Veracode Is A Best Of Bread Code Analysis Tool
May 09, 2024

Veracode Is A Best Of Bread Code Analysis Tool

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Modules Used

  • Software Composition Analysis (SCA)
  • Dynamic Analysis (DAST)
  • Static Analysis (SAST)

Overall Satisfaction with Veracode

In my organization, Veracode is used to address application security issues during the application development life cycle throughout the organization. Developers uses Veracode to address security coding flaws and application security engineers uses it to address running applications security issues. Veracode is a very good static, dynamic and software composition code analysis tool. It easy to manage and supports most commonly used development languages. It integrates well with a number of code repository system such as Azure DevOps and Github.

Pros

  • I like the support given by Veracode, they are very responsive and they help you get things done.
  • Veracode has well documented steps for administrating the platform and managing integrations for code scanning.
  • Veracode is easy to use and the integration of to code repositories is seemless.

Cons

  • It would be good if Veracode could find a way to improve how long it takes to complete a scan job. The scan time is usually long compared to other tools in the market.
  • Veracode should find a way to give adminstrator the ability to add other administrators to the platform.
  • Veracode should invest in devloping more reports that demonstrate trends of flaws vs remediations.
  • One positive impact to our business over the period of about one year was the number of flaws being discovered went down significantly.
  • The time spent on doing peer code reviews went down. Peers that did the reviews had more time to spend on other tasks other than doing peers code reviews.
  • Over time the more seasoned developers were more proficient with writing code and I think was a direct result of the implementation of Veracode.
Veracode is slower with scan results however the flaws discovered and sites crawled are almost the same. Rapid7 InsightAppSec only does dynamic scans. Veracode did find more links on a site crawl. Rapid7 InsightAppSec has more out of the box reports than Veracode. Both integration to DevOps tools were striaghtforward.

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

Yes

Did implementation of Veracode go as expected?

Yes

Would you buy Veracode again?

Yes

Veracode is good at identifying flaws that does not adhere to the OWASP top 10 security controls. Therefore, a Junior developer could produce code and flaws will be caught. There is also the software composition analysis that provided a view into third-party dependencies. Veracode may not be suited in cases where you need to have your scan results in a short amount of time.

Comments

More Reviews of Veracode

  1. Home
  2. Application Security Tools
  3. Veracode Reviews
  4. User Review of Veracode