"The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA."
"There are quite a few features that are very reliable, like the newly launched Veracode Pipelines Scan, which is pretty awesome. It supports the synchronous pipeline pretty well. We been using it out of the Jira plugin, and that is fantastic."
"The time savings has been tremendous. We saw ROI in the first six months."
"Veracode is a valuable tool in our secure SDLC process."
"Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers."
"Integrations into our developer's IDE (Greenlight) and the DevOps Pipeline SAST / SourceClear Integrations has particularly increased our time to market and confidence."
"The solution's ability to prevent vulnerable code from going into production is perfectly fine. It delivers, at least for the reports that we have been checking on Java and JavaScript. It has reported things that were helpful."
"Veracode's cloud-based approach, coupled with the appliance that lets us use Veracode to scan internal-only web applications, has provided a seamless, always-up-to-date application security scanning solution."
"There's extensive functionality with custom rules and a custom knowledge base."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"The solution offers services in a few specific development languages."
"Our customers use it to check for unauthorized file transfer."
"If Veracode was more diversified, as far as the number of platforms and the number of applications it could do in our favor, we would be using it even more. But there are a number of platforms it doesn't support. For example, I know they support C+, .NET, and Java, but there are certain platforms they don't support and that was disappointing."
"Sometimes, I get feedback from a developer saying, "They are scanning a Python code, but getting feedback around Java code." While the remediation and guidelines are there, improvement is still required, e.g., you won't get the exact guidelines, but you can get some sort of a high-level insights."
"I would like to see them provide more content in the developer training section. This field is really changing each day and there are flaws that are detected each day. Some sort of regular updates to the learning would help."
"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."
"The reports on offer are too verbose."
"The solution could improve the Dynamic Analysis Security Testing(DAST)."
"One feature I would like would be more selectivity in email alerts. While I like getting these, I would like to be able to be more granular in which ones I receive."
"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"One thing which I think can be improved is the CI/CD Integration"
"They have to improve support."
"I would also like to see updates on a more frequent schedule."
Earn 20 points
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
HCL AppScan is ranked 17th in Application Security with 3 reviews while Spirent CyberFlood is ranked 22nd in Application Security with 1 review. HCL AppScan is rated 7.0, while Spirent CyberFlood is rated 0.0. The top reviewer of HCL AppScan writes "Allows for dynamic scanning but lacks easy CI/CD integration". On the other hand, the top reviewer of Spirent CyberFlood writes "Analyzes network security or even existing processes". HCL AppScan is most compared with SonarQube, Micro Focus Fortify on Demand, PortSwigger Burp Suite Professional, OWASP Zap and Fortify WebInspect, whereas Spirent CyberFlood is most compared with Ixia BreakingPoint, Ixia BreakingPoint VE and Acunetix by Invicti.
See our list of best Application Security vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
