly in our company. Most of the teams within my organization use Veracode's static analysis part. My company did not procure the license for Veracode Dynamic Analysis.

We use Veracode to ensure our solutions meet the security standards in the financial industry in Nigeria.

I currently work for a Veracode distributor here in Brazil. I work in both presales and post-sales, and I do implementations as well.

We use it for security validation. As a company, we need to make sure that our code is secure. Not only do we need and want to do this for ourselves, but we also need to do it because of our security obligations to our clients.

We are using it for two purposes. The first is to analyze the final binaries in our normal development cycle and the second is for auditing old software.

It's a SaaS solution.

We use the solution for identifying bugs before deployment in the software-side cycle process.

It can be integrated with our CL and CDProp pipeline, and it can be used with multiple integrations in our Visual Studio Code editor. That's the main use case.

We used Veracode for code scanning and source composition analysis.

We are a software company providing software to paper manufacturing organizations, and we have an extensive ERP product along with many add-on products.

With the need to increase security awareness and vulnerabilities, we decided that we needed to scan our software, so that was how we started using Veracode.

We found Veracode eye-opening because we had many third-party libraries in our application, and we found vulnerabilities and had to upgrade those libraries or seek alternatives.

Our use cases for Veracode were to make our software more secure and provide a better competitive advantage over our competitors by telling our clients that we have secure software.

We use Veracode for static code analysis scans for our clients.

Veracode is deployed both on the cloud and on-premises.

Veracode is our primary tool for identifying and resolving security flaws in our web-based applications. When I started at Advantasure, I worked on a claims product, using the tool to remedy coding issues and identify high-risk security flaws. I did that for a while before transitioning to a role as an application security engineer. In this job, I don't fix any security flaws. I help operate the environment. 

We have integrated Veracode with Jenkins so that we can automate building and scanning code. Jenkins uploads the build to Veracode for static and SCA scanning. 

I'm working remotely through a VPN. When I log into Veracode, I check the various applications out to ensure everything's running. If we have any issues, I report them to the appropriate teams. 

I have implemented Veracode for both static and dynamic analysis to minimize errors in my application and avoid the need for manual reviews. This enables us to create a risk-free application in the code. Additionally, I utilize external libraries and licensing to accelerate the process of identifying vulnerabilities in my software development. This helps me and the development team to provide comprehensive information about the code.

We use Veracode to scan our codes for vulnerabilities and risks.

For every application we develop, we want both static and dynamic security scans done before deploying them.

We use software composition analysis and static code analysis. We use a software composition analysis component to identify third-party vulnerabilities in our software. And then we use the static composition analysis to analyze flaws within our application on the front-end and the back-end.

We also use Veracode for static composition and software composition analysis and static code analysis because we need a way to identify vulnerabilities and flaws in the application and relay that information to our developers.

The manual penetration testing is not really used as much.

Having a centralized view is probably one of the most important aspects of the platform. We need to have some way of looking at all the flaws and all the vulnerabilities in one centralized view. 

Having this has improved our visibility into application status. It's very important because it's the way that we communicate flaws to our developers. And without it, we'd be missing out on an opportunity to explain what seems to be fixed and what needs to be managed.

My company produces one of the most secure fabrics that you can find. Veracode is integrated into our development cycle through Jira. We do a full static analysis with Veracode and use Burp Suite to review the findings. The most common attack vector we find in Java code is SQL injection. When SQL injection shows up, you send a screenshot and a report to your executive team. They see the screenshot and say, "Oh, they're seeking injection here." 

This has now become a top priority. We're going to pause all these redundant features that we're making here and ensure our code is secure with no SQL injection vulnerabilities. Veracode finds everything, and the security engineers do the penetration test using the results. You provide a report showing where the issue is, and developers can fix it. We also use Veracode to train security engineers and teach them how to file reports.

We are using Veracode to shift development left. Therefore, we want to train our team of third-party vendors and improve our code security.

