Heathy, bug-free Code brought to you in association with Veracode
September 15, 2022

Heathy, bug-free Code brought to you in association with Veracode

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)

Overall Satisfaction with Veracode

We use the Static Analysis feature of Veracode to ensure no vulnerabilities are present in our code bases. If a flaw is reported, we consult with the internal team and then set up a Veracode consultation if required for mitigation ideas. After fixing / mitigating the flaw we scan again to check if any further flaws are being reported - if not, we go ahead with the next steps in the project lifecycle.

Pros

  • Reporting vulnerabilties
  • Static Analysis of code
  • Scan all dependencies

Cons

  • UI experience could be smoother
  • Navigation could be better
  • Response time could be optimized
  • Safety
  • Stability
  • Reporting
  • No vulnerabilities in Live applications
  • Enough time to fix reported flaws
  • Static scan done frequently to assess application health
Checkmarx and Veracode have a few common points and some features which are different. Checkmarx UI is more user-friendly, but the level of detailing in Veracode reports is better. Veracode is a good choice for static analysis of code. if the user interface can be made smoother that would definitely help.

Do you think Veracode delivers good value for the price?

Not sure

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

I wasn't involved with the implementation phase

Would you buy Veracode again?

Yes

Veracode is a good choice for static analysis of code. If the code refers to any customized dependency, then Veracode does not consider the external dependency unless it is bundled along with the main archive while running the scan - it could be automated so that the dependencies mentioned in pom / gradle file are considered by default without us having to upload it manually.

Comments

More Reviews of Veracode