IT Central Station is now PeerSpot: Here's why
2017-11-26T07:43:00Z

What do you like most about Veracode?

Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
86

Hi Everyone,

What do you like most about Veracode?

Thanks for sharing your thoughts with the community!

PeerSpot user
Guest
6464 Answers

David Jellison - PeerSpot reviewer
Top 20Real User

Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed.

2022-06-06T14:54:33Z
Daniel Krivda - PeerSpot reviewer
Top 20Real User

You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs.

2022-05-23T11:33:00Z
Chris Sawyer - PeerSpot reviewer
Top 20Real User

The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use.

2022-04-25T09:35:00Z
reviewer1705929 - PeerSpot reviewer
Top 20Real User

There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place.

2021-10-28T21:05:00Z
Reviewer339593 - PeerSpot reviewer
Real User

The visibility into application status helps reduce risk exposure for our software. Today, any findings provided by the DAST are reviewed by the developers and we have internal processes in place to correct those findings before there can be a release. So it absolutely does prevent us from releasing weak code.

2021-09-29T20:54:00Z
Nachu Subramanian - PeerSpot reviewer
Top 5Real User

Good static analysis and dynamic analysis.

2021-08-23T14:07:08Z
reviewer1596348 - PeerSpot reviewer
Real User

The main feature that I have found valuable is the solution's ability to find issues in static analysis. Additionally, there are plenty of useful tools.

2021-06-08T15:13:38Z
reviewer1542384 - PeerSpot reviewer
Real User

It's comprehensive from a feature standpoint.

2021-04-06T13:48:04Z
reviewer1310136 - PeerSpot reviewer
Top 5LeaderboardReal User

My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous.

2021-02-17T00:15:00Z
reviewer1465254 - PeerSpot reviewer
Top 5LeaderboardReal User

It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail.

2020-12-03T05:52:00Z
Srinivasa Rao Kuruba - PeerSpot reviewer
Real User

It is SaaS hosted. That makes it very convenient to use. There is no initial time needed to set up an application. Scanning is a matter of minutes. You just log in, create an application profile, associate a security configuration, and that's about it. It takes 10 minutes to start. The lack of initial lead time or initial overhead to get going is the primary advantage.

2020-12-02T06:24:00Z
Mauro Verderosa - PeerSpot reviewer
Top 10Real User

Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool.

2020-11-19T07:44:00Z
Deepak Naik - PeerSpot reviewer
Top 10Real User

The centralized view of different testing types helps reduce our risk exposure. The development teams have the freedom to choose their own libraries and languages. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. Based on that report, we decide if we can continue. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. We immediately replace these with more permissive, open-source licenses, so we are safe in the end.

2020-11-11T08:18:00Z
reviewer1451973 - PeerSpot reviewer
Top 20Real User

The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA.

2020-11-11T08:18:00Z
reviewer1451970 - PeerSpot reviewer
Real User

Veracode provides guidance for fixing vulnerabilities. It enables developers to write secure code from the start by pointing them to the problematic line of code, and saying, "This function/method has security vulnerabilities," then suggests alternatives to fix it. Then, we adopt their suggestions of the tool. By implementing it in the right way, we can fix the issue. For example, if the tool has found a method where it copied one piece of memory into another piece of memory in the code. The tool points to problematic methods with the vulnerability and provides ways to code it more securely. By adopting their suggestions, we are fixing this vulnerability.

2020-11-11T08:18:00Z
reviewer1450479 - PeerSpot reviewer
Top 20Real User

The time savings has been tremendous. We saw ROI in the first six months.

2020-11-09T08:11:00Z
reviewer1450191 - PeerSpot reviewer
Top 20Real User

One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable.

2020-11-08T07:00:00Z
Karen Meohas - PeerSpot reviewer
Top 10Real User

In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application.

2020-11-08T07:00:00Z
Marcello Teodori - PeerSpot reviewer
Top 20Real User

The solution's ability to prevent vulnerable code from going into production is perfectly fine. It delivers, at least for the reports that we have been checking on Java and JavaScript. It has reported things that were helpful.

2020-11-04T07:28:00Z
reviewer1448070 - PeerSpot reviewer
Top 20Real User

The policy reporting for ensuring compliance with industry standards and regulations is pretty comprehensive, especially around PCI. If you do the static analysis, the dynamic analysis, and then a manual penetration test, it aggregates all of these results into one report. And then they create a PCI-specific report around it which helps to illustrate how the application adheres to different standards.

2020-11-04T07:28:00Z
reviewer1436241 - PeerSpot reviewer
Top 10MSP

There are quite a few features that are very reliable, like the newly launched Veracode Pipelines Scan, which is pretty awesome. It supports the synchronous pipeline pretty well. We been using it out of the Jira plugin, and that is fantastic.

2020-10-14T06:37:00Z
Christian Camerlengo - PeerSpot reviewer
Top 20Real User

The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up.

2020-08-30T08:33:00Z
reviewer1359297 - PeerSpot reviewer
Real User

The source composition analysis component is great because it gives our developers some comfort in using new libraries.

2020-05-28T19:19:00Z
reviewer1360617 - PeerSpot reviewer
Real User

Veracode's cloud-based approach, coupled with the appliance that lets us use Veracode to scan internal-only web applications, has provided a seamless, always-up-to-date application security scanning solution.

2020-05-28T18:19:00Z
Riley Black - PeerSpot reviewer
Real User

Integrations into our developer's IDE (Greenlight) and the DevOps Pipeline SAST / SourceClear Integrations has particularly increased our time to market and confidence.

2020-05-28T15:57:00Z
reviewer1360623 - PeerSpot reviewer
Consultant

Veracode is a valuable tool in our secure SDLC process.

2020-05-28T14:28:00Z
reviewer1121823 - PeerSpot reviewer
LeaderboardReal User

We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes.

2019-06-16T07:23:00Z
Divakar Rai - PeerSpot reviewer
Real User

I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code.

2019-06-11T11:10:00Z
Princip677 - PeerSpot reviewer
Consultant

The most valuable feature comes from the fact that it is cloud-based, and I can scale up without having to worry about any other infrastructure needs.

2019-06-11T11:10:00Z
Sebastian Toma - PeerSpot reviewer
Consultant

We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle.

2019-05-23T06:10:00Z
it_user673734 - PeerSpot reviewer
Real User

It has an easy-to-use interface.

2018-11-12T09:12:00Z
ChiefInfaf47 - PeerSpot reviewer
Real User

One of the valuable features is that it gives us the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important.

2018-11-01T11:57:00Z
Michael Stricklen - PeerSpot reviewer