We use Veracode to scan server applications, and we also use it for SCA functionality and to scan pipelines of our other projects.

We use Veracode to test for errors in the code in the applications we are building within our service pipelines.

I have helped other companies implement Veracode Static Analysis in their IT environment. In our company, we need to scan many .NET applications using Veracode, and we could scan our software since it is a SaaS solution, after which we process the reports to improve the product.

When we develop an application with source code built on Java, JavaScript, and mobile technologies such as Android and iOS, we ensure that the source code is free from security vulnerabilities before sending it to production. To achieve this, we package our source code and scan it using Veracode. This scanning process is our primary use case.

We set up pipelines for this purpose, and the warehouse operates on a cloud provider. To make the Veracode API calls for support, we utilize Veracode API libraries which use the URL that is hosted on the cloud. We then initiate a scan on our source code, which goes through different stages, including scan, upload, rescan, validation, and finally, we obtain the results.

We primarily use Veracode for static code analysis.

We use Veracode for static web application scanning, and we've been using Vericode for our ethical hackers as well.

We have a dev, UAT, and staging environment. Veracode is included as a part of our DevSecOps in the staging environment. That means that when code is promoted to our staging environment, it automatically initiates a Veracode scan on our application.

I'm a project officer as well as a developer, so I have to make sure that the system I'm using is safe. I use Veracode to scan my code for issues or vulnerabilities and for making sure that the applications I'm developing are very secure. I also use Veracode for static code scans to see if we have any other vulnerability issues. 

We use Veracode to scan our products for code security. Our company also uses Veracode's data security module.

Veracode is being used to check our application source code, whether it is working well or not, and to track changes in the code from different developers and engineering teams.

We use Veracode mainly for legacy software audits.

We have multiple verticals and products, and we use Veracode to perform static analysis on our hosted applications across all the platforms. We also perform static and software composition analysis on a couple of products.

Our offices are spread out across North America, South America, Europe, and Cyprus. We also have offices in Australia that use the solution. About 25 to 30 people use the solution regularly. 

We are a Veracode reseller and we utilize their solution for software vulnerability analysis. Our primary objective is to identify any security issues in open-source libraries that have been rejected. Additionally, we perform dynamic code scanning and employ Static Application Security Testing for comprehensive application security testing.

In my previous company, we had a healthcare app. We used Veracode to run a spontaneous static analysis as well as dynamic analysis, to resolve our vulnerabilities. We were releasing versions every month. Each month we were looking at the results of Veracode and fixing the problems.

Every build running CI/CD on our applications, like Bamboo or Azure DevOps, will be scanned through Veracode SCA first. If its report for the build has a vulnerability or redundancy that is outdated or vulnerable, then that is our use case for our application. We have a lot of applications that need to automate these things, then get the report to the application team. Therefore, the security team needs to check these one by one.

We have a lot of people using Veracode, like the security team and DevOp. Also, the application team checks the Veracode result and updates it necessarily. Since it is integrated into our applications, there are a lot of users.

Our deployment model is on-prem. We deploy it as a JAR file inside our Cloud CMS.

We use it to scan third-party libraries to check for vulnerabilities.

We use Veracode for product testing.

We exclusively utilize Veracode for a product used in our consulting services, which we provide on a licensing basis.

We deploy Veracode in the cloud and can utilize any cloud provider, including Google Cloud, Azure, and AWS.

We are a relatively young company that started about a decade ago. The company adopted Veracode about five years ago because it's a market leader in that segment. 

Veracode checks for security flaws in our code. We provide software for companies in the financial sector, so it's critical that we use Veracode. There are some lesser-known competitors, but Veracode is the biggest player in security software. In a way, it's good marketing to use Veracode.

We are running it locally, but we plan to move to the cloud in the next few months. We're a small company with 20 employees. Our development team deals primarily with it, and some other support guys are involved occasionally. 

When code is being developed by our developers, the testing team runs through the static code application scanning and takes a look at how it is working out.

