We use Veracode to identify and detect security vulnerabilities in our applications before they are uploaded, deployed, or used. This gives us greater confidence in the security of our applications, which leads to positive feedback from our clients.
The solution's ability to prevent vulnerable code from going into production is a good thing because we have not upgraded to detect any variable code before deployment. Therefore, it is a good way to start our campaign.
Using SBOM to manage risks is straightforward and faster because it does not require technical skills. This makes it easy and straightforward to implement and use to prevent vulnerabilities and ensure compliance with any policy in any industry. Creating reports using SBOM is easy.
Veracode is helping us by providing alerts to ensure that we are providing a good application that does not have security vulnerabilities. This means that any client using our application or software can be confident that it is stable, secure, and risk-free. As a result, our organization is benefiting from cost savings and increased sales.
Veracode's policy reporting for enabling compliance with industry standards and regulations can be a bit complex for beginners, but it is much easier and quicker for experienced users.
Veracode provides visibility into application status throughout the development process. It is easy to understand the severity of a threat, thanks to their clear and concise documentation. This documentation can be used to understand code, security, vulnerabilities, and project management. Veracode also helps ensure compliance with all industry standards.
Veracode's visibility helps our DevSecOps team because it supports multiple programming languages. This means that teams with different programming languages can use Veracode to remotely collaborate and develop a stable solution. As a result, our developer team is not affected and can continue to provide high-quality, bug-free products on time, which is beneficial to our current and future clients.
Veracode's false positive rate is low.
Veracode's low false positive rate increases our developers' confidence. Some developers may have used a different solution in the past or may have had a different experience with another vendor. Therefore, I believe that initially, they may not be confident in Veracode when some vulnerable code is found in their primary code. This can sometimes make them feel unprofessional, but ultimately, since we are using a professional solution, their confidence will grow and become positive. This is because they will realize that if this code has vulnerabilities, the next time they release a project or application, they need to be very transparent and careful to avoid any problems. Therefore, the initial confidence may be shaken, but as developers get used to Veracode, it becomes much easier and their confidence in developing improves.
Regarding time, static analysis's false positive rate has reduced the amount of time we would have spent using other solutions or the cost of using a high-tech team to do it. Additionally, the cost of accessing running machines in this era is quite expensive. However, if we have the opportunity to use Veracode with its multiple features, I think it is a very good setting for any company during the learning process of using machines.
With Veracode, we can perform multiple scans simultaneously in different programming languages. This is different from other solutions, where we would manually or independently scan each application or programming language. Veracode allows us to scan more quickly and easily. The time it takes to detect flaws in the code is not comparable to the previous solution, because Veracode speeds up the process and makes it easier to create reports. We can share these reports with other developers to create free call-to-action campaigns and improve the user experience. By the time we deploy our applications, we can be confident that they are secure.
Veracode helped our developers save time by providing a solution that can be integrated with other IDEs, such as Visual Studio Code. This allows developers to use a tool that they are familiar with and that is readily available. This, in turn, helps them to develop faster because the interactivity tools support every programming language. This means that developers do not have to create a lot of code before they can start using Veracode. Instead, they can focus on adding more logic and functionality to their code. Veracode can then help them to test and secure their code more quickly. Overall, Veracode has helped our developers save an average of 30 percent of the time they would have otherwise spent on security testing.
Veracode has had a positive impact on our security posture. We are now able to create secure and stable solutions more quickly because of their transparency, speed, and visibility.
Veracode reduced the cost of our DevSecOps by around eight percent.
Veracode is very easy to use. I use it to scan my Java Micro Service, and it is easy to configure. It does not require any software to be installed, and it can access data files and scan them quickly. This makes it very user-friendly.
Scanning progress is highly dependent on the speed of the Internet. This can create confusion about the completion of scanning tasks. For example, a static scan may detect all vulnerabilities during a single scan, but when static scanning is disabled, some vulnerabilities may be detected during one scan, but not during the next scan or a subsequent scan. This inconsistency can make it difficult to track vulnerabilities. Additionally, The solution does not make it easy to mitigate vulnerabilities that are not detected by static scanning.
The price of the solution has room for improvement.
I have been using Veracode for three years.
Veracode is stable as long as we have a good internet connection. The stability of Veracode is based on the internet speed.
Veracode is scalable. We use Veracode in multiple departments. Ten people in our organization use the solution.
The initial deployment was straightforward and took two of us five days to complete the deployment.
We implemented the solution in-house.
With Veracode, we are developing more secure, scalable, and stable applications on a faster track. Our clients know that they can trust us to deliver secure applications that meet their expectations. This led to increased sales, even though our products are priced higher than our competitors. We are able to charge a premium because our products meet the Swedish standard for security, compliance, and risk. As a result, we have seen a 65 percent return on investment.
I give Veracode an eight out of ten.
Veracode is not a cost-effective solution for small businesses, but it is a good solution for medium and enterprise businesses.
Veracode does not require any maintenance.
I recommend Veracode to organizations that need a static code security analysis. Veracode is simple to understand and supports all programming languages.