Try our new research platform with insights from 80,000+ expert users
it_user802140 - PeerSpot reviewer
Product Manager at GMS
User
Download
All areas of the solution could use some improvement. It helps me to detect vulnerabilities.
Pros and Cons
  • "It helps me to detect vulnerabilities."
  • "All areas of the solution could use some improvement."

What is our primary use case?

We are Veracode partners/distributors in Quito, Ecuador. 

At this moment, I am reviewing the solution. 

How has it helped my organization?

It helps me to detect vulnerabilities.

What is most valuable?

I use the SAST feature the most.

What needs improvement?

All areas of the solution could use some improvement.

Buyer's Guide
Veracode
October 2024
Free Report: Veracode Reviews and More
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.

For how long have I used the solution?

Trial/evaluations only.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are Veracode partners/distributors in Quito, Ecuador.
Flag as inappropriate
PeerSpot user
it_user854046 - PeerSpot reviewer
DevOps Release Engineer at a tech services company with 51-200 employees
Real User
Download
Makes us aware of any potential code security vulnerabilities in our products
Pros and Cons
  • "Informs me of code security vulnerabilities. Bamboo build automation with Veracode API calls are used.​"
  • "The user interface could be more sleek. Some scanning requirements aren't flexible. Some features take some time for new users to understand (like what exactly "modules" are)."

What is our primary use case?

Scanning for code security vulnerabilities within our company's products.

How has it helped my organization?

Made our company aware of any potential code security vulnerabilities. Also, customers can use our products knowing they are verified by top organizations as safe.

What is most valuable?

Informing me of application security vulnerabilities. Bamboo build-automation with Veracode API calls are used.

What needs improvement?

  • The user interface could be more sleek.
  • Some scanning requirements aren't flexible.
  • Some features take some time for new users to understand (like what exactly "modules" are).

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability.

How is customer service and technical support?

Great.

How was the initial setup?

Somewhat straightforward. There was a little confusion about "missing modules" that are third-party files that we couldn't upload because we don't actually have them. That really confused us, but the technical support resolved the confusion.

What was our ROI?

I can't report on any cost savings relating to code fixes since implementing Veracode in our development process, but it makes us feel more confident about our code, which is awesome.

What's my experience with pricing, setup cost, and licensing?

We are satisfied.

Which other solutions did I evaluate?

None. We might look into Checkmarx.

What other advice do I have?

I am very likely to recommend Veracode to colleagues. Veracode is great.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Veracode
October 2024
Free Report: Veracode Reviews and More
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.
reviewer1360623 - PeerSpot reviewer
VP Engineering at a tech services company with 201-500 employees
Consultant
Download
Source code composition analysis helps with vulnerabilities and license compliance
Pros and Cons
  • "Veracode is a valuable tool in our secure SDLC process."
  • "It needs better controls to include/exclude specific sections when creating a report that can be shared externally with customers and prospects."

What is our primary use case?

Our primary use cases are for comprehensive security assessment using static analysis, dynamic analysis, source code composition, and manual penetration tests. We also use it for security training for developers.                         

How has it helped my organization?

Veracode is a valuable tool in our secure SDLC process.                                                        

What is most valuable?

Source code composition analysis for vulnerabilities and license compliance is the most valuable feature.                                                                                                 

What needs improvement?

It needs better controls to include/exclude specific sections when creating a report that can be shared externally with customers and prospects.  

For how long have I used the solution?

I have been using Veracode for one year.

Which other solutions did I evaluate?

We also evaluated Synopsys.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
reviewer923928 - PeerSpot reviewer
Team Lead / Architect at a tech services company with 1,001-5,000 employees
Real User
Download
We use its static analysis during development to eliminate vulnerability issues
Pros and Cons
  • "We use Veracode static analysis during development to eliminate vulnerability issues"
  • "I have found the user interface extremely helpful in prioritizing issues."
  • "They should improve on the static scanning time."

What is our primary use case?

I use Veracode to run scans on .NET applications, web applications and Windows/fat form applications. I also use it to make deployments in three-tier environments: the application server tier, web server tier and the database tier.

How has it helped my organization?

  • Veracode has improved our penetration testing process. 
  • We use Veracode static analysis during development to eliminate vulnerability issues.

What is most valuable?

  • I have found the user interface extremely helpful in prioritizing issues.
  • It allows me to prioritize the work to help resolve an issue.

What needs improvement?

They should improve on the static scanning time.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Kerin Sikorski - PeerSpot reviewer
Kerin SikorskiWorks
Real User
Report as inappropriate

We have heard the need for faster scan times and I see this was an area you wanted to see improvement. I wanted to give you an update regarding our Static scanning. We recently extended the Veracode Static Analysis product family to include three purpose-built scan types:

• IDE Scan, which provides fast, automated security feedback to developers in the IDE, in seconds
• Pipeline Scan, a new, first-of-its-kind offering, which runs on every build and provides security feedback on code at a team level, with a median scan time of 90 seconds
• Policy Scan, which returns a full security assessment of the code before release, in a median scan time of 8 minutes

If you would like more information on our static analysis improvements let me know!

Like(0)Reply
it_user712167 - PeerSpot reviewer
General Manager - Application Security at a tech consulting company with 51-200 employees
Consultant
Download
Needs to improve service levels and capabilities versus competitors. Provides a wide range of platforms and technology assessments.
Pros and Cons
  • "Wide range of platforms and technology assessments."
  • "It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."

How has it helped my organization?

PoC is in progress.

What is most valuable?

  • Application testing
  • False positives challenges
  • Wide range of platforms and technology assessments

What needs improvement?

It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service:

A three out of 10.

Technical Support:

A two out of 10.

Which solution did I use previously and why did I switch?

Quality levels, service offerings, pricing, and mainly the features and abundance of technologies provided by others made us switch to a different solution.

What about the implementation team?

In-house.

What's my experience with pricing, setup cost, and licensing?

The pricing is pretty high.

Which other solutions did I evaluate?

Yes. Checkmarx, SonarQube and Fortify Software.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Veracode Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
DOWNLOAD NOW
Buyer's Guide
Download our free Veracode Report and get advice and tips from experienced pros sharing their opinions.
Buyer's Guide
Veracode
October 2024
DOWNLOAD NOW
Quick Links
Learn More: Questions: