Veracode Valuable Features

Sebastian Toma
Engineering Security Manager at Nextiva
With Veracode, it's not about features for us. It is about the pricing model that they offer. To be honest, with their vulnerability database, the total amount of false positives that we're getting is very low. That's the main reason we use Veracode over anybody else. New Veracode features could include a very big database of actual vulnerabilities to be better than other products. View full review »
Chief Information Security Officer with 501-1,000 employees
* Having the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important. * Utilizing the software as a service. We do the scanning of the compiled code ourselves but it's on their servers, which is a plus. * Technical support is available if needed and that is advantageous. * Having online education and training is also advantageous. View full review »
Christian Camerlengo
Senior Programmer/Analyst at a financial services firm with 10,001+ employees
The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up. We've had very few issues that we have actually had to contact Veracode about. It does give some guidance, up to a point, for fixing vulnerabilities. It does a pretty good job of that. We went from a bunch of errors to a handful that I needed help with, and that was mostly because they provided some good information for us to look at. If I had been using this product a long time ago, I would have been able to anticipate a lot of things that Veracode discovered. The product I'm working on is about 12 years old and this was the first time we ran scans on it using Veracode. It identified quite a few issues. If you're starting a new project, it would be a good place to start. Once you get used to what people like penetration testers are looking for, this is a good tool to prevent having a pen test come back bad. The Static Analysis Pipeline Scan is very good. It found everything that we needed to fix. View full review »
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
437,208 professionals have used our research since 2012.
Sr. Security Architect at a financial services firm with 10,001+ employees
Being cloud-based is a huge plus. All of our scans are always using up-to-date scan signatures and rules, and there is nothing for us to maintain. Veracode has been spot-on with notifying about planned downtimes for maintenance and upgrades. In my years of using the product, unplanned downtimes have been minimal (in fact I can't remember one.) The API integration that allows integration with other tools, such as defect trackers and automated build tools, is also a benefit. We also like the integrated, available "in-person" support sessions to review and ask questions on discovered defects. View full review »
Riley Black
Senior Security Analyst at a health, wellness and fitness company with 1,001-5,000 employees
Greenlight - Developers can test their code before they commit. They are able to privately scan their code and correct any mistakes before it is committed into the build and scanned with the other components. SAST - During a build process, we have integrated the Veracode Static Scanning (SAST) component which provides an excellent first glance at the code moving through environments. SCA /SourceClear - Veracode SCA / Source Clear has given us excellent visibility into potential vulnerabilities found in third-party components, packages, frameworks, and libraries. View full review »
Rick Spickelmier
Chief Technology Officer at a tech vendor with 201-500 employees
It has an easy-to-use interface. View full review »
Managing Principal Consultant at a tech vendor with 11-50 employees
The most valuable feature comes from the fact that it is cloud-based, and I can scale up without having to worry about any other infrastructure needs. View full review »
Evan Christoe
AVP, IS Manager with 1,001-5,000 employees
The identification of flaws. View full review »
Software Engineer at a financial services firm with 501-1,000 employees
The source composition analysis component is great because it gives our developers some comfort in using new libraries. View full review »
VP Engineering at a tech services company with 201-500 employees
Source code composition analysis for vulnerabilities and license compliance is the most valuable feature. View full review »
Michael Stricklen
Executive Director at Parthenon-EY
* Multiple languages and framework support: We can use one tool for our SAST needs. * Developers report liking the IDE integration provided by this tool. View full review »
Ashish Kulkarni
Manager at Wipro Technologies
Veracode provides faster scans compared to other static analysis security testing tools. View full review »
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
437,208 professionals have used our research since 2012.