We just raised a $30M Series A: Read our story
2020-02-09T08:17:05Z

What is your primary use case for Veracode Software Composition Analysis?

2

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

ITCS user
Guest
88 Answers

author avatar
Top 5LeaderboardReal User

In India, we have a digital development center. I'm from the security team. There are teams who develop all the applications for security features and coding security analysis. We use the Veracode Static Analysis for all projects and applications within our organization.

2020-12-29T10:56:00Z
author avatar
Top 5Consultant

Software Composition Analysis (SCA) is used to detect vulnerabilities in open source libraries, which are used by our customers for their own product. We are a consulting company who provides consulting services to clients. We don't buy the software for our own internal use. However, we advise customers about which solutions will fit their environment. Most of our clients use SCA for cloud applications.

2020-12-20T08:24:00Z
author avatar
Top 5Real User

We introduced SCA scanning to satisfy customer-requested open-source library scans as part of a contractional agreement. This led to expanding SCA scanning across our other applications to compliment SAST/DAST application scanning. We knew we had a technical debt from not updating open-source libraries for years, and were not aware of the vulnerabilities in these libraries at the time. SCA scanning is now a first-class scan component of our current practices and included in our external security audits going forward.

2020-11-20T11:13:00Z
author avatar
Top 10Real User

We use Veracode to ensure that the software we are building is secure.

2020-07-26T08:19:12Z
author avatar
Top 5Real User

We primarily use the solution for article scanning.

2020-03-16T06:56:15Z
author avatar
Top 5Real User

The primary use case for us was looking for web applications that might have vulnerabilities that could be compromised. Specifically, I was managing a team and we had built a lot of applications as well as having purchased applications from vendors. We were working with a security team to go through and scan those applications for vulnerability using Software Composition Analysis. We were trying to avoid situations where somebody could do something that they should not be able to do like get at data.

2020-03-16T06:56:00Z
author avatar
Top 5Real User

The primary use case was scanning a single-digit number of applications. We scanned them about twice a year and that's about it. It was just to get the results. We used the results to gauge our security health.

2020-03-09T08:07:51Z
author avatar
Top 10Consultant

I am a consultant and SourceClear is one of the solutions that I use to provide services. This solution is used by people who want to verify the security of their own applications.

2020-02-09T08:17:05Z
Learn what your peers think about Veracode Software Composition Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
541,108 professionals have used our research since 2012.