Veracode Static Analysis Pros

FranckGafsou - PeerSpot reviewer
Security Architect Lead at a comms service provider with 10,001+ employees
Stable and scalable, with good reporting features. Helps in detecting and managing vulnerabilities and risks.
View full review »
VD
Lead Security Architect at a comms service provider with 1,001-5,000 employees
It is a cloud-based platform, so every organization or every security team in the organization is concerned about uploading their code because ultimately the code is intellectual property. The most useful thing about Veracode is that if you want to upload the code, they accept only byte code. They do not accept the plain source code as an input. The code is converted into binary code, and it is uploaded to Veracode. So, it is quite secure. It also has the automation feature where you can integrate security during the initial stages of your software development life cycle. It is pretty much easy with Veracode. Veracode provides integration with multiple tools and platforms, such as Visual Studio, Java, and Eclipse. Developers can integrate with those tools by using Jenkins. The security consultation or the support that they provide is also really good. Its user management is also good. You can restrict the users for a particular application so that only certain developers will be able to see the code that has been scanned. Their reporting model is really good. For each customer, they provide a program manager. Every quarter, they have their reviews about how much it has scanned. They also ensure that the tool has been used efficiently.
View full review »
Product Security Engineer at a tech services company with 5,001-10,000 employees
With the pipeline scanner, it's easier for developers to scan their products, as they don't have to export anything from their computers. They can do everything with the command line on their computer.
View full review »
Buyer's Guide
Veracode Static Analysis
November 2022
Learn what your peers think about Veracode Static Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
657,397 professionals have used our research since 2012.
Prasenjit Roy - PeerSpot reviewer
Sr. Cloud Solution Architect - SAP on Azure at Accenture
Veracode supports a broad range of code technologies, and it can analyze large applications. Fortify takes a long time and may not be able to generate the report for larger applications. We don't have these constraints with Veracode.
View full review »
Prakash Pillay - PeerSpot reviewer
Director - Product Solution/Architecture at a tech vendor with 10,001+ employees
It scans for the OWASP top-10 security flaws at the dynamic level and, at the static level, it scans for all the warnings so that developers can fix the code before we go to UAT or the next phase.
View full review »
Anshuman Kishore - PeerSpot reviewer
Director Product Development at Mycom Osi
We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing.
View full review »

Veracode Static Analysis Cons

FranckGafsou - PeerSpot reviewer
Security Architect Lead at a comms service provider with 10,001+ employees
Some features could be improved in terms of user-friendliness.
View full review »
VD
Lead Security Architect at a comms service provider with 1,001-5,000 employees
There are few languages that take time for scanning. It covers the majority of languages from C to Scala, but it doesn't support certain languages and the newer versions of certain languages. For example, it doesn't support SAP and new JavaScript frameworks such as Node.js and React JS. They can include support for these. If you go to their website, you can see the list of languages that are currently supported. The false-positive rates are also something they can work on.
View full review »
Product Security Engineer at a tech services company with 5,001-10,000 employees
Maybe the pipeline scanning doesn't support enough languages. It might only support Java and Python only, so that could be improved.
View full review »
Buyer's Guide
Veracode Static Analysis
November 2022
Learn what your peers think about Veracode Static Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
657,397 professionals have used our research since 2012.
Prasenjit Roy - PeerSpot reviewer
Sr. Cloud Solution Architect - SAP on Azure at Accenture
While Veracode is way ahead of its competitors on Gartner Magic Quadrant, it's a bit more expensive than Fortify. It's a good solution for the cost, but if we had a high budget, we would go with Checkmarx, which is much better than Veracode.
View full review »
Prakash Pillay - PeerSpot reviewer
Director - Product Solution/Architecture at a tech vendor with 10,001+ employees
I would like to see improvement on the analytics side, and in integrations with different tools. Also, the dynamic scanning takes time.
View full review »
Anshuman Kishore - PeerSpot reviewer
Director Product Development at Mycom Osi
Veracode Static Analysis could improve the terminology. For example, I do not know what the sandbox scan does. The terminology and the way they have used it are quite confusing. They should have a process of capturing problems that users are having on their end.
View full review »
Buyer's Guide
Veracode Static Analysis
November 2022
Learn what your peers think about Veracode Static Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
657,397 professionals have used our research since 2012.