Veracode Manufacturing Reviews & Insights

Score8.7 out of 10

213 Reviews and Ratings

Community insights

TrustRadius Insights for Veracode are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Customer Support Effectiveness: Users have consistently praised Veracode's customer support for being responsive, helpful, and quick to address their needs. This level of support has been instrumental in resolving issues efficiently and maintaining user satisfaction.

Ease of Use and Integration: Reviewers appreciate the platform's user-friendly interface, well-documented steps for administration, and seamless integration with code repositories, making it easy to navigate and work with. This simplicity contributes to a smoother workflow for users across different tasks.

Comprehensive Analysis and Suggestions: Many users highlight the static code analysis platform for providing in-depth information, valuable suggestions for flaw mitigation across various programming languages, and aiding developers in promptly resolving issues. The actionable insights offered by the platform significantly enhance the development process for organizations.

Veracode Reviews

6 Reviews

ManufacturingAutomotive2Pharmaceuticals1Consumer Goods1Medical Device2

Veracode Is A Best Of Bread Code Analysis Tool

Rating: 10 out of 10

Incentivized

May 9, 2024

Use Cases and Deployment Scope

In my organization, Veracode is used to address application security issues during the application development life cycle throughout the organization. Developers uses Veracode to address security coding flaws and application security engineers uses it to address running applications security issues. Veracode is a very good static, dynamic and software composition code analysis tool. It easy to manage and supports most commonly used development languages. It integrates well with a number of code repository system such as Azure DevOps and Github.

Pros

I like the support given by Veracode, they are very responsive and they help you get things done.
Veracode has well documented steps for administrating the platform and managing integrations for code scanning.
Veracode is easy to use and the integration of to code repositories is seemless.

Cons

It would be good if Veracode could find a way to improve how long it takes to complete a scan job. The scan time is usually long compared to other tools in the market.
Veracode should find a way to give adminstrator the ability to add other administrators to the platform.
Veracode should invest in devloping more reports that demonstrate trends of flaws vs remediations.

Likelihood to Recommend

Veracode is good at identifying flaws that does not adhere to the OWASP top 10 security controls. Therefore, a Junior developer could produce code and flaws will be caught. There is also the software composition analysis that provided a view into third-party dependencies. Veracode may not be suited in cases where you need to have your scan results in a short amount of time.

Verified User

Contributor in Information Technology (Consumer Goods company, 5001-10,000 employees)

Vetted Review

5 years of experience

A normal review of Veracode

Rating: 8 out of 10

Incentivized

March 27, 2023

Use Cases and Deployment Scope

We use the Veracode software platform to look for vulnerabilities in our code as well as in the third party libraries we were using. We are in the medical software industry, so the data we deal with is very sensitive in nature so we take security and privacy very seriously.

Pros

Very good customer support
Visual Studio Add Ons
Quick responses to questions

Cons

Microsoft ADO pipeline support for other scan features
Reports that can be generated outside of the website
Summary of multiple reports at the user level and not administrative level

Likelihood to Recommend

Having detailed reports generated by Veracode that highlights code vulnerabilities as well as security issues with third party libraries are features that are important in our industry. It is well suited for providing software teams all of the outstanding issues they may exist so that time is saved in not having to do all of that research ourselves.

Verified User

Engineer in Engineering (Medical Device company, 1001-5000 employees)

Vetted Review

A solid offering for the right company

Rating: 7 out of 10

Incentivized

June 9, 2022

Use Cases and Deployment Scope

Veracode is used at Cox Automotive as a swiss army knife of products. It can be used for most languages and use cases for reasonably trustworthy static analysis, SCA analysis, and dynamic analysis for external products. This from a crawl, walk, run perspective gives teams the ability to meet them where they are and get security a foot in the door for our products.

Pros

Static Scans
SCA Analysis
API Documentation

Cons

API random failures
Customization
Automation speed
Support
Workflow and Process improvements for support

Likelihood to Recommend

If you are a smaller company or run less than 500 apps with a very vertical ownership structure, Veracode can be a great tool. Its fairly consistent, fairly mature nature means that it's much less likely to break your existing integrations. Where they struggle is when you are a big enough org where you need to rely on automation and integration support. I have yet to have a single developer that didn't get off a project attempting to integrate with it that didn't look mentally defeated. Their language integrations are not maintained, forcing devs to the web interface, which doesn't always have what you need, meaning you might have to restart and go back to the XML interface rather than their rest interface because they never finished converting to the rest interface. Their API can docs can be at times out of date, but on the whole, are mostly fine. Interfacing with support will also be unavoidable because of limitations around soft deletes and admins have left my team unable to manage the account more times than I am sure support appreciates having to fix.

Alexander Montgomery

Software Engineer in Corporate at Cox Automotive (Automotive, 10,001+ employees)

Vetted Review

4 years of experience

View profile

Veracode Review

Rating: 9 out of 10

Incentivized

January 27, 2022

Use Cases and Deployment Scope

Developers scan application code for vulnerabilities. It helps to keep our apps safer from hacking.

Pros

scanning existing code
scanning code as developers work so errors aren't introduced at all

Cons

Developer Training - I found assigning training to be tricky and pulling useful reports very difficult
Veracode reports are robust - but to a point where I am overwhelmed by choices

Likelihood to Recommend

any group developing code that will be externally facing. Any team of developers who need the training to stay current with Security information in regards to their training - OWASP Top 10, etc.

Verified User

Analyst in Information Technology (Pharmaceuticals company, 10,001+ employees)

Vetted Review

1 year of experience

Thanksgiving review

Rating: 10 out of 10

Incentivized

November 28, 2021

Use Cases and Deployment Scope

We evangelize the use of Veracode to other departments who develop their software code, additionally conduct walkthroughs and training. Business problems usually range from vehicle security-related development, analytical development, and digital transformation.

Pros

enhanced the code quality
code security is evangelized to be imbibed in the DNA of all application teams
usage of veracode globally within NISSAN
web scanning using dynamic analysis

Cons

adding multiple users at the same time
navigation of analytics dashboard

Likelihood to Recommend

1) Code quality for new development.
2) dynamic scanning of web applications.
3) less appropriate when we have to scan the previous version of the code.

VENKITESH SUBRAMONIAN

Senior Manager in Information Technology at NISSAN (Automotive, 10,001+ employees)

Vetted Review

3 years of experience

Veracode delivers great overall SCA value

Rating: 9 out of 10

Incentivized

May 28, 2020

Use Cases and Deployment Scope

Veracode (& SourceClear) has been used for Static Code Analysis & Software Composition Analysis for some of our products.

Pros

Software Composition Analysis - found 3rd-party vulnerability issues quickly on each scan
Static Code Analysis - found specific security issues that detect hidden backdoors and malicious code
Static Code Analysis works very well for node.js scan.

Cons

Embedded C++ scan doesn't support ARM platform.
Enable automatic import for SourceClear found issues for each scan into JIRA (Cloud).

Likelihood to Recommend

Veracode is best suited for node.js static code analysis & software composition analysis. It is less appropriate for ARM platform C++ SCA scan (not working).

Verified User

Engineer in Information Technology (Medical Device company, 10,001+ employees)

Vetted Review

2 years of experience

Loading Reviews List....

Video reviews

View playlist