Veracode Valuable Features

Kyle Engibous
Systems Architect at a tech vendor with 201-500 employees
The most important one is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client. We pair that with dynamic scanning, which actually hits our Web applications, to try to detect any well-known Web application vulnerabilities as well. It's really just a way for us to stay ahead of it and provide some assurances and security with the software that we deliver. Also, Veracode has a nice API that they provide to allow for custom things to be built, or automation. We actually have integrated Veracode into our software development cycle using their API. We actually are able to automatically, every time a new build of a software is completed, submit that application, kick off a scan, and we get results in a much more automated fashion. So the API is a huge thing that we use from Veracode, in addition to those two types of scans. In terms of integrating Veracode into our existing software development life cycle, we heavily use JIRA today for bug tracking issues, time management, and the like, for our development team. When those scans kick, Veracode integrates back into our JIRA and actually open tickets with the appropriate development teams. We can use that as a measurement of vulnerabilities opened, closed; we can tie them to releases. So, we get a whole lot more statistical information about security in our software products. That's really what we use in measuring there, the integration back to JIRA in issues found. View full review »
Director Security and Risk OMNI Cloud Operations at a tech vendor with 1,001-5,000 employees
* The static scanning of the software is very important to us. * The ability to set policy profiles that are specific to us. * The software composition analysis, to give us reports on known vulnerabilities from our third-party components. View full review »
Sebastian Toma
Engineering Security Manager at Nextiva
With Veracode, it's not about features for us. It is about the pricing model that they offer. To be honest, with their vulnerability database, the total amount of false positives that we're getting is very low. That's the main reason we use Veracode over anybody else. New Veracode features could include a very big database of actual vulnerabilities to be better than other products. View full review »
Find out what your peers are saying about Veracode, SonarQube, Micro Focus and others in Application Security. Updated: February 2020.
396,515 professionals have used our research since 2012.
Information Security Engineer Team Lead at a hospitality company with 1,001-5,000 employees
The reporting and mitigation features which allow our people to work on their own. View full review »
Chief Information Security Officer with 501-1,000 employees
* Having the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important. * Utilizing the software as a service. We do the scanning of the compiled code ourselves but it's on their servers, which is a plus. * Technical support is available if needed and that is advantageous. * Having online education and training is also advantageous. View full review »
Global Application Security at a pharma/biotech company with 10,001+ employees
The Static and Dynamic Analysis capabilities are very valuable to us. View full review »
Dave Cheli
Chief Technology Officer
Certainly it eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code bundle over to Veracode, which automatically kicks off the static analysis. It sends an email when it's done, and we look at the report. Once it's set up - and it's pretty easy to set up - it pretty much just works and I don't really have to think about it, outside of whenever I get my emails to look at the reports. It was a very easy integration that we did within the first week of going live with the software. So ease of use, ease of integration. View full review »
Associate Director
It has several components in that help you identify abilities in the core. It also provides security of different Shadow IT activities in our environment, especially around application development and website hosting. View full review »
Information Technology at a insurance company with 51-200 employees
It is great to have such insight into code without having to upload the source code at all. It saves a lot of NDA paperwork. The Visual Studio plugin allows the developer to seamlessly upload the code and get results as he works, with no manual upload. The code review function is great. It allows you to find flaws in source code, but the source code never leaves your workstation, it is all client side, no NDA needed. View full review »
Senior Infrastructure Engineer at a healthcare company with 5,001-10,000 employees
The most important features, I would say, are the scanning abilities and the remediation abilities within the product. Scanning because, obviously, we want to make sure that our application code is flaw-free. And the remediation tools are helpful to the developers to help them track and manage their flaws. We have been able to integrate Veracode through many of the IDEs that our developers use, using the Veracode APIs, or they've been actually been doing this manually as part of their SDLC. View full review »
Suzan Nascimento
SVP Application Security at a financial services firm with 10,001+ employees
The most valuable feature is the remediation consulting that they give. I feel like any vendor can identify the flaws but fixing the flaws is what is most important. Being able to have those consultation calls, schedule them in the platform, and have that discussion with an applications expert, that process scales well and that is what has allowed a lot more reduction of risk to happen. View full review »
CISO at Laboratory Corporation of America Holdings
Veracode helps me in several implementations over a couple of industry sectors in a number of ways. My coding, especially the code we develop, has a number of faults per line and that costs me money and time to fix those, into the lifecycle. Veracode enables me to provide better code, faster, so my time to market is less. The security means my total cost of ownership goes down significantly over a period of time. The more code I write, the better I organize that, the less my expense is in maintaining that code. View full review »
