Vericode Use for Companies ERP Product offerings
August 23, 2023

Vericode Use for Companies ERP Product offerings

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)
  • Dynamic Analysis (DAST)

Overall Satisfaction with Veracode

We use Vericode to provide initial and ongoing security analysis of our software products. We supply ERP software solutions to the paper manufacturing industry. We are a leading supplier of software to this industry and it is important to us to provide a product that is thoroughly tested and free of known critical vulnerabilities. We have incorporated Vericode into our SLDC cycles and perform SCA and Dynamic scans within our release cycles. Our application is a very large full ERP application using many third party libraries. Without Vericode we would be flying without a net.

Pros

  • Automated scanning of software libraries for vulnerabilities
  • Management of multiple application, statuses and helps on security remediation
  • Vericode Verified program to leverage the security investment as competitive advantage

Cons

  • The time it takes to scan large projects makes it difficult to fit into our CI/CD/pipeline
  • One of our app scans times out after 2 hours and we have to upload it and scan manually but there is no visibility the CI system has as to vulnerabilities found
  • Integration with older development languages to scan. We have old 4GL based application that is not compatible with the tools
  • Higher compliance and overall security standards and awareness within our software products.
  • Competitive advantage
  • Marketing clout, being able to tout that we are verified with one of the industry leaders on a continual basis vs just saying 'yes we have our software tested on a annual basis for vunerabilities'
Vericode has been very responsive to our questions and has been proactive in getting us plugged into any new offerings. They provide regular email blasts for opportunities to participate in webinars and provide much online material for consumption. We have not yet taken advantage of their development training program but have run our top technical software engineers through the toolset training.
Mend.IO formerly WhiteSource software is a product we used prior to Vericode. It did not have all of the capabilities or depth of Vericode. Additionally, Whitesource did not offer automatic scanning as part of their product and there was no Certification program to speak of.

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

Yes

Did implementation of Veracode go as expected?

Yes

Would you buy Veracode again?

Yes

Help raise the level of awareness throughout the organization on the importance of proper security measures for software development. Allows you to establish a campaign that touts your organizations concern and action towards continual technology threats. Working the Vericode tools into an automated build cycle allows continual focus on the security vulnerabilities within your applications. We are hoping Vericode adapts to large scale applications that allow us to auto scan our application that has over 3 million lines of code.

Comments

More Reviews of Veracode

  1. Home
  2. Application Security Tools
  3. Veracode Reviews
  4. User Review of Veracode