We have a website built on the Microsoft stack, with .NET. Veracode comes in and scans our code and, for the static side of it, we zip up the CS files and the JavaScript files, and upload them for scanning.

We are quite new to security systems. We have not adopted Veracode at the enterprise level. We are using the GitHub Advanced Security system. We were looking for static code analysis or software configuration analysis tools in the market. That is when we explored Veracode.

We want to centralize our security systems so that any repository that developers are using or creating in our organization follows the same set of standards. We want to have all the security checks and all the static code analysis done at the same level and with one client.

I used Veracode in my previous company. My role was to assist the team in identifying the vulnerabilities in the reports. I identified those and diverted them. The software team was responsible for taking appropriate actions to fix those.

We used Veracode in our environment to have account verifications or transaction confirmations. Apart from that, we had event registration as well as membership confirmation.

Previously, finding security issues in our complex healthcare software was a time-consuming process. Manually reviewing all logs took half our time. However, Veracode has revolutionized our workflow.

With Veracode's automated solution, we now receive daily reports highlighting security vulnerabilities. This allows us to address issues promptly, significantly reducing the previous two to three-week investigation period.

Veracode also eliminates the need for manual testing, freeing up our team for other tasks. Its user-friendly interface provides comprehensive scans, and detailed reports, and even pinpoints specific lines of code causing issues.

This shift-left approach has greatly improved our development process, resulting in fewer customer complaints. Proactive vulnerability detection and efficient issue resolution have significantly enhanced our team's productivity.

As a full-stack developer, I am also involved with DebOps tasks. When deploying to different environments, we have stages that must be passed as part of DevOps. One of the primary stages that must be passed while deploying to Jenkins is Veracode Analysis. We also have SonarQube analysis, which typically checks code quality, code coverage, and other aspects, such as whether there are any bots or vulnerabilities. Once the code quality test is passed, it enters Veracode analysis. During Veracode analysis, the code is checked for vulnerabilities. Veracode also checks to see if any outdated jobs are being used in the code and suggests better versions to use. All of this information is clearly displayed in the Veracode analysis results. Veracode is linked to JFrog Artifactory, which is a repository of all the jobs available on the market. Veracode uses this information to choose which jobs to use and which jobs to fix. Veracode also explains the possible errors in the code.

I use Veracode to prevent vulnerable code from going into my application.

Our primary use case for Veracode is SAST and SCA in our SDLC pipelines. We also use it for DAST on a periodic basis and time-based scans on our staging system. We use the trading modules for certifying all our developers annually.

In addition, we use Veracode to scan within our build's pipeline. We do use Greenlight, which is their IDE solution for prevention of issues of vulnerabilities.

We are FedRAMP certified as a company, so we use this as part of our certification process for Veracode ISO 27001 and various other certifications we have.

Manual Penetration Testing is a security tool for static code scanning. It's still in testing, so the client has it in their commercial cloud. As soon as it's federally approved, they'll move it to the government cloud. That's supposed to happen any day now. I think their government cloud is AWS. I believe they're looking at the dynamic piece as well.

We use this solution because we have an important portfolio of applications, and before moving those applications to the production environment, we use the static features to scan the code: either for static analysis or for SCA (Software Composition Analysis) to find any vulnerability in our open source libraries.

There are three areas where we started using Veracode immediately. One is static component analysis. The second is their static application security test, where they take a static version of your code and scan through it, looking for security vulnerabilities. The third piece is the DAST product or dynamic application security test.

We also use their manual pen-testing professional services solution in which they manually hit a live version of your product and try to break it or to break through passwords or try to get to your database layer—all that stuff that hackers typically do.  

Veracode helps scan applications for security purposes to ensure they are safe before deployment. The solution is continuously monitoring the security of our infrastructure and workflows. About five people use the solution across our organization. 

The main purpose of Veracode is to deliver secure code on time. We use it to test our application security, at the implementation stage to make sure that code is secure. We do static and dynamic testing, as well as penetration testing with Veracode. We also use it for security threat detection for our enterprise applications.

