IT Central Station is now PeerSpot: Here's why
David Jellison - PeerSpot reviewer
Senior Director, Quality Engineering at Everbridge
Real User
Top 20
Easy issue tracking and high visibility
Pros and Cons
  • "Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."
  • "I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity."

What is our primary use case?

Our primary use case for Veracode is SAST and SCA in our SDLC pipelines. We also use it for DAST on a periodic basis and time-based scans on our staging system. We use the trading modules for certifying all our developers annually.

In addition, we use Veracode to scan within our build's pipeline. We do use Greenlight, which is their IDE solution for prevention of issues of vulnerabilities.

 we are FedRAMP certified as a company, so we use this as part of our certification process for Veracode ISO 27001 and various other certifications we have.

How has it helped my organization?

There is a tight integration of Veracode with JIRA. We use JIRA for nearly all of our issue tracking.

This integration provides a way to link all of the vulnerabilities discovered to our backlogs and active scrum queues, so that there's high visibility within teams for any of the issues that are related to their teams.

What is most valuable?

I think the most valuable to us is the policy management, which enables us to create different kinds of policies for different kinds of applications. Veracode policy management also allows us to plan for, track against, and report on our compliance with those different policies.

What needs improvement?

I think the biggest room for improvement is around known or accepted vulnerabilities that, when we re-scan, we want those things to be recognized as already accepted, as an exception. Sometimes they show up as something new and we have to go back and re-accept that as an accepted exception in order to bring our numbers back into compliance. I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity.

I would also like to see more executive reporting. Having a good snapshot of how well we're tracking, where each of the teams that own the applications, how they're doing, and where their gaps are would be good. Currently, the reporting is geared towards tracking current vulnerabilities. Even though they have trending, the trending doesn't necessarily evaluate the teams and how well they're doing. I would also like to be more oriented towards teams.

Overall, I would give Veracode a nine out of 10.

Buyer's Guide
Veracode
July 2022
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
622,358 professionals have used our research since 2012.

For how long have I used the solution?

The company's been using Veracode for five years. I've been using it for four years.

What do I think about the stability of the solution?

Veracode is stable in my opinion. We've had very little interruption that was unplanned.

What do I think about the scalability of the solution?

We have not run into an issue with scalability yet. Veracode was built based on application counts and not users, which is what a lot of the competitors do.

We have some 300 people using Veracode. Some are executives while others are engineers actively working in Veracode. 

How are customer service and support?

Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have used Veracode the entire time I have been with this organization. However, I know that they used Coverity and WhiteSource prior to switching to Veracode. The main reason my organization chose Veracode is its comprehensive dashboard. 

How was the initial setup?

Our deployment took a while so I would say the initial setup was moderately complicated. We gradually moved into the pattern we are in today and displaced some other vendors along the way. So it was a slow ramp for us because of our business needs.

We were up and running and operational within a couple of months. And then, over time, we broadened our footprint with Veracode.

What about the implementation team?

We deployed Veracode in-house. 

What was our ROI?

Our biggest return on investment is maintaining certifications that enable us to attract customers of larger scale and government-sensitive customers.

Going back to the cost structure, I think that the way Veracode is priced and their comparison to third parties, I still put them at four out of five.

What's my experience with pricing, setup cost, and licensing?

Veracode recently introduced some pricing based on microservices. This model gives us a lot of flexibility in being able to add and remove microservices and scale them that way.

The pricing is solid. I think with the current consolidated pricing that we have is pretty consistent every year.

What other advice do I have?

All of the Veracode applications operate as one platform. Most of the competitors out there separate their products from their reporting and configuration, so you don't get a single pane of glass. With Veracode, you get a single pane of glass and reporting that you can combine with the different scan types to look at compliance.

The advice I would give regarding this solution is this: Look at the policies, the dashboards, and integration with ALM applications like Veracode and JIRA. They have a tighter integration there that I see with most of the competitors.

I'm sure that the scan quality is consistent. Perhaps there's some applications that are a little better than others at detection. But we find that Veracode is very comparative to other things you solutions the quality of catching vulnerabilities.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Christian Camerlengo - PeerSpot reviewer
Senior Programmer/Analyst at a financial services firm with 10,001+ employees
Real User
Top 20
Reporting for compliance with industry regulations is excellent, identifying most issues our penetration testers look for
Pros and Cons
  • "The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up."
  • "The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there."

What is our primary use case?

We're required to make sure we have no high or very high security issues in our code. Veracode is a code reviewer to prevent hacking and other bad things from happening.

How has it helped my organization?

The way it helps our company is that the code is secure. It also helps with our customers because I believe they can request a copy of the report. It lets them know that we're doing the best we can to provide secure software.

The solution has helped build my security skills as a developer. Now, as I proceed forward, I know what to look for when coding items. I'll be coding a little bit more defensively from what I've learned, from all the errors that it has found. Some of the stuff I wasn't even aware of. I also became aware of things that Veracode verified, but I really couldn't fix.

The policy reporting for ensuring compliance with industry standards and regulations is excellent. It identified most of the issues that our penetration testers look for and gave me a way to look at the line numbers of the code that needed fixing, and that was a huge help. It also gave me samples of code for what was going wrong and it enabled my supervisors and me to go through the whole project and fix 99 percent of the issues we had.

It provides visibility into application status across all testing types in a centralized view. The report is very good at showing that. We are not allowed to install anything until it passes the Veracode test. We have to fix all errors before we can install our software. It absolutely helps reduce risk exposure for our software.

I haven't come across any false positives.

What is most valuable?

The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up. We've had very few issues that we have actually had to contact Veracode about.

It does give some guidance, up to a point, for fixing vulnerabilities. It does a pretty good job of that. We went from a bunch of errors to a handful that I needed help with, and that was mostly because they provided some good information for us to look at. If I had been using this product a long time ago, I would have been able to anticipate a lot of things that Veracode discovered. The product I'm working on is about 12 years old and this was the first time we ran scans on it using Veracode. It identified quite a few issues. If you're starting a new project, it would be a good place to start. Once you get used to what people like penetration testers are looking for, this is a good tool to prevent having a pen test come back bad.

The Static Analysis Pipeline Scan is very good. It found everything that we needed to fix.

What needs improvement?

The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there.

For how long have I used the solution?

We have been using Veracode for about three months.

What do I think about the stability of the solution?

The stability seems pretty good. There was only one instance where the site was down.

What do I think about the scalability of the solution?

I don't think Veracode has any problems with scalability. My company is very big. There are about 1,000 of us, all developers, using the solution. It's being used throughout the company for all our products.

How are customer service and technical support?

I would give their technical support five stars out of five. They were on point and they helped us identify resolutions for some of our issues that we couldn't figure out.

Which solution did I use previously and why did I switch?

We used Fortify. I was not involved in the decision to switch.

What's my experience with pricing, setup cost, and licensing?

I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good. It's just a good product, overall.

What other advice do I have?

The biggest lesson I have learned from using Veracode is that there isn't an answer for everything. But when an area needs to be mitigated the mitigation process is fairly easy.

It's pretty efficient, but in my case it took a long time to upload my information. It was a very big project, so I was not surprised that it took a long time, but it was mostly because of the internet around here. It would take a long time to upload the DLL and run the static analysis. It would take about two hours, but again, it's a large project.

Overall, it does a very good job of preventing vulnerable code from going into production. It identified issues that were not detected in penetration tests and allowed us to lock them down.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Veracode
July 2022
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
622,358 professionals have used our research since 2012.
Ajit Matthew - PeerSpot reviewer
Sr. Partner IT and Information Security at TheMathCompany
Real User
Easy to use, responsive technical support, and it provides levels of certification for compliance
Pros and Cons
  • "The Veracode technical support is very good. They are responsive and very knowledgeable."
  • "The training lab is not very user-friendly and takes a long time to set up."

What is our primary use case?

We use Veracode for static and dynamic code analysis, as well as software composition analysis (SCA). Using it ensures that our products are compliant, and it also provides an external method to assure our customers that our products are free from any flaws, or application security issues.

Our product resides on the Azure Cloud, and we have Veracode access it directly.

How has it helped my organization?

Using Veracode has helped to improve our organization in that we now have discipline in terms of periodically scanning our systems. We do this every six months, and it is done to meet our compliance requirements.

We are now at the point where it is integrated as part of our software lifecycle automation. I can't point to a particular example of how it has improved our product, although it has helped in terms of validating our product. Also, it has shown us the competency of our teams.

What is most valuable?

The certification levels are helpful. They are different levels where I think that five is the highest, and we are at level four. Having that badge and showing that we are compliant to that level helps one's reputation in the market.

The interface is easy to use.

What needs improvement?

The training lab is not very user-friendly and takes a long time to set up. This is an area that should be improved because we've not used it as much as we should have.

For how long have I used the solution?

We have been using Veracode for more than a year, since January 2021.

What do I think about the stability of the solution?

This is a pretty stable product. I would rate the stability an eight out of ten.

What do I think about the scalability of the solution?

I can't specifically speak to scalability because we only engage with them for a single product. However, I do think that scaling might be expensive and is probably something that needs to be negotiated.

How are customer service and support?

The Veracode technical support is very good. They are responsive and very knowledgeable. Every time we wanted to set up a meeting, they responded very quickly. In terms of the instructions that they provide, the details are very explicit and although there's a lot to refer to, we can get what we want fast. We don't get lost in what we need to look at.

I would rate the customer support an eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not use another similar solution prior to Veracode.

How was the initial setup?

I was not heavily involved in the initial setup and deployment, although I understand that it was straightforward. We were able to start using it and scanning our code on day one.

It's all on the web, so there is not much to set up. We just have to configure the access so that the web tool can connect, and it takes it from there.

Except for the Lab component, we didn't have to keep contacting our Veracode account manager.

What about the implementation team?

We completed the deployment ourselves.

There were two people involved. The first was our IT person, and the second was a senior member of the engineering team. There is no maintenance required.

What was our ROI?

It's too early to say whether we have seen ROI because we're marketing our product and services to newer customers. We haven't had visibility from that perspective, yet.

What's my experience with pricing, setup cost, and licensing?

The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us. It's an expensive product but we are paying for quality.

Which other solutions did I evaluate?

We evaluated two or three different products before choosing Veracode. 

The reasons that we chose Veracode were their reputation and ease of use. Also, one of the senior people on the team had previous experience with it.

Another point is that their pre-sales team was very professional. Their discussions helped us in terms of getting to what we wanted.

What other advice do I have?

My advice for anybody who is looking into Veracode is that it's one of the very few solutions that can perform dynamic, static, and software composition analysis.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Senior Project Manager at a computer software company with 501-1,000 employees
Real User
Comprehensive features and good integrations but needs better documentation
Pros and Cons
  • "It's comprehensive from a feature standpoint."
  • "The reports on offer are too verbose."

What is most valuable?

The SAST feature is the most valuable aspect of the solution.

The stability has been quite good overall. The performance is reliable. 

The scalability on offer is good. I don't see any constraints.

From a usability standpoint and the way it can be integrated into the pipelines, etc., it's very good.

It's comprehensive from a feature standpoint. 

What needs improvement?

The reports on offer are too verbose. They might want to consider t restructuring their reports to better give a very good summary or overview in the first five or so pages and then go ahead and drill into the details of each and every vulnerability beyond that.

The documentation could be improved. They could, for example, provide more details in terms of how to fix issues related to sign-ups. There isn't enough detailed information out there to assist users.

For how long have I used the solution?

I joined this company very recently. Therefore, I've only used the solution for a few months. However, this company has used Veracode for at least the last two to three years. They've had it for a while.

What do I think about the stability of the solution?

The stability overall is quite reliable. There are no bugs or glitches. It doesn't crash or freeze. Its performance is very good.

What do I think about the scalability of the solution?

The solution can scale well. If a company is considering expanding, it should be able to do so without issue.

We do have a limited amount of users on the solution right now.

How are customer service and technical support?

I've never had a need, up to this point, to reach out to technical support. I haven't really come across any technical issues during my short tenure with the product. Therefore, I can't speak to how helpful or responsive they are. I don't have any insights I could share. 

How was the initial setup?

We have a few team members that specialize in the solution.

Our team handles the maintenance of the solution.

What's my experience with pricing, setup cost, and licensing?

I don't have enough information to be able to comment on the cost of licensing the product. That's more of a sales question. I don't handle any aspect of that part of the solution.

What other advice do I have?

We are customers and end-users. We don't really have a business relationship with Veracode.

I'm more from the performance testing side of things. I've just added the security testing to my list of responsibilities recently.

We're using a mix of deployment models. We use both on-premises and cloud deployments. 

It's a good tool. I've done some comparisons with both SAST and DAST. It gives us this end-to-end sort of feature that we appreciate. Therefore, rather than you doing SAST with one tool and DAST with another tool, I prefer going with Veracode, which offers both. 

You can learn both static and dynamic scans with a single tool. You could effectively negotiate a price and do that. If you got some simple apps, from a CAC standpoint, I'd recommend folks to use Veracode.

I'd rate the solution at a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chris Sawyer - PeerSpot reviewer
Full Stack Engineer at TCDRS
Real User
Top 20
Gives us peace of mind regarding our website's security environment
Pros and Cons
  • "The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use."
  • "I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."

What is our primary use case?

We have a website built on the Microsoft stack, with .NET. Veracode comes in and scans our code and, for the static side of it, we zip up the CS files and the JavaScript files, and upload them for scanning.

How has it helped my organization?

It gives us peace of mind regarding what our website's security environment looks like. It provides that quality check to make sure that we have as few vulnerabilities as possible.

What is most valuable?

The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use.

What needs improvement?

I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use.

Also, with the dynamic tool, sometimes a scan gets stuck and it can be hard to get a hold of the right person in a timely manner to find out why it got stuck and to get it unstuck, or to create a new one.

Overall, speed and customer support could be improved.

For how long have I used the solution?

I have been using Veracode at my current job for about two years and I used it at my previous job for at least six years or so.

What do I think about the stability of the solution?

It's very stable. It's very good that way. I haven't run into too many times where their website is down. Usually, it's just for maintenance and they'll let you know ahead of time.

What do I think about the scalability of the solution?

Since it's a cloud offering, we don't have to worry about its scalability.

We don't utilize our current offering to its fullest, so we don't have plans to expand use of it.

How are customer service and support?

Their technical support is pretty good. It depends on who you get. As I mentioned, sometimes it's hard to get an answer from them quickly about why a scan got stuck or what's going on with it. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I've used Checkmarx and IBM AppScan.

What was our ROI?

I don't know what ROI might be in terms of a dollar amount, but the peace of mind and quality it gives us, making sure we don't get hacked, are types of ROI.

Which other solutions did I evaluate?

The "gold star" goes to Veracode's dynamic scanning capabilities. I've used other static scanners that may be a little bit better than Veracode, but the dynamic is a lot faster and a lot easier to use. The other ones I have used can be very complex when setting up the scans.

What other advice do I have?

Veracode only has a cloud offering. You upload your binary files for static scanning, or you whitelist your IP and have them come in and scan your website. It doesn't require any maintenance on our end.

Overall, it's really good. It's a lot better than other offerings I've seen. The dynamic scanner works really well. The static scanner is still good, but it could be improved.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Founder & CEO at a healthcare company with 1-10 employees
Real User
Top 5Leaderboard
Easy to install, stable, scalable, and they have phenomenal and responsive support
Pros and Cons
  • "My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous."
  • "The pricing for qualified startups such as Neo4j could be improved."

What is our primary use case?

We use this solution for Digital Health.

How has it helped my organization?

This solution has helped us in developing a secured product.

What is most valuable?

Veracode is fantastic! All of the features are valuable.

My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople are fabulous. They are engaging.

What needs improvement?

I would suggest charging the developer for training, as it's not very expensive.

Only charge for developer training because it's a service you give now and they may need to be technical support. 

It costs them money to do that, but with the technology, an incremental user is negligible incremental costs, which doesn't really cost them. That's software economics.

I would like to see them only charge for developer training for the qualified startups and start charging for the licensing once the product goes into production, and available.

For how long have I used the solution?

I have several years of experience working with Veracode.

When we used this solution a year ago, we used the most current version.

What do I think about the stability of the solution?

It's a stable solution. I would rate stability a ten out of ten.

What do I think about the scalability of the solution?

It's a scalable product. My rating out of ten would be a ten, scalability-wise.

We have a software development manager and three other people who are using it.

How are customer service and technical support?

Technical support is phenomenal. They are fabulous and very responsive, it's amazing.

Which solution did I use previously and why did I switch?

Previously, I did not use another solution. Because I knew Veracode for many years, my approach with the company was that it was a startup and we need to do it securely. This is s why we went with Veracode.

How was the initial setup?

The initial setup was straightforward. It was extremely easy and took only a few hours to deploy.

What about the implementation team?

We have a team in-house to implement this solution.

What's my experience with pricing, setup cost, and licensing?

The pricing for qualified startups such as Neo4j could be improved.

It allows startups to develop a secure product, but it takes time for startups to get money for the products. 

Veracode could provide the services, at a significantly lower price during that period with a condition that the moment that it becomes production, Veracode has to be paid.

If they would change that, it would be phenomenal for the entire industry and for them.

Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward.

What other advice do I have?

At the time that we used this solution, we were a startup, the software may not have been that complex. It's not like Oracle.

