Veracode User Experience
Use Cases and Deployment Scope
Pros
- Good integration with Jenkins and Visual Studio.
- Parsing the code well.
- It has good dashboard.
- SCA graphs for transitive dependencies are very useful in identifying the vulnerabilities.
Cons
- The main problem is slow speed of the scan - it took 11 weeks in one instance.
- The problem was ongoing for number of months and eventually they managed to slash the running time to one day. However, since than the running time usually takes 2-3 days as the scan always stop during the run.
- While SCA for Java works very well, there are number of issues on the C++ side. It can not recognize the libraries build by default from source code third-party vendors
- Especially newer version produces lots of False Positives
Most Important Features
- Thorough scan of our code.
- Integration with our release process.
- Accurate info about vulnerabilities in third-party libraries
Return on Investment
- At the moment due to very slow speed to the scan, we can not fully integrate it in our development process.
- However, we are using it for our release process.
- The analysis that Veracode software provides gives us and our client confidence that we are producing the secure code.






