Veracode Reviews & Ratings 2024

Overview

What is Veracode?

Veracode is a software security firm that identifies flaws and vulnerabilities across the software development lifecycle. Veracode’s Software Security Platform uses advanced AI algorithms trained on vast datasets of code, for more precise identification and rectification of security flaws.

Recent Reviews

Veracode Is A Best Of Bread Code Analysis Tool

10 out of 10

May 09, 2024

Incentivized

In my organization, Veracode is used to address application security issues during the application development life cycle throughout the …

Veracode, a great security tool for everyone

8 out of 10

March 18, 2024

Incentivized

To be SoC2 and ISO compliant and also to protect our SaaS, we are using this tool to scan every component that we build for SA and SCA.
we …

Great In-Depth Analysis of In-House Applications

10 out of 10

March 15, 2024

Incentivized

Within our organization we have a large portfolio of applications written over many years by many different developers. As part of our …

Thorough scanning engine and flexible reporting tools, so-so CI/CD and alerting

7 out of 10

March 08, 2024

Incentivized

We use Veracode for all the software we build in-house. Being in the financial services industry there's a lot of regulation and emphasis …

Veracode User Experience

7 out of 10

March 06, 2024

Incentivized

It is used across the organization. We are using it for static analysis of our code. We have selected the policy that requires our release …

Best in Security

10 out of 10

March 03, 2024

Incentivized

It's being used across whole organization, multiple engineering teams are using it for third-party libraries scan i.e. software …

Sleep Soundly - Use Veracode

10 out of 10

March 01, 2024

Incentivized

Veracode is used across all departments in our organization tasked with creating and/or using software. It helps to ensure that we are …

Veracode SAST review

8 out of 10

February 27, 2024

Incentivized

We replaced our old tools with Veracode 1 year ago. To reinforce our security posture and help us prevent vulnerable code from being added …

Veracode to the Rescue!

10 out of 10

February 27, 2024

Veracode DAST is used on app applications in the portfolio. SAST/SCA scans and DAST scans are run monthly for all Critical application in …

Great products; + Great price.

10 out of 10

February 15, 2024

Incentivized

We wanted a secure scan method for static, dynamic, and manual PEN testing. We wanted to make sure that we could "shift left" with our …

Worth the investment

10 out of 10

February 13, 2024

Incentivized

Identifying vulnerabilities in our code before they go into production.

Great DAST and Penetration Testing Platform.

10 out of 10

January 16, 2024

Incentivized

We use Veracode as our primary source for Dynamic (DAST) Scans and Annual penetration testing. We were looking for ways to consolidate …

Veracode Security far ahead of competitors

8 out of 10

October 12, 2023

Incentivized

Primarily for scanning web applications, while others might use it to secure mobile apps, APIs, or even IoT devices. The ultimate goal is …

Elevating Security Through Automation and Integration

10 out of 10

August 30, 2023

Incentivized

We use Veraocode for Static and Dynamic scans and Software Composition Analysis (SCA) across multiple products. The Jenkins automation is …

Vericode Use for Companies ERP Product offerings

8 out of 10

August 23, 2023

Incentivized

We use Vericode to provide initial and ongoing security analysis of our software products. We supply ERP software solutions to the paper …

Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons

I like the support given by Veracode, they are very responsive and they help you get things done.
Veracode should invest in devloping more reports that demonstrate trends of flaws vs remediations.

Verified User

Contributor in Information Technology

Consumer Goods Company, 5001-10,000 employees

Shows result in a simple way using dashboards
Module selection is sometimes not clear on what is scannable and what is not and why

Verified User

Director in Engineering

Internet Company, 201-500 employees

Video Reviews

1 video

View Playlist

Veracode Review: Provides Helpful Support When Troubleshooting Security Needs

02:38

Return to navigation

Pricing

View all pricing

Veracode

N/A

Unavailable

What is Veracode?

Entry-level set up fee?

No setup fee

Offerings

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

981 people also want pricing

Alternatives Pricing

SonarQube

$160

per year per installation

What is SonarQube?

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

Vulcan Cyber

Free

What is Vulcan Cyber?

Vulcan Cyber is an exposure and vulnerability risk mitigation platform that coordinates teams, tools and tasks to eliminate the most-critical exposure risk to the business. Vulcan Cyber first correlates risk signals from scanners, cyber asset and threat intelligence tools. Risk data from…

Return to navigation

Product Details

What is Veracode?

The Veracode Platform provides a comprehensive approach to build and secure software and meet application risk management requirements through tools, solutions, AI-generated fixes and ASPM capabilities to gain visibility into vulnerabilities from code to cloud and quickly remediate them.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

Veracode Screenshots

Screenshot of the Veracode Platform Homepage

Screenshot of Findings Status and History Dashboard

Veracode Videos

Veracode Static Analysis Demo

Veracode Software Composition Analysis Demo

Veracode Dynamic Analysis Demo

Watch The Veracode Platform

Watch Manhattan Associates Success Story

Veracode Integrations

Veracode Competitors

Veracode Technical Details

Deployment Types	Software as a Service (SaaS), Cloud, or Web-Based
Operating Systems	Unspecified
Mobile Application	No
Supported Countries	North America, EMEA, APAC, LATAM
Supported Languages	Java, .NET, PHP, Android, iOS, JavaScript, Python

Veracode Downloadables

Frequently Asked Questions

Checkmarx, Snyk, and SonarQube are common alternatives for Veracode.

