Great products; + Great price.
Overall Satisfaction with Veracode
We wanted a secure scan method for static, dynamic, and manual PEN testing. We wanted to make sure that we could "shift left" with our development and have security scans done at the beginning of the development process. Not at the end when it is already in the field and more challenging to update.
Pros
- Static Scan
- Dynamic Scan
- Manual PEN testing
- Open source scans with Software Composition Analysis
Cons
- Dynamic DAST fails every once in a while and creates problems during release completion.
- Very positive impact. For a very low cost, we are able to achieve a high level of security compliance.
Yes. I really like having ONE single vendor for all solutions that are security-related.
We basically depend on static scanning in the pipeline. The only time we look at the reports is after PEN testing.
Static scans are done early in the CI pipeline (before code check-in). Static scans of 3rd party libraries. Dynamic at the end of a release. Manual PEN testing annually.
Made our product secure by design!
Veracode is much cheaper and does more: SAST, SCA, DAST, and now PEN as a service.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes
Comments
Please log in to join the conversation