We get good, actionable insights at each stage, including static, dynamic, and penetration analysis, and it reduces overhead for us.

Veracode offers visibility into the application's status at every phase of development, including static analysis, dynamic analysis, composition analysis, and manual penetration testing throughout the Software Development Life Cycle.

Veracode provides visibility into the status of applications at every phase of development to a certain extent. Veracode scan reports present a comprehensive view of planned releases that are scheduled to go live in the coming days. To keep the team informed, we run a scheduled deployment, sending email notifications twice a week for each application. This alerts the team to any issues that may need fixing. However, it's worth noting that the system is not fully integrated into the pipeline and notifications. Nevertheless, Veracode offers an API. This interface allows us to obtain the XML result file, and subsequently, I can extract and analyze the values from the XML. Once the scan is complete, Veracode API will fetch the XML report and store it in my workspace within the pipeline. From there, I can execute an XML parser function to obtain the application status results.

Veracode provides visibility into the application's status at every phase of development.

Although Veracode can offer visibility into the application's status at every phase of development, we do not rely on manual penetration testing because we have our own testing team. Instead, we use SAST from the moment our developers start typing the code until the deployment phase.

I'm not sure how much visibility we are getting using the solution.

Veracode has assisted our organization by providing a report that we can share with our developers, identifying vulnerabilities in their code. This enables them to address the issues before the code is put into production.

Veracode offers visibility throughout the entire development lifecycle. SecOps is an essential framework inside the organization currently because we need to deliver applications to market faster while improving code quality. It's crucial to be careful when using code generated by community sources. We need to test the final applications and also the components and packages in any code repository we use.

Veracode provides visibility into application status at every phase of development. We can have many analytics dashboards and reports, and we can build a custom dashboard to have this visibility. This visibility is essential for DevSecOps processes. We need this visibility and information to have a strategic approach and mature our security.

We do have a dashboard in Veracode that offers visibility into the status of applications. There is a section where we can view the application names, and next to each name, there is a status report such as "The SAST has been completed" or "in progress," and the same goes for DAST.

Veracode provides visibility into application status at every phase of development - Veracode Static Analysis, Dynamic Analysis, Software Composition Analysis, and Manual Penetration Test. We can get the entire application with all compliances.

The solution provides absolute visibility into application status at every phase of development. The users can get visibility through the CI/CD pipeline.

If you use it correctly and bring early feedback into the developers' environment, it provides visibility into application status at every phase of development... For us, it gives full insights. It changes the DevSecOps process process because we find flaws much earlier in the in the development life cycle, and we also spot third-party software that we don't allow, already, at the developer's machine.

Veracode provides visibility into application status in every phase of development.

Veracode provides visibility into application status at every phase of development, but we must manually scan applications to check the assessment for a specific application or after deploying it to a particular environment. I think they can change this so it automatically scans for us.

I am satisfied with Veracode's visibility into application status at every phase of development.

It provides visibility into application status at every phase of development. We have our initial feature branch, or low-level branch, and then we commit. The pipeline is running, so we will know about things immediately. This is quite valuable for us.

Veracode provides comprehensive visibility into application security throughout the entire Software Development Lifecycle. During the coding stage, Veracode scans the entire codebase for vulnerabilities. Additionally, we utilize Veracode's static analysis capabilities for further security assessment. Once the product is published and deployed to the production environment, Veracode analyzes the entire software stack to identify any potential security risks. In short, Veracode plays a vital role in various stages of our software development and production process.

It helped us a lot in mitigating the vulnerabilities. We were able to proactively react to anything malicious.

Veracode provides visibility into application status at every phase of development.

The solution provides visibility at every stage of development. We have automated almost everything through integration with Jenkins. As soon as the developer commits, it triggers the static scan for the main branches. We don't need to trigger the scan manually or do a follow-up to see if it's done scanning.

To my knowledge, Veracode is the only real devSecOps pipeline that captures every component of the software delivery cycle, from sandbox and staging to development and production. You need to go through those four phases and ensure the code is secure by the time it hits production. Veracode handles all those phases seamlessly and can be automated with Jenkins.

Veracode can provide visibility into application status at every phase of development.

The visibility that Veracode provides is good. They provide a proper dashboard for everything. We have visibility into the application status at every phase of development - Static Analysis, Dynamic Analysis, Software Composition Analysis, and Manual Penetration Test. I am satisfied with it. We have not integrated it with our DevOps pipeline, but it has all the features for easy integration.

The way we are using Veracode now means that since we haven't finished the rollout yet, we are not putting any restrictions on our pipelines so that they can only go to production if Veracode didn't find any critical vulnerability. Now, we are not using it as a blocker, so it depends on the team. Some teams don't want to appear in red in the reports from the last pipeline scan, so they are delivering much more secure code to production. Other teams don't care and still deliver with the same vulnerabilities, but that's something that varies from team to team. Generally, most teams have improved a lot, for example, by updating all the libraries and reducing all the critical and high vulnerabilities, delivering to production only with low or medium vulnerabilities.

Veracode provides visibility into application status at every phase of development, as it's how we stitch it together, allowing us to introduce it at various phases to gain fast feedback. This capability increases the velocity in DevSecOps processes as developers receive feedback on vulnerabilities before committing, reducing the overall rework.

Veracode provides visibility into application status at every phase of development, as it's how we stitch it together, allowing us to introduce it at various phases to gain fast feedback. This capability increases the velocity in DevSecOps processes as developers receive feedback on vulnerabilities before committing, reducing the overall rework.

Veracode provides visibility into application status at every phase of development.