Veracode Visibility into Application Status
Does the solution provide visibility into application status at every phase of development - Veracode Static Analysis, Dynamic Analysis, Software Composition Analysis, and Manual Penetration Test throughout your SDLC? If yes, how does this affect your DevSecOps processes? Please explain.
Freddy Bang.
Chief Technology Officer at ELEARNINGFORCE International ApS
If you use it correctly and bring early feedback into the developers' environment, it provides visibility into application status at every phase of development... For us, it gives full insights. It changes the DevSecOps process process because we find flaws much earlier in the in the development life cycle, and we also spot third-party software that we don't allow, already, at the developer's machine.
View full review »
reviewer2287986
Lead Product Security Engineer at a computer software company with 1,001-5,000 employees
Veracode provides visibility into application status in every phase of development.
View full review »GR
Gangadhar Reddy
System Engineer at a tech vendor with 10,001+ employees
Veracode provides visibility into application status at every phase of development, but we must manually scan applications to check the assessment for a specific application or after deploying it to a particular environment. I think they can change this so it automatically scans for us.
View full review »reviewer2296401
CyberSec professional at a manufacturing company with 5,001-10,000 employees
I am satisfied with Veracode's visibility into application status at every phase of development.
View full review »
Vikas Agrawal
DevOps Lead at HealthEdge Software, Inc.
It provides visibility into application status at every phase of development. We have our initial feature branch, or low-level branch, and then we commit. The pipeline is running, so we will know about things immediately. This is quite valuable for us.
View full review »TR
Tarun Revalla
Associate Software Engineer at a outsourcing company with 201-500 employees
Veracode provides comprehensive visibility into application security throughout the entire Software Development Lifecycle. During the coding stage, Veracode scans the entire codebase for vulnerabilities. Additionally, we utilize Veracode's static analysis capabilities for further security assessment. Once the product is published and deployed to the production environment, Veracode analyzes the entire software stack to identify any potential security risks. In short, Veracode plays a vital role in various stages of our software development and production process.
View full review »KA
Kaushil Ambatkar
Cyber Security Consultant at a computer software company with 51-200 employees
It helped us a lot in mitigating the vulnerabilities. We were able to proactively react to anything malicious.
View full review »reviewer2333736
Cloud system engineer at a consultancy with 1-10 employees
Veracode provides visibility into application status at every phase of development.
View full review »
Deepak Naik
Chief Security Officer at Digite
The solution provides visibility at every stage of development. We have automated almost everything through integration with Jenkins. As soon as the developer commits, it triggers the static scan for the main branches. We don't need to trigger the scan manually or do a follow-up to see if it's done scanning.
View full review »
Evan Gertis
Penetration Tester at a tech vendor with 51-200 employees
To my knowledge, Veracode is the only real devSecOps pipeline that captures every component of the software delivery cycle, from sandbox and staging to development and production. You need to go through those four phases and ensure the code is secure by the time it hits production. Veracode handles all those phases seamlessly and can be automated with Jenkins.
View full review »reviewer2381340
Lead Consultant DevOps and Infrastructure at a tech vendor with 5,001-10,000 employees
Veracode can provide visibility into application status at every phase of development.
View full review »MS
MukeshSaha
Associate Principal, Software Engineering at LTI - Larsen & Toubro Infotech
The visibility that Veracode provides is good. They provide a proper dashboard for everything. We have visibility into the application status at every phase of development - Static Analysis, Dynamic Analysis, Software Composition Analysis, and Manual Penetration Test. I am satisfied with it. We have not integrated it with our DevOps pipeline, but it has all the features for easy integration.
View full review »reviewer2703864
Head of Security Architecture at a healthcare company with 5,001-10,000 employees
The way we are using Veracode now means that since we haven't finished the rollout yet, we are not putting any restrictions on our pipelines so that they can only go to production if Veracode didn't find any critical vulnerability. Now, we are not using it as a blocker, so it depends on the team. Some teams don't want to appear in red in the reports from the last pipeline scan, so they are delivering much more secure code to production. Other teams don't care and still deliver with the same vulnerabilities, but that's something that varies from team to team. Generally, most teams have improved a lot, for example, by updating all the libraries and reducing all the critical and high vulnerabilities, delivering to production only with low or medium vulnerabilities.
View full review »SR
SrikanthRaghavan
Principal Architect at a consultancy with 11-50 employees
Veracode provides visibility into application status at every phase of development, as it's how we stitch it together, allowing us to introduce it at various phases to gain fast feedback. This capability increases the velocity in DevSecOps processes as developers receive feedback on vulnerabilities before committing, reducing the overall rework.
Veracode provides visibility into application status at every phase of development, as it's how we stitch it together, allowing us to introduce it at various phases to gain fast feedback. This capability increases the velocity in DevSecOps processes as developers receive feedback on vulnerabilities before committing, reducing the overall rework.
View full review »DK
Dristi Kurre
Lead Information Security Analyst at a financial services firm with 10,001+ employees
Veracode provides visibility into application status at every phase of development.
View full review »Learn More: Other Topics:
- Prevent Vulnerable Code
- False-Positive Rate
- Save Time
- SBOM - Managing Risks
- Security Posture
- Policy Reporting - Compliance
- Fix Flaws
- SBOM - Reporting
- False Positives - Fixing Vulnerabilities
- Visibility into Application Status
- What Would You Say?
- Centralized View - All Testing Types
- Scanning Process - Importance
- Centralized View - Application Status
- Scanning Process - Best Practices
- Code Scanning
- ASC
- ASC - Support with Issues
- Shift Left
- Testing
- AI Generated Fixes
- Innovative Features
- Cost Effectiveness
- ASC - Cost
- What is the biggest difference between Veracode and Checkmarx?
- Which gives you more for your money - SonarQube or Veracode?
- Checkmarx or Veracode. Which should we choose?
- Would you recommend Veracode? What are some of your use cases?
- Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode
- What do I scan when changing code in Veracode?
- If you had to both encrypt and compress data during transmission, which would you do first and why?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the Top 5 cybersecurity trends in 2022?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
Buyer's Guide
Download our free Veracode Report and get advice and tips from experienced pros
sharing their opinions.
