Veracode Reviews

Veracode Software Composition Analysis has a reasonable price for the benefits it offers, but it may not be suitable for startups due to its pricing structure. The pricing depends on the size of the company and the amount they are willing to invest in security. It is more expensive compared to other solutions but offers a lot for free. The licensing is good and having a fixed cost is important for financing purposes. The pricing should be based on the size of the organization or application, and credit-based pricing can be an option for startups. Veracode is a good tool for enterprises with multiple applications, but a small shop might prefer alternatives. The cost is worth it considering the potential consequences of a security breach. It may be too expensive for the European market, but other solutions are also expensive. Veracode works on a subscription model, and customers can explore the product completely free for the first year.

Veracode Software Composition Analysis has brought major benefits, reducing management effort and providing security insights earlier in the development lifecycle. The cost has been an important aspect, but the cost-benefit is that developers get a better understanding of where their code stands before a security tester gets involved. The solution has been very helpful for the team, making it easier to do fixes and decreasing vulnerabilities. There has been a significant decrease in vulnerabilities and an increase in awareness for security, leading to buy-in from upper management and developers. The return on investment is due to saving a lot of development hours.

Veracode Software Composition Analysis is primarily used for code analysis and scanning for vulnerabilities in third-party dependencies. It is integrated into daily build pipelines and used for both software composition analysis and static code analysis. The platform provides a centralized view of all flaws and vulnerabilities, improving visibility and communication with developers. It is used for analyzing final binaries and auditing old software in both SaaS and on-prem deployment models.

Veracode Software Composition Analysis has several valuable features according to users. The static application testing is the main target for some, while others appreciate the software composition analysis and its scoring system based on the Common Vulnerability Scoring system. The security and vulnerability part of the solution is also highly valuable, as it helps automate security and makes things more efficient. For those who mostly use Software Composition Analysis as a part of Static Code Analysis, the main feature is reporting and highlighting necessary vulnerabilities. The screening process helps to significantly improve standards and best practices, and the cloud-based system provides a centralized view across all testing types. Mitigation recommendations provided by the scanning engine are also highly appreciated. Overall, Veracode helps users fix flaws in code and increase their fixed-rate, making development more rapid.

Veracode Software Composition Analysis could improve its UI, which can be messy and outdated. The pricing should also be more convenient for startup organizations, and the developer community needs strengthening. The mitigation recommendations are not always helpful, particularly in dealing with third-party libraries and code logic flaws. Integration with existing pipelines, such as Jira and DevOps, needs improvement. Additionally, connecting agent-based software analysis with policy scanning would be more efficient. The speed of the system needs improvement, particularly for users located in Europe. Finally, the Jira integration automation aspect could be improved significantly.

The initial setup for Veracode Software Composition Analysis varied among users. Some found it fast and easy, while others encountered technical difficulties and challenges with integrating it into their pipelines. The documentation was not always well-written or structured, and some had to invest time in properly building their solution. However, many appreciated the automation and integration capabilities, and some even added additional security measures such as Docker container scanning. The number of people involved in the implementation varied, and some followed an agile approach with user stories and planning. 

Some users find Veracode Software Composition Analysis to be inflexible, while others find it to be scalable and adaptable to their needs. The number of users varies, and some teams take care of maintenance themselves. For some users, scalability is an issue and they would like to see improvements. However, for others, scalability is not a concern as they use Veracode Cloud as a service. The platform provides a range of security features, including manual penetration testing, and dashboards that show progress. The scalability of the solution may depend on the size and culture of the organization using it. Overall, Veracode Software Composition Analysis is used for a range of critical applications, and its cloud-based nature allows for scalability.

Veracode's customer service and support is highly rated by users. They are described as reliable partners with good expertise and provide valuable comments on proposals. Technical support is helpful and responsive, with most users rating it at least 8 out of 10. Veracode's support staff is skilled, and they are able to find solutions to problems quickly and effectively. Some users have had questions about the consistency of results between different sandboxes, but they found that these are peculiarities of the platform and not serious issues. Overall, Veracode's support is well-regarded and highly recommended by its users.

Overall, the stability of Veracode Software Composition Analysis is considered good and robust by users. While some have experienced a few glitches with the platform, it is generally stable and available. False positives are a common issue, but the software is still considered stable for scanning compared to other applications. The team at Veracode is continuously working on improving the platform and adding features that developers request.

The respondents have provided various deployment models for the Veracode Software Composition Analysis solution. Some have opted for public cloud deployment, while others have chosen on-premises and private cloud options.

The implementation team for Veracode Software Composition Analysis was knowledgeable and provided good support throughout the process. They were responsive to our needs and helped us get up and running quickly. Their expertise made the implementation smooth and efficient. We were impressed with their attention to detail and willingness to work with us to ensure a successful implementation.