Reviewers rate Support Rating highest, with a score of 7.9.

The most common users of Veracode are from Enterprises (1,001+ employees).

Veracode Customer Size Distribution

Consumers	0%
Small Businesses (1-50 employees)	18%
Mid-Size Companies (51-500 employees)	65%
Enterprises (more than 500 employees)	17%

Return to navigation

Comparisons

View all alternatives

Compare with

Reviews and Ratings

(201)

Attribute Ratings

Reviews

(1-1 of 1)

Sort By *

Companies can't remove reviews or game the system. Here's why

June 09, 2022

Veracode Meets Our Needs

Verified User

Vice-President in Information Technology

Insurance Company, 11-50 employees

Score 8 out of 10

Vetted Review

Verified User

Incentivized

Use Cases and Deployment Scope

We employ Veracode's static and dynamic scanning offerings to scan our application code for vulnerabilities on a regular basis. We also use the software composition testing of third-party, open-source libraries as a check against our use of a second similar tool. These features, as well as others we employ external to Veracode, help to increase our application's security posture. We have also recently contracted for their manual APT offering.

Pros and Cons

Static scanning is quick and efficient
The scan reports are easy to read and informative
Interaction with both account management and support staff is great
The contracting process is easy

The platform's interface could be a little more intuitive
Sometimes we get a notification that our static license use has been exceeded but it has not
Sometimes the static scan reports many, many potential flaws but it turns out the tool has not been programmed to correctly recognize a particular use case
The configuration of dynamic scanning is a bit disjointed.
It may just be our application but the dynamic scanning process needs to be improved. Note that we have an open case with Veracode on this so we do expect a resolution.

Likelihood to Recommend

Use of this platform allows us to better control vulnerabilities and demonstrate to clients that we take our security posture seriously. Of course this, though important, is only one aspect of ensuring our code is as secure as possible. The feature set of the tool is quite mature and serves our needs quite well for the most part.

Most Important Features

Scanning capabilities
Reporting capabilities

Return on Investment

Our use of the tools has allowed us to pass large client security requirements
Our use of the tools has allowed us to more easily pass RFP security requirements
Our use of the tools is beneficial in helping to meet general security audit requirements

Alternatives Considered

We have not evaluated other solutions similar to those offered by Veracode.

Other Software Used

Qualys Cloud Platform

Users and Roles

Software Development management Software developer

Support Headcount Required

Knowledge in software development and software security is helpful if not required.

Business Processes Supported

Static scanning capabilities
Dynamic scanning capabilities
Manual APT offering

Future Planned Uses

We may integrate the dynamic scanning tool into our build process. The capability is there, we just have not explored it yet.

Likelihood to Renew

It is likely we will renew our use of the Static scanning tool. We will be evaluating and determining later whether we continue with the Dynamic scanning offering and the Manual APT service.

Products Replaced

Key Differentiators

Product Features

Evaluation Lessons Learned

Though it would have been smart to evaluate other, similar offerings, we did not due to time constraints. We would next time.

Implementation Details / Implementation Partner

Implemented in-house

Implementation Phases

Yes

Static scanning
Manual APT
Dynamic scanning

Change Management Lessons

Change management was minimal

Implementation Issues

Dynamic scanning configuration

Implementation Rating

Quite painless for the most part though dynamic scanning configuration issues were encountered.

Training Types Used

No Training

Ease of Veracode Training

Most areas can be figured out on your own. Other areas, depending on needs, may require a bit of assistance.

Product Configurability

Just about right.

Configuration Lessons

UI Customization

No - there is no facility to customize the interface

Extensibility and Customization

No - the product does not support adding custom code

Additional Customization Considerations

Support Rating

We have only had to contact support a few times in the nine years we've used their products. For the most part, Veracode has been very responsive either via email or on calls. These requests have either been for something that did not seem to be right in the interface or for scan-finding call-outs.

Premium Support

No. Did not feel it was necessary. Standard support is fine for our requirements.

Bug Resolution

Exceptional Examples of Veracode Support

There have been a couple of times when their support staff has helped us collaboratively determine an appropriate direction in remediating a reported flaw. We have found them to be very knowledgeable and helpful in these situations.

Usability

Overall Veracode's static scanning tool works well and is pretty intuitive. I do find myself trying to remember how to find certain features or screens from time to time, but I eventually stumble upon them. To be fair, I am only in the tool once every three months. I do find their dynamic scanning tool a bit confusing regarding the setup and configuration of a target URL. I do eventually find things but I do believe this process could be improved upon.

Easy Tasks

Scan reports

Difficult Tasks

Dynamic scan configuration

Veracode

SonarQube

Vulcan Cyber

SonarQube

Checkmarx

Snyk

SonarCloud

Armor

GitHub

Palo Alto Networks Prisma Cloud

F5 Distributed Cloud Bot Defense

GitGuardian Internal Monitoring

Trend Micro Cloud App Security

Carbon Black App Control

Acunetix by Invicti

Rencore Code (SPCAF)

VMware AppDefense (discontinued)

Avatao