Veracode Meets Our Needs
Updated June 09, 2022

Veracode Meets Our Needs

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)

Overall Satisfaction with Veracode

We employ Veracode's static and dynamic scanning offerings to scan our application code for vulnerabilities on a regular basis. We also use the software composition testing of third-party, open-source libraries as a check against our use of a second similar tool. These features, as well as others we employ external to Veracode, help to increase our application's security posture. We have also recently contracted for their manual APT offering.

Pros

  • Static scanning is quick and efficient
  • The scan reports are easy to read and informative
  • Interaction with both account management and support staff is great
  • The contracting process is easy

Cons

  • The platform's interface could be a little more intuitive
  • Sometimes we get a notification that our static license use has been exceeded but it has not
  • Sometimes the static scan reports many, many potential flaws but it turns out the tool has not been programmed to correctly recognize a particular use case
  • The configuration of dynamic scanning is a bit disjointed.
  • It may just be our application but the dynamic scanning process needs to be improved. Note that we have an open case with Veracode on this so we do expect a resolution.
  • Scanning capabilities
  • Reporting capabilities
  • Our use of the tools has allowed us to pass large client security requirements
  • Our use of the tools has allowed us to more easily pass RFP security requirements
  • Our use of the tools is beneficial in helping to meet general security audit requirements
We have not evaluated other solutions similar to those offered by Veracode.

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

Yes

Did implementation of Veracode go as expected?

No

Would you buy Veracode again?

Yes

Use of this platform allows us to better control vulnerabilities and demonstrate to clients that we take our security posture seriously. Of course this, though important, is only one aspect of ensuring our code is as secure as possible. The feature set of the tool is quite mature and serves our needs quite well for the most part.

Using Veracode

2 - Software Development management Software developer
2 - Knowledge in software development and software security is helpful if not required.
  • Static scanning capabilities
  • Dynamic scanning capabilities
  • Manual APT offering
  • We may integrate the dynamic scanning tool into our build process. The capability is there, we just have not explored it yet.
It is likely we will renew our use of the Static scanning tool. We will be evaluating and determining later whether we continue with the Dynamic scanning offering and the Manual APT service.

Evaluating Veracode and Competitors

  • Product Features
Though it would have been smart to evaluate other, similar offerings, we did not due to time constraints. We would next time.

Veracode Implementation

Quite painless for the most part though dynamic scanning configuration issues were encountered.
Yes - Static scanning
Manual APT
Dynamic scanning
Change management was minimal
  • Dynamic scanning configuration

Veracode Training

Most areas can be figured out on your own. Other areas, depending on needs, may require a bit of assistance.

Configuring Veracode

Just about right.
No - there is no facility to customize the interface
No - the product does not support adding custom code

Veracode Support

We have only had to contact support a few times in the nine years we've used their products. For the most part, Veracode has been very responsive either via email or on calls. These requests have either been for something that did not seem to be right in the interface or for scan-finding call-outs.
ProsCons
Quick Resolution
Good followup
Knowledgeable team
Problems get solved
Kept well informed
No escalation required
Immediate help available
Support understands my problem
Support cares about my success
Quick Initial Response
None
No. Did not feel it was necessary. Standard support is fine for our requirements.
There have been a couple of times when their support staff has helped us collaboratively determine an appropriate direction in remediating a reported flaw. We have found them to be very knowledgeable and helpful in these situations.

Using Veracode

Overall Veracode's static scanning tool works well and is pretty intuitive. I do find myself trying to remember how to find certain features or screens from time to time, but I eventually stumble upon them. To be fair, I am only in the tool once every three months. I do find their dynamic scanning tool a bit confusing regarding the setup and configuration of a target URL. I do eventually find things but I do believe this process could be improved upon.
  • Scan reports
  • Dynamic scan configuration

Veracode Reliability

It meets our needs.
Veracode has always been up and available to us.
At this point, it runs well and mostly in a timely fashion. Dynamic scans take days but this may be a config issue still to be resolved.

Relationship with Veracode

They have always been very responsive to our needs.
They have always been responsive to our needs.
Not really. Members of all teams have been great to work with.

Upgrading Veracode

Comments

More Reviews of Veracode