Try our new research platform with insights from 80,000+ expert users
it_user835104 - PeerSpot reviewer
Project Manager at a tech vendor with 501-1,000 employees
Real User
We use scan results for training to increase sensitivity to security issues during development
Pros and Cons
    • "Calypso (our application) is large and the results take up to two months. Further, we also have to package Calypso in a special manner to meet size guidelines."
    • "Because our application is large, it takes a long time to upload and scan."

    What is our primary use case?

    Static code scan.

    How has it helped my organization?

    We have used the results of scans to train our people and make them more sensitive to security issues during development, although we haven't done any specific integration of Veracode into our software development cycle. Engineers are better trained, so we hope to see increased compliance with our security guidelines.

    We do incorporate the suggested course of action from the Veracode report (AppSec best practices and guidance) in our best practices.

    Also, our customers benefit from the fact that the application is more secure.

    What is most valuable?

    We use the results of the scan to identify vulnerabilities in the product.

    What needs improvement?

    Calypso (our application) is large and the results take up to two months. Further, we also have to package Calypso in a special manner to meet size guidelines.

    Buyer's Guide
    Veracode
    November 2024
    Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
    824,067 professionals have used our research since 2012.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    No issues with stability.

    What do I think about the scalability of the solution?

    Because our application is large, it takes a long time to upload and scan.

    How are customer service and support?

    Based on limited usage, we are satisfied.

    Which solution did I use previously and why did I switch?

    We did not have a previous solution. We picked this product because our partner (SAP) uses it.

    How was the initial setup?

    Straightforward.

    What was our ROI?

    There are no directly measurable cost savings. We see security improvement as a key part of our product development.

    What other advice do I have?

    When asked, we let our customers and partners know that we use Veracode and that we are happy with it.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Raj Nachiappan - PeerSpot reviewer
    Director of Solutions Architecture at VetsEZ
    Real User
    Easy to set up and it helps ensure that our code is secure
    Pros and Cons
    • "The most valuable feature is the dynamic application security testing."
    • "In the future, I would like to see the RASP capability built-in."

    What is our primary use case?

    We use Veracode to ensure that the software we are building is secure.

    What is most valuable?

    The most valuable feature is the dynamic application security testing.

    What needs improvement?

    It takes a while to get a response to the software composition analysis. It is within an acceptable range but it could still be improved.

    In the future, I would like to see the RASP capability built-in.

    For how long have I used the solution?

    We have been using Veracode SCA for three months.

    What do I think about the stability of the solution?

    SCA is pretty stable.

    What do I think about the scalability of the solution?

    Scalability doesn't really apply to a software composition analysis tool.

    How are customer service and technical support?

    The technical support is pretty good. When I requested help they contacted me within an hour. I don't have any issues with them.

    How was the initial setup?

    The initial setup is pretty straightforward.

    What other advice do I have?

    In summary, I think that this is a good tool and I recommend it for helping with security in software development.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Veracode
    November 2024
    Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
    824,067 professionals have used our research since 2012.
    Global Presales Head - Security Assurance at Wipro Technologies
    Real User
    Provides faster scans but with a higher number of false positives
    Pros and Cons
    • "Veracode provides faster scans compared to other static analysis security testing tools."
    • "Veracode scans provide a higher number of false positives."
    • "The overall reporting structure is complicated, and it's difficult to understand the report."

    What is our primary use case?

    Static application security testing, which is the primary use case. 

    There were different web applications which were scanned using this tool.

    How has it helped my organization?

    Veracode scans provide a higher number of false positives. Also, the overall reporting structure is complicated, and it's difficult to understand the report.

    What is most valuable?

    Veracode provides faster scans compared to other static analysis security testing tools.

    What needs improvement?

    Veracode should provide support to more software languages, like ABAP.

    For how long have I used the solution?

    Less than one year.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer1384917 - PeerSpot reviewer
    reviewer1384917Director, Customer Advocacy at Veracode
    Real User

    Thank you for taking the time to share your experience with Veracode. We appreciate your time and hope all is going well. Please let me know if there's anything I can do to help.  My role is new here and I'm working to check in with customers who have taken effort to comment on their Veracode solutions.

    it_user833553 - PeerSpot reviewer
    CISSP, CISM at a tech services company with 1,001-5,000 employees
    Real User
    SAST, DAST, and Greenlight point out potentially insecure coding and how to fix it
    Pros and Cons
    • "For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE."
    • "It would help if there were a training module that would explain how to more effectively integrate the SAST product into the build tool, Jenkins or Bamboo."
    • "It would help to have more training for developers to help them set it up."

    What is our primary use case?

    We use it for a lot of things and they're all primary: SAST, DAST, and Greenlight.

    How has it helped my organization?

    By using this product, we can point out not only any potentially insecure coding, but how to fix it. It's a requirement, a legal requirement. So we benefit by not breaking regulatory law.

    What is most valuable?

    SAST, DAST, and Greenlight are the most important features because today it's important for our regulatory compliance law to keep our product coding relatively secure.

    For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE.

    What needs improvement?

    I think they are doing pretty well. It would help if there were a training module that would explain how to more effectively integrate the SAST product into the build tool, Jenkins or Bamboo. I think that's a real good idea.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    No issues with stability.

    What do I think about the scalability of the solution?

    No issues with scalability, other than making sure that our people know how to use it.

    How are customer service and technical support?

    Excellent.

    Which solution did I use previously and why did I switch?

