Superior code scanning enabling faster and more secure code.
December 14, 2024
Superior code scanning enabling faster and more secure code.
Score 9 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Software Composition Analysis (SCA)
- Dynamic Analysis (DAST)
Overall Satisfaction with Veracode
We use Veracode to perform Static Application Security Testing (SAST) and Software Composition Analysis (SCA) scans against our code, repositories, and CI/CD pipelines for code deployments. We also utilized the IDE integration for software engineers to identify code issues earlier in the development lifecycle.
One of the areas Veracode excels in is their reporting. Our application development releases required a Veracode report to be included showing now high/critical findings.
One of the areas Veracode excels in is their reporting. Our application development releases required a Veracode report to be included showing now high/critical findings.
Pros
- SAST scanning
- SCA scanning
- Reporting
- CI/CD integration
Cons
- UI and UX felt a little outdates in some of the screens.
- Lack of flexibility on their outdated pricing model. This has since been corrected in 2023/2024.
- High effectiveness in detecting insecure code
- Streamlined release cycle by building security controls into deployments
- Highly customizable reporting simplifying reporting to stakeholders.
- Snyk and SonarQube Cloud
I found SonarQube to have some decent data for code quality checks but it underperformed for code security.
Snyk is a decent product and strong competitor to Veracode for SCA. Snyk's SAST offering is not as good as Veracode and does not support as many languages.
Veracode outperforms in SAST and DAST capabilities as well as reporting functionality.
Snyk is a decent product and strong competitor to Veracode for SCA. Snyk's SAST offering is not as good as Veracode and does not support as many languages.
Veracode outperforms in SAST and DAST capabilities as well as reporting functionality.
Do you think Veracode delivers good value for the price?
Not sure
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes
Comments
Please log in to join the conversation