Veracode Pros
SP
Stephen Pack
Software development program leader at Vendavo
The static scan is the feature that we use the most, as it gives us insight into our source code. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly.
View full review »KB
reviewer1705929
Sr. VP Engineering at a computer software company with 51-200 employees
There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place.
View full review »In pipeline scanning, there is a configuration that can be set with respect to the security level of the flaw. If there is a high or a critical issue, there's a way the build can be failed and blocked before going into production.
View full review »Buyer's Guide
Veracode
May 2023

Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
710,326 professionals have used our research since 2012.
MC
Michael Calabrese
Vice President of Engineering at Avant Assessment
The Security Labs [is] where I have the developers training and constantly improving their security, and remembering their security techniques. That way, they are more proactive and make sure things are correct. They're faster because they're doing it in the first place.
View full review »MV
Mauro Verderosa
Cybersecurity Expert at PSYND
Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool.
View full review »Veracode's integration with our continuous integration solution is what I've found to be the most valuable feature. It is easy to connect the two and to run scans in an automated way without needing as much manual intervention.
View full review »KE
Reviewer339593
Cybersecurity Executive at a computer software company with 51-200 employees
The visibility into application status helps reduce risk exposure for our software. Today, any findings provided by the DAST are reviewed by the developers and we have internal processes in place to correct those findings before there can be a release. So it absolutely does prevent us from releasing weak code.
View full review »The most valuable feature is detecting security vulnerabilities in the project.
View full review »JS
Justin Swanson
Manager of Application Development and Integrations at a university with 1,001-5,000 employees
Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful.
View full review »The solution can scan old databases and old code written 20 years back.
View full review »Veracode Cons
SP
Stephen Pack
Software development program leader at Vendavo
The ideal situation in terms of putting the results in front of the developers would be with Veracode integration into the developer environment (IDE). They do have a plugin, which we've used in the past, but we were not as positive about it.
View full review »KB
reviewer1705929
Sr. VP Engineering at a computer software company with 51-200 employees
I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results.
View full review »Veracode's SAST, DAST, and SCA are pretty good with respect to industry standards, but with regard to container security, they are in either beta or alpha testing. They need to get that particular feature up and running so that they take care of the container security part.
View full review »Buyer's Guide
Veracode
May 2023

Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
710,326 professionals have used our research since 2012.
MC
Michael Calabrese
Vice President of Engineering at Avant Assessment
There are many times when their product goes to check my code and it dies, and I don't know why. I've contacted support and they're not really helpful with this particular problem. I go to the logs and I look at what I can but I can't tell why the check process has essentially just died in the middle of checking.
View full review »MV
Mauro Verderosa
Cybersecurity Expert at PSYND
Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly.
View full review »I do expect large applications with millions of lines of code to take a while, but it would be nice if there was a possibility to be able to have a baseline initial scan. I know that Veracode touts that there are Pipeline Scans that are supposed to take 90 seconds or less, and we've tried to do that ourselves with our ERP application. However, it actually times out after two hours of scanning.
If the static scan itself or another option to run a lower tier scan can be integrated earlier on into our SDLC, it would be great. Right now, it takes so long that we usually leave it till a bit later in the cycle, whereas if it ran faster, we could push it to the time when a developer will be checking in code. That would make us feel a lot more confident that we'd be able to catch things almost instantaneously.
View full review »KE
Reviewer339593
Cybersecurity Executive at a computer software company with 51-200 employees
Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had.
View full review »The scanning process for records could be faster and there is room for improvement in Veracode's performance.
View full review »JS
Justin Swanson
Manager of Application Development and Integrations at a university with 1,001-5,000 employees
Their platform is not consistent. It needs a lot of user experience updates. It's slow performing, and they log you out of the system every 15 minutes, so using the platform is challenging from a developer's perspective because you always have to log in.
View full review »One of the most important areas that need improvement for Veracode is its DaaS. Veracode's DAST engines are primitive.
View full review »Buyer's Guide
Veracode
May 2023

Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
710,326 professionals have used our research since 2012.