What I think about Veracode.
July 22, 2024

What I think about Veracode.

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Software Composition Analysis (SCA)
  • Dynamic Analysis (DAST)
  • Penetration Testing

Overall Satisfaction with Veracode

We have a system that needs to be safe and secure as it contains a lot of confidential information. We use Veracode to do Dynamic, Static Code and Software Composition Analysis scans. Veracode has helped us identify and fix various security and coding issues which we expect will make our system safer and more secure.

Pros

  • It can identify OWAP issues.
  • It provides help on how to fix issues.
  • Their support helps any problems that may arise.

Cons

  • Navigating around the system, especially when going back sometime take multiple clicks as it just keeps reloading the same page.
  • While we haven't tried the new packaging tools, however, the way we do packaging and uploading code for static code analysis has been laborious.
  • Setting up login process for Dynamic Code Analysis, is not easy as we need to modify scripts files.
  • Positive Impact: Veracode is a well known and recognized name in the field so having our system scanned by Veracode gives it a higher level of trust and confidence to our customers.
  • Negative Impact: Since there are newer updates to approaches and code in .NET, Veracode does not seem to keep with these changes, causing many false positives.
  • Negative Impact: While we are able to scan our Web and API, we are not able to scan our Apps (built with Xamarin).
Veracode seems to provide better support and good scan coverage. Veracode also provides multiple scan types like Dynamic, Static Code, Software Composition which others may only offer 1 or 2. I might be missing it but some others like Sentinel provide schedule monthly, preconfigured custom reports that make it easier to provide customer updates.

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

No

Did Veracode live up to sales and marketing promises?

Yes

Did implementation of Veracode go as expected?

No

Would you buy Veracode again?

Yes

There are a lot of different things to configure to get everything up and running. If would be great if there was a Wizard that help step through all the different parts, based on what has been purchased. Once setup, the scans and reports are usually good.

Also, the emails when scans have completed should include some highlights of the results like were there any new issues discovered that need to be focused on. Otherwise, it requires constant reviewing.

Comments

More Reviews of Veracode

  1. Home
  2. Application Security Tools
  3. Veracode Reviews
  4. User Review of Veracode