    Never. I've been using it for 20 years. I tried others, like HPE's and IBM's, when I was with Visa, but this is the best.

    How was the initial setup?

    I think it's simple, but sometimes it would help to have more training for developers to help them set it up.

    What was our ROI?

    I can't give you exact numbers, but it's a lot cheaper to do it sooner rather than later.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is worth the value. 

    Which other solutions did I evaluate?

    They didn't have products before this one. This one pre-dated them.

    What other advice do I have?

    I recommend CA Veracode all the time. I am a public speaker, frequently on the speaker circuit, and I recommend it all the time. There are really three solutions at the top of the industry ratings, and Veracode is the best, in my opinion.

    We are a good customer and we had been for a long time. I actually am a bit of an evangelist for them when I'm doing public speaking.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    it_user697020 - PeerSpot reviewer
    Software Developer/Architect at a insurance company with 201-500 employees
    Vendor
    Static, dynamic, and manual scan features were useful for us.

    What is most valuable?

    We used the application for the web. Static, dynamic, and manual scan features were all very useful for us. All of them helped us fix many security flaws.

    How has it helped my organization?

    It made us change our approach to coding. We tried to make sure our application stayed secure and safe.

    What needs improvement?

    The current features were enough for us. Although reports are well documented, it was difficult for us to understand them at first.

    For how long have I used the solution?

    We have been using the solution for about a year.

    What do I think about the stability of the solution?

    We did not encounter any issues with stability.

    What do I think about the scalability of the solution?

    We did not encounter any issues with scalability.

    How are customer service and technical support?

    We didn't use the technical support, so I can't comment on this question.

    Which solution did I use previously and why did I switch?

    We did not use a previous solution. This was the first security application we used.

    How was the initial setup?

    It was very easy to setup. Everything on the website was clearly explained.

    What's my experience with pricing, setup cost, and licensing?

    I don't know about the prices.

    Which other solutions did I evaluate?

    We did not evaluate any alternative solutions.

    What other advice do I have?

    If it's the first time you are using a security application, be ready for some new tools which you will require you to revitalize the flaws reported.

    Reports are very well documented. Once you understand what it means and you get used to it, you will see that it is detailed and clearly explained.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Chief Executive Officer at Cybrella
    Real User
    Deployment was easy, configurable, and simple to manage
    Pros and Cons
    • "The installation was straightforward."
    • "There needs to be better API integration to the development team's pipeline, which is something that is missing and needs to be improved."

    What needs improvement?

    There needs to be better API integration to the development team's pipeline, which is something that is missing and needs to be improved.

    For how long have I used the solution?

    We have been using the solution for approximately three months.

    How was the initial setup?

    The installation was straightforward.

    What other advice do I have?

    I rate Veracode Manual Penetration Testing a nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer1359297 - PeerSpot reviewer
    Software Engineer at a financial services firm with 501-1,000 employees
    Real User
    Source composition analysis component gives our developers comfort in using new libraries
    Pros and Cons
    • "The source composition analysis component is great because it gives our developers some comfort in using new libraries."
    • "I think for us the biggest improvement would be to have an indicator when there's something wrong with a scan."

    What is our primary use case?

    This was intended to scan all of our custom development efforts to ensure a certain level of (secure) code quality. Right now the scope of that effort is limited to web exposed systems but with maturity, we hope to increase that scope.

    How has it helped my organization?

    The Veracode platform probably hasn't improved our organization overall, although through no fault of theirs. Veracode is just one more tool that generates work for our developers.

    What is most valuable?

    The source composition analysis component is great because it gives our developers some comfort in using new libraries.

    What needs improvement?

    I think for us the biggest improvement would be to have an indicator when there's something wrong with a scan. For instance, we have CI scans that run automatically, and sometimes the files don't get upload and/or processed by Veracode. Now, there's a static scan that hasn't been completed, which blocks all future scans. The only way we know this is an issue is going into the Web UI, check each application, and look for stalled scans. This is time-consuming and frustrating.

    For how long have I used the solution?

    I have been using Veracode for three years.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user854052 - PeerSpot reviewer
    Head of Technology. at a tech services company with 11-50 employees
    Real User
    Allows us to prove our security levels to vendors, helps with our HIPAA security policies
    Pros and Cons
    • "It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies."
    • "Mitigation review isn't always super easy."
    • "Straightforward to set up, but the configuration of the rules engine is difficult and complicated."

    What is our primary use case?

    Certifying the application security of my SAS-based application code base.

    How has it helped my organization?

    It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies. Also, CA Veracode has provided AppSec best practices and guidance to our teams. Finally, it makes the IT Governance process of the sales cycle easier.

    What is most valuable?

    Static and dynamic scans of the code. It is part of our release cycle.

    What needs improvement?

    Mitigation review isn't always super easy.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    No issues with stability.

    What do I think about the scalability of the solution?

    No issues with scalability.

    How is customer service and technical support?

    It is excellent.

    How was the initial setup?

    Straightforward to set up, but the configuration of the rules engine is difficult and complicated.

    What was our ROI?

    It helps us get over the line for security when contracting with customers, and any help reducing security vulnerabilities is a big help to us.

    What's my experience with pricing, setup cost, and licensing?

    Pricing/licensing is complicated.

    What other advice do I have?

    Do your research, make sure you implement the tools you need.

    I am very likely to recommend Veracode to a colleague.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Buyer's Guide
    Download our free Veracode Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2024
    Buyer's Guide
    Download our free Veracode Report and get advice and tips from experienced pros sharing their opinions.