We use Veracode to scan our code before release. The scan ensures our projects will have no issues. We only use Veracode for customer-facing and revenue-generating web applications. 

I am a software engineer, and one of my clients needed Veracode for security requirements. We needed to send the code through some security tools to see if there are breaches or malicious code that could attack the company. In this case, the client used Veracode to scan third-party libraries from our application. Veracode was running on a private cloud using Azure. 

We're using Veracode Static Analysis for scanning security vulnerabilities.

Once the image is built in the container, we send it to Veracode Static Analysis for static analysis assessment, and the tool scans it. The tool then provides us with information on vulnerabilities in our code and the third parties, then provides recommendations on how to solve vulnerabilities, and that's helpful.

We use Veracode Static Analysis in the IDE for our engineers to be able to catch security issues while they're coding. Additionally, we use it for the Veracode verified program to show that we're scanning and compliant, and we get the third-party seal of approval.

It's a scanning security, static analysis code scanning software.

We use Veracode for static and dynamic code analysis, as well as software composition analysis (SCA). Using it ensures that our products are compliant, and it also provides an external method to assure our customers that our products are free from any flaws, or application security issues.

Our product resides on the Azure Cloud, and we have Veracode access it directly.

Our primary use case of this solution is for static and dynamic analysis along with the source gear for the third party dependency (not IDM). 

We were looking into actually moving towards IDM, but that's the extent of my knowledge. They are licensed as two separate products. They're part of the same platform, but they are licensed separately.

We have Veracode, Veracode Developer Training, Veracode Software Composition Analysis, and SourceClear. SourceClear and SCA are pretty much the same. They just support different languages. Veracode as a whole, the top option, is the one that includes everything.

The solution is used for performing application security processes like source code assessment, dynamic assessment, and SCA.

I'm using it to troubleshoot and know the issues in my code and resolve them as soon as possible.

My company produces a SaaS application that is used by very large customers for pricing analytics and sales workflows. The data that our customers put into our software is very sensitive and confidential. This means that they want a high degree of confidence that our solution is secure.

We use Veracode as one of the pillars that we can point to as helping us to deliver on the promise of having a secure product. We have a multi-dimensional security program and Veracode is one important aspect of that.

We use it for dynamic scanning and Static Code Analysis as well as for Software Composition Analysis (SCA).

We do use this solution's support for cloud-native applications.

We use Veracode primarily for three purposes:

1. Static Analysis, which is integrated into our CI/CD pipeline, using APIs. 
2. Every release gets certified for a static code analysis and dynamic code analysis. There is a UAT server, where it gets deployed with the latest release, then we perform the dynamic code scanning on that particular URL.
3. Software Composition Analysis: We use this periodically to understand the software composition from an open source licensing and open source component vulnerability perspective.

The primary use is as a static analysis tool. But we also use Greenlight and dynamic, and we're currently having a manual penetration test.

It is a broad and integrated platform. It provides multiple test scenarios and has the ability to do CI/CD pipeline integration. It is used for application security and vulnerability assessment.

We use the solution to scan for and identify vulnerabilities or security issues.

We use a SaaS deployment.

In my previous organization, we used to use Veracode throughout all verticals. It is a cloud-based platform, and you need to upload the code for static analysis. The code has to be uploaded as per the compilation guide provided by Veracode. So, for different languages, you have to combine the code as per the instructions in the guide.

We used to own and manage the platform. We also used to manage the users. If there was a particular project team that needed to use Veracode to do their code scan, they used to approach us. We used to create the user accounts for them so that user accounts were limited to just the code. We also used to guide and train them on how to upload the code on Veracode, how to combine the code, and how to initiate the scan. After the scan is completed, we used to tell them and guide them about how to treat the vulnerabilities in that code, how to fix and mitigate them, and what's the next process. Apart from that, we used to create a project team to build their CI/CD pipeline, where we used to create DevSecOps automation.

