We are currently researching application security solutions.
From your experience, would you recommend Veracode? What are some of your use cases?
Thanks! I appreciate the help.
I would recommend Veracode. Our uses cases included removing vulnerable code from our Product and ensuring the product is secure. Veracode helps us in regularly scanning our code base and reporting our vulnerabilities which we can fix before exploited. The static scan and SCA reports are the important once. Besides, the Veracode Verified program helps us showcase our security posture to our customers to win their trust
I would recommend them. They have the ability to cover multiple languages and come with all the features you would expect from a paid solution. But do note, it is a paid solution.
The Veracode guys are good though and will happily walk you through the solutions they offer to make sure the proposal is one that actually fits your problem, rather than try to sell it to you when it doesn't make sense etc.
It depends on whether Veracode is recommended or not completely based on the technology they are using. for JAVA applications yes recommended. but for python maybe not much usefull.
I am looking for pros and cons for the Checkmarx vs SonarQube, in particular regarding:
I am also wondering if SonarQube could allow developers to delint their code before submitting it to SAST with either Checkmarx or Veracode.
Let the community know what you think. Share your opinions now!