Overview
What is Veracode?
Veracode is a software security firm that identifies flaws and vulnerabilities across the software development lifecycle. Veracode’s Software Security Platform uses advanced AI algorithms trained on vast datasets of code, for more precise identification and rectification of security flaws.
Veracode, a great security tool for everyone
we …
Great In-Depth Analysis of In-House Applications
Thorough scanning engine and flexible reporting tools, so-so CI/CD and alerting
Veracode User Experience
Best in Security
Sleep Soundly - Use Veracode
Veracode SAST review
Veracode to the Rescue!
Great products; + Great price.
Worth the investment
Great DAST and Penetration Testing Platform.
Veracode Security far ahead of competitors
Elevating Security Through Automation and Integration
Vericode Use for Companies ERP Product offerings
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Reviewer Pros & Cons
Video Reviews
1 video
Pricing
What is Veracode?
Veracode is a software security firm that identifies flaws and vulnerabilities across the software development lifecycle. Veracode’s Software Security Platform uses advanced AI algorithms trained on vast datasets of code, for more precise identification and rectification of security flaws.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
981 people also want pricing
Alternatives Pricing
What is SonarQube?
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.
What is Vulcan Cyber?
Vulcan Cyber is an exposure and vulnerability risk mitigation platform that coordinates teams, tools and tasks to eliminate the most-critical exposure risk to the business. Vulcan Cyber first correlates risk signals from scanners, cyber asset and threat intelligence tools. Risk data from…
Product Details
- About
- Integrations
- Competitors
- Tech Details
- Downloadables
- FAQs
What is Veracode?
The Veracode Platform provides a comprehensive approach to build and secure software and meet application risk management requirements through tools, solutions, AI-generated fixes and ASPM capabilities to gain visibility into vulnerabilities from code to cloud and quickly remediate them.
Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.
Veracode Screenshots
Veracode Videos
Watch The Veracode Platform
Veracode Integrations
Veracode Competitors
Veracode Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | North America, EMEA, APAC, LATAM |
Supported Languages | Java, .NET, PHP, Android, iOS, JavaScript, Python |
Veracode Downloadables
Frequently Asked Questions
Veracode Customer Size Distribution
Consumers | 0% |
---|---|
Small Businesses (1-50 employees) | 18% |
Mid-Size Companies (51-500 employees) | 65% |
Enterprises (more than 500 employees) | 17% |
Comparisons
Compare with
Reviews and Ratings
(201)Attribute Ratings
Reviews
(1-5 of 5)Veracode Stands Tall Among the Leading Application Security Platforms
- I have found the Software Composition Analysis area to be the best among the competing products for Application Security.
- Veracode's support services are impeccable.
- Their program management teams are professional, helpful, and friendly.
- Although an improvement to what was there previously, the Analytics section using Looker, could still use some improvement. It does seem that what Veracode has deployed is a very limited version of Looker. While helpful and useful, there seems to be so much more that Looker does (such as dynamic querying), however, the version that Veracode employs doesn't seem to offer this.
- More user control of administrative functions such as user adding/deleting. Veracode still uses a 'soft delete'/'hard delete' functionality. This can become cumbersome for self-user-administration when a deleted user has to be re-added. A support call is then necessary to have this done.
- Their idle timeout process needs work. While using the Looker tool, you must save your work every few minutes, as their 'Shark-attack-like' idle timeout will sneak up on you and redirect you away in an instant causing you to lose any unsaved work.
- Static flaw analysis section
- Software Composition analysis section
- Analytics dashboard
- APIs both for developer submission of scans, and administrative retrieval of analytic data.
- Veracode has helped in identifying many flawed areas within our applications.
- Veracode's many services have helped our development teams recognize and understand the importance of secure coding standards within their own SDLC.
- This isn't really a dig on Veracode, but despite their best efforts and ours, it still seems to be a hard sell to much of our user community to adopt a system like Veracode as a needed service.
- Application Vulnerability flaw identification and remediation
- Data collection
- Authoritative entity to ensure customer base that our applications are secure
- Some clients want monthly reports on flaw progress, use of APIs to automate monthly retrieval of those specific client reports.
- Hooking Veracode up to the VR module in Service Now to have regular pulls of analytic data into Service Now for further spotlight on flaws and ticket creation.
- Product Features
- Product Usability
- Product Reputation
- Implemented in-house
- User adaptation/acceptance
- Enrollment requirements / license limitations
- Detailed flaw analysis
- Retrieval of analytic data for report generation
- I think the whole elearning system needs an overhaul.
- The analytics dashboard area can be cumbersome when you are constantly plagued with idle timeouts while you are working on a look.
Good product, lives up to expectations
- Explanation of security flaws
- Triaging and reporting
- Adding developer mitigations and comments
- Good integration with tooling
- It could be easier to navigate and find what you're looking for
- Can generate a lot of false positives, depending on policy
- Vulnerability detection
- Good reporting
- Tooling integration
- Unknown as user, not licensee
- Triaging flaws
- Obtaining reports
- Navigating to the detailed scan results where multiple scans are listed
Veracode Meets Our Needs
- Static scanning is quick and efficient
- The scan reports are easy to read and informative
- Interaction with both account management and support staff is great
- The contracting process is easy
- The platform's interface could be a little more intuitive
- Sometimes we get a notification that our static license use has been exceeded but it has not
- Sometimes the static scan reports many, many potential flaws but it turns out the tool has not been programmed to correctly recognize a particular use case
- The configuration of dynamic scanning is a bit disjointed.
- It may just be our application but the dynamic scanning process needs to be improved. Note that we have an open case with Veracode on this so we do expect a resolution.
- Scanning capabilities
- Reporting capabilities
- Our use of the tools has allowed us to pass large client security requirements
- Our use of the tools has allowed us to more easily pass RFP security requirements
- Our use of the tools is beneficial in helping to meet general security audit requirements
- Static scanning capabilities
- Dynamic scanning capabilities
- Manual APT offering
- We may integrate the dynamic scanning tool into our build process. The capability is there, we just have not explored it yet.
- Product Features
- Implemented in-house
Manual APT
Dynamic scanning
- Dynamic scanning configuration
- No Training
- Scan reports
- Dynamic scan configuration
Best security coding service
- Security.
- Best practices.
- Detailed reports.
- Automation.
- Third-party reports.
- Customizable reports - SCA download by API.
- Greenlight IDE.
- Automation.
- APIs.
- Security in code analysis.
- Automation.
- Greenlight IDE very fast analyzer.
- Integrating with Active Directory (Azure).
- Integrating with Bamboo.
- Integrating with JIRA.
- Integrating and automation in Jenkins.
- Integrating with another platforms.
- Product Features
- Product Usability
- Product Reputation
- File upload.
- Easy report and fix info.
- Packaging.
It's decent
- It flags out issues so we are able to take action on it
- UI is not modern
- Complex UI
- Slow upload speeds
- Extra work required to compile and submit your build
Update: 22 Nov 2020. In spirit of transparency, I dropped the rating from 7 to 2 because I was invited to write the review by the vendor (Principal of Customer Advocacy) on 9 October in exchange for a small incentive for my time. However more than a month has passed and there have been no replies despite followup emails to them. I would have expected much better and am sorely disappointed. I treat timely emails very seriously and especially not getting a single reply from vendors. Granted this is not a technical support ticket, but still unprofessional and not something I would expect from someone from Customer Advocacy. This is the main reason for the rating drop. Please draw your own conclusions from this experience I have.
- Feel of security, but this does not mean pentest is not required.