We use Veracode to scan the applications.

At this moment in time, in my project, we are mostly using Static Analysis from Veracode. We automated it and added it as a step to our daily pipeline. We also tried using the pipeline plugin from Veracode that gives an immediate evaluation of your code. We're also using agent-based Software Composition Analysis. I have not exactly used it in my project, but I participated in investigating it and setting it up.

I know two flavors of doing Software Composition Analysis. The first one is a part of a daily static scan where you're uploading all your third-party libraries. The second one is by using agent-based, which gives more reporting capabilities but not doesn't affect policy scans, etc. We use both of them.

We use Software Composition Analysis as a part of our daily build pipeline, so we use Jenkins Plugin from Veracode. Every night, we upload our sources to the Veracode platform. In the morning, we receive results of Static Code Analysis and Software Composition Analysis. 

We are using Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Static Component Analysis (SCA). We use different types of scanning across numerous applications. We also use Greenlight IDE integration. We are scanning external web applications, internal web applications, and mobile applications with various types/combinations of scanning. We use this both to improve our application security as well as achieve compliance with various compliance bodies that require code scanning.

Veracode is a cornerstone of our Development Security Operations Program, particularly scanning automation and remediation tracking.

We've been able to monitor the release cycle and verify our Security Standards are met by setting policy and ensuring scans are taking place. If a scan fails to meet our standard the build breaks and the flaws are remediated before releasing to Stage and ultimately Production -  where the potential impact is much more costly. 

We have discovered opportunities to make our code even better thanks to Veracode!

We use Veracode to identify vulnerabilities in code to ensure the security and integration of the apps.

I helped customers to build and start the journey of SecOps with Veracode.

The most important purpose of this platform is code security. We are able to scan our code and find security flaws.

We are using the static application security testing from Veracode and the Software Composition Analysis solution for the main product that we are developing. We don't use the Software Composition Analysis for checking license requirements, but only for finding problems in third-party dependencies.

We utilize it to scan our in-house developed software, as a part of the CI/CD life cycle. Our primary use case is providing reporting from Veracode to our developers. We are still early on in the process of integrating Veracode into our life cycle, so we haven't consumed all features available to us yet. But we are betting on utilizing the API integration functionality in the long-term. That will allow us to automate the areas that security is responsible for, including invoking the scanning and providing the output to our developers so that they can correct any findings.

Right now, it hasn't affected our AppSec process, but our 2022 strategy is to implement multiple components of Veracode into our CI/CD life cycle, along with the DAST component. The goal is to bridge that with automation to provide something closer to real-time feedback to the developers and our DevOps engineering team. We are also looking for it to save us productivity time across the board, including security.

It's a SaaS solution.

I'm an automation practice leader and we are customers of Veracode.

In India, we have a digital development center. I'm from the security team. There are teams who develop all the applications for security features and coding security analysis. We use the Veracode Static Analysis for all projects and applications within our organization.

We use it to scan our biggest applications, our bread and butter. We've got a lot of developers using it in our organization, and we've got quite a few applications using it as well.

The primary use case for us was looking for web applications that might have vulnerabilities that could be compromised. Specifically, I was managing a team and we had built a lot of applications as well as having purchased applications from vendors. We were working with a security team to go through and scan those applications for vulnerability using Software Composition Analysis. We were trying to avoid situations where somebody could do something that they should not be able to do like get at data.  

Veracode is a DAST solution that we use for automated security scans of our APIs and front end. We perform daily scans of our applications so we can act on the results quickly instead of routine security audits that we might do yearly or quarterly. It's a complement to the standard penetration test suite.

We are developers who utilize Veracode for the static and dynamic scanning of our applications.

Veracode has both static application security testing as well as dynamic application security testing, also called Dynamic Analysis. Our primary use case was on the static analysis side, not on the dynamic, because we have an automated tool in the dynamic analysis scope. So our primary use was static analysis security testing.