Dennis Miller
VP Development
We just use the static scan, it's all we got into as of now. We're happy with that, it seems to work very well for us. View full review »
Tim Jee
Cyber Security Engineer at a Consumer Goods with 1,001-5,000 employees
For me, at the program manager level, I'm not a developer. What I do is run applications through a security program. What's important for me, from Veracode, is the all-in-one metrics location. I can see where everything is across the entire portfolio of applications I have in this program, and I can report out on it. That is one of the more important pieces for me, at the compliance level. View full review »
Assistant Vice President of Programming and Development at a financial services firm with 501-1,000 employees
* Code analysis tool to help identify code issues before entered into production. * Vulnerability Management and mitigation recommendations help with resolution of issues found, prior to deployment to production. * Developer Sandboxes help move scanning earlier within the SDLC. * The platform itself has a lot of AppSec best practices information, especially in the mitigation recommendation process. They have also offered cybersecurity e-learning for our team. View full review »
Information Security Lead Analyst at a Consumer Goods with 10,001+ employees
Catching coding flaws before they go live. Regarding integrating Veracode into our software development lifecycle, we started out with it being used only as a web interface, and now developers are starting to use it right in their IDE on the desktop. View full review »
VP of Services at a tech vendor with 51-200 employees
The ability to run scans. It's a critical piece of why we use the platform. We use it to get our scan results and see where our software is vulnerable or not vulnerable. It's part of our SDLC now. View full review »
Mike McAlpen
CISSP, CISM at a tech services company with 1,001-5,000 employees
SAST, DAST, and Greenlight are the most important features because today it's important for our regulatory compliance law to keep our product coding relatively secure. For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE. View full review »
Application & Product Security Manager at a insurance company with 1,001-5,000 employees
Static analysis scanning engine, because we need to do static analysis; that’s why we bought the product. View full review »
Rick Spickelmier
Chief Technology Officer at a tech vendor with 201-500 employees
It has an easy-to-use interface. View full review »
Elina Petrovna
Professor at a government with 51-200 employees
* Dynamic analysis of on-premises applications using the Veracode proxy module. * Static analysis of applications, on which I share property with third-parties. View full review »
Israel Varela
VP Sales at a non-tech company with 11-50 employees
For us, it's the partnership. We have always been very strong partners with Veracode. They provide excellent training to our sales team, so we are able to work with our customers to show them the value of secure code training. View full review »
Siddharth Kundalkar
Director Software Engineering at a tech services company with 51-200 employees
All the features provided by Veracode are valuable. View full review »
Managing Principal Consultant at a tech vendor with 11-50 employees
The most valuable feature comes from the fact that it is cloud-based, and I can scale up without having to worry about any other infrastructure needs. View full review »
Chief Compliance Officer at a financial services firm with 51-200 employees
* Ad-hoc scanning during the development cycle * Reports for audits In terms of integrating Veracode into our existing software development lifecycle, there are regular milestones in the SDLC to perform Veracode scans. View full review »
Project Manager at a tech vendor with 501-1,000 employees
We use the results of the scan to identify vulnerabilities in the product. View full review »
Evan Christoe
AVP, IS Manager with 1,001-5,000 employees
The identification of flaws. View full review »
Terry Chu
DevOps Release Engineer at a tech services company with 51-200 employees
Informing me of application security vulnerabilities. Bamboo build-automation with Veracode API calls are used. View full review »
Head of Technology. at a tech services company with 11-50 employees
Static and dynamic scans of the code. It is part of our release cycle. View full review »
Lead Security Engineer at a tech vendor with 201-500 employees
Scanning of .war and .jar. View full review »
VP Worldwide Delivery Acceleration at a financial services firm
Because it is a SaaS offering, I do not have to support the infrastructure. View full review »
Michael Ward
Managing Director with 1,001-5,000 employees
The solution provides the capability for the application teams to track remediation and the handling of identified vulnerabilities. The system provides workflow capabilities for the application teams to send the completed scans to the security teams for their review. In addition, the security team can track the remediation and risk acceptance statistics. View full review »
Michael Stricklen
Executive Director at a consultancy with 10,001+ employees
* Multiple languages and framework support: We can use one tool for our SAST needs. * Developers report liking the IDE integration provided by this tool. View full review »
Team Lead / Architect at a tech services company with 1,001-5,000 employees
* I have found the user interface extremely helpful in prioritizing issues. * It allows me to prioritize the work to help resolve an issue. View full review »
Software Security Consultant at a tech services company
Provides consistent evaluation and results without huge fluctuations in false positives or negatives. View full review »
Ashish Kulkarni
Manager at a tech services company with 10,001+ employees
Veracode provides faster scans compared to other static analysis security testing tools. View full review »
Product Manager with 201-500 employees
I use the SAST feature the most. View full review »
Find out what your peers are saying about Veracode, SonarQube, Micro Focus and others in Application Security. Updated: February 2020.
396,515 professionals have used our research since 2012.