My advice to others who are interested in using this solution is to pay attention to the full instructions.

I would rate Veracode Developer Training a ten out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Nachu Subramanian - PeerSpot reviewer
Automation Practice Leader at a financial services firm with 10,001+ employees
Real User
Top 5
Offers good static and dynamic analysis but there are problems with scanning
Pros and Cons
  • "Good static analysis and dynamic analysis."
  • "The product has issues with scanning."

What is our primary use case?

I'm an automation practice leader and we are customers of Veracode.

What is most valuable?

The valuable features are the static analysis and the dynamic analysis. The security is also a good feature.

What needs improvement?

The solution has issues with scanning. It tries to decode the binaries that we are trying to scan. It decodes the binaries and then scans for the code. It scans for vulnerabilities but the code doesn't. They really need two different ways of scanning; one for static analysis and one for dynamic analysis, and they shouldn't decode the binaries for doing the security scanning. It's a challenge for us and doesn't work too well. 

As an additional feature I'd like to see third party vulnerability scanning as well as any container image scanning, interactive application security testing and IAS testing. Those are some of the features that Veracode needs to improve. Aside from that, the API integration is very challenging to integrate with the different tools. I think Veracode can do better in those areas.

For how long have I used the solution?

I've been using this solution for four years. 

What do I think about the stability of the solution?

I haven't had any issues with the stability. 

What do I think about the scalability of the solution?

The solution is scalable but if we scale too far then the performance is impacted. We have around 300 developers using Veracode. 

How are customer service and technical support?

The technical support is good. Whenever we have any vulnerability issues, we can easily contact them and then have a triage with the technical support team.

How was the initial setup?

The initial configurations were okay, but then the integration to the CI/CD pipeline was not so smooth. We had multiple rounds of calls with the Veracode engineers to get it up and running.

What's my experience with pricing, setup cost, and licensing?

Veracode is very, very expensive, one of the most expensive security scanning tools available.
We pay an annual license fee that is over $1 million. 

What other advice do I have?

For any company wanting to use Veracode and buying vendor binaries from third party vendors, it's important to get the legal and compliance clearance from the vendor as well. Some vendors have a policy that they're selling you the binary of a particular software but you're not supposed to decode it. Those are the general terms and conditions that every vendor gets you to sign but Veracode does decode and then scans for the vulnerabilities. It's a challenge for any company purchasing the solution from vendors.

I rate the solution six out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT security architect at a consumer goods company with 10,001+ employees
Real User
Effective static analysis, plenty of tools, but needs better support for languages
Pros and Cons
  • "The main feature that I have found valuable is the solution's ability to find issues in static analysis. Additionally, there are plenty of useful tools."
  • "The solution could improve the Dynamic Analysis Security Testing(DAST)."

What is our primary use case?

We are using this solution for static analysis.

What is most valuable?

The main feature that I have found valuable is the solution's ability to find issues in static analysis. Additionally, there are plenty of useful tools.

What needs improvement?

The solution could improve the Dynamic Analysis Security Testing(DAST).

There could be better support for different languages. It is very difficult in some languages to prepare the solution for the static analysis and this procedure is really hard for a pipeline, such as GitHub. They should make it easy to scan projects for any language like they do in other vendors, such as Checkmarx.

We have found there are a lot of false positives and the severity rating we have been receiving has been different compared to other vendor's solutions. For example, in Veracode, we receive a rating of low but in others solutions, we receive a rating of high when doing the glitch analysis.

For how long have I used the solution?

We have been using this solution for approximately six years.

How are customer service and technical support?

We have not had much free expert support from the vendor. We have had to have a team of highly skilled individuals to make the solution work.

How was the initial setup?

The initial setup is difficult. For example, in Android, if I need to scan an ordinary APK Android application, we need to generate the APK and when you are working in GitHub, you need to do a lot of work to make these combinations able to be scanned by Veracode.

What about the implementation team?

We did the implementation ourselves.

Which other solutions did I evaluate?

I have previously evaluated Checkmarx.

What other advice do I have?

The solution is good at finding issues and provide some very useful tools. I would advise those wanting to implement this solution to purchase professional support from the vendor. If you do not, you run the risk of having many problems such as the ones we have faced.

The DAST tool is very useful and is used in preproduction.  

I rate Veracode a six out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Veracode Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2022
Buyer's Guide
Download our free Veracode Report and get advice and tips from experienced pros sharing their opinions.