We have three use cases. We have the dynamic scans that we use to scan the production, public-facing URLs. We also use the static scan where we work with the Dev team and scan the code base for the web application and the mobile application on both iOS and Android. Our third use case is manual penetration tests, which my team manages. We do annual manual penetration tests.

It's deployed to our platform infrastructure, which is in a public cloud.

We use the Veracode SAST solution to scan the Java, Node.js, and Python microservices as part of our CI/CD pipeline, wherein we are using our CI/CD server as Bamboo, Jenkins, and GitLab CI/CD. 

We have teams for both our cloud pipeline and on-prem pipeline, and both teams use this solution. We are using Veracode to constantly run the internal application source code and ensure the code's security hygiene.

Application security scanning.

We use Veracode for its code analysis features, which include static code analysis, dynamic code analysis, and checking for security flaws in our code. Mainly, we utilize Veracode for application security, making code security one of our primary use cases.

I'm a security practitioner and I use it for security and vulnerability scanning and assessments.

We use Veracode for security scanning purposes, and our security services team has developed the logic. We create the pipeline and run the Veracode scan for particular microservices. My role is to run the Veracode pipeline and to see all the detailed reports. Once the scan is complete, I download the Veracode report and share it with developers.

We have multiple environments, and all entities use the solution. We have approximately 1000 users.

We use it to scan our web applications before we publish them to see if there are any security vulnerabilities. We use it for static analysis and dynamic analysis.

I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code.

We introduced SCA scanning to satisfy customer-requested open-source library scans as part of a contractional agreement. This led to expanding SCA scanning across our other applications to compliment SAST/DAST application scanning.

We knew we had a technical debt from not updating open-source libraries for years, and were not aware of the vulnerabilities in these libraries at the time. SCA scanning is now a first-class scan component of our current practices and included in our external security audits going forward.

The primary use case was scanning a single-digit number of applications. We scanned them about twice a year and that's about it. It was just to get the results. We used the results to gauge our security health.

We scan various types of software codes, such as codes or applications built in languages like C, Java, Python, PHP, and Ruby, among others. We assess the code quality using Veracode.

We use this solution for Digital Health.

Software Composition Analysis (SCA) is used to detect vulnerabilities in open source libraries, which are used by our customers for their own product. 

We are a consulting company who provides consulting services to clients. We don't buy the software for our own internal use. However, we advise customers about which solutions will fit their environment.

Most of our clients use SCA for cloud applications. 

Static analysis.

The use case is that we have quite a few projects on GitHub. As we are a consulting company, some of these projects are open source and others are enterprise and private. We do security investigating for these projects. We scan the repository for both the static analysis—to find things that might be dangerous—and we use the Software Composition Analysis as well. We get notifications when we are using some open source library that has a known vulnerability and we have to upgrade it. We can plan accordingly.

We are using the software as a service.

• Scanning web-facing applications for potential security weaknesses.
• Helping to document the introduction of technical debt in our code bases.

Application security management.

Software security, static code scanning.

It has performed very well.

We focus on these two use cases: 

1. Our first use case is for Static Analysis (SAST). The purpose of it is to scan our code for any vulnerabilities and security breaches. Then, we get some other reports from the tool, pointing us to the problematic line of code, showing us what is the vulnerability, and giving us suggestions on how to fix or mitigate them.
2. The second use case is for the Software Composition Analysis (SCA) tool, which is scanning our open sources and third-party libraries that we consumed. They scan and check on the internal database (or whatever depository tool it is using), then they return back a report saying our open sources, the versions, and what are the exposures of using those versions. For any vulnerability, it suggests the minimum upgrades to do in order to move to another more secure version.

We're required to make sure we have no high or very high security issues in our code. Veracode is a code reviewer to prevent hacking and other bad things from happening.

We use both the static and the dynamic scanning. What we do is run the code through the scanner once we make any modifications. And periodically, we also run the dynamic to connect several applications. We use Veracode to check for specific vulnerabilities such as cross-site scripting. When we are checking for those vulnerabilities, we take a portion of code that is going to be generated and we run the scanner.

We use it for static checking.

To have a third-party analyze our code and make recommendations from a security perspective.

I'm the manager of DevOps and cloud architecture.

Our development team use this solution for static code analysis and pen testing.

I'm working on security reviews for our in-house products. We are trying to solve problems. The use case for Veracode is to discover flaws in design before our application reaches end customers. We are using Veracode as one of the tools to ensure that our products are following secure design guidelines.

Static code analysis for internally developed critical systems.

The primary use case is application security and application security testing, specifically static and dynamic analysis, and software composition analysis. It has performed excellently.

We used Barracuda for scanning containers. And in all in DevOps workflow.

We used it for initial discovery and analysis and for reviewing the product. We were doing a trial. We had uploaded code on the Veracode server for analysis.

We used the cloud service or the cloud website where you could interact and identify the artifacts that you wanted to be reviewed, analyzed, and reported on. There was a plugin that we used with some of our IDs. It probably was Greenlight.

We use it for security scanning of SaaS and mobile software that we develop: one server-side and two mobile applications. Most customers require SAST and DAST scanning in order to purchase.

C++ financial application acting as hub for my academic accounting system.

Application, which my institution partially owns, was analyzed after just having compiled the code. This happens seldom in academic software.

It does software composition analysis, discovering open source software weaknesses.

Dynamic and static code analysis.

We use it to assess or do security inspections of our software that we produce or assemble. We have a very large portfolio of software across our enterprise. The Veracode system is a platform that scales with the dynamics of our organization. We have people that are in many locations, in the US and abroad. The fact that the Veracode platform is essentially a cloud-based platform, that makes it scalable.

We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes.

We are using this solution for static analysis.

We use Veracode for static analysis of source code as well as some dynamic analysis.

We use Veracode to scan custom-developed code for flaws.

Application development and secure code development.

We are planning on introducing a static code analysis tool to support a DevOps effort in our environment. The objective of the solution is to allow the team to identify vulnerabilities in the source code and improve the hygiene of the developed code before deployment.

Security scanning of the applications, of software that my company built.

SAST vulnerability scanning. Veracode is embedded in our release pipeline.

We test each major release of our software using Veracode static and dynamic testing. We also do manual penetration testing annually.

We use the Static Analysis, Dynamic Analysis, and SCA, the software composition analysis.

To certify that we have valid code, and that the developers are working with valid structures and writing good code.

We test two mission-critical web applications (C# Web forms).

We primarily use the solution for article scanning.

Provides static code analysis of the customers' applications from all industries. It includes any type of code and scripts, but mostly Java, .Net, C++, and C# environments.

Static code scan.

We use Veracode to ensure that the software we are building is secure.

Static application security testing, which is the primary use case. 

There were different web applications which were scanned using this tool.

We use it for a lot of things and they're all primary: SAST, DAST, and Greenlight.

This was intended to scan all of our custom development efforts to ensure a certain level of (secure) code quality. Right now the scope of that effort is limited to web exposed systems but with maturity, we hope to increase that scope.

Certifying the application security of my SAS-based application code base.

Security scanning.

I use Veracode to run scans on .NET applications, web applications and Windows/fat form applications. I also use it to make deployments in three-tier environments: the application server tier, web server tier and the database tier.

SAST. We have not yet integrated it into our software development lifecycle as it doesn't have the feature that enables us to integrate it with our repository.

Our primary use case for this solution is application security.

I am a consultant and SourceClear is one of the solutions that I use to provide services.

This solution is used by people who want to verify the security of their own applications.

Dynamic and static scanning.

We are Veracode partners/distributors in Quito, Ecuador. 

At this moment, I am reviewing the solution. 

Scanning for code security vulnerabilities within our company's products.

Our primary use cases are for comprehensive security assessment using static analysis, dynamic analysis, source code composition, and manual penetration tests. We also use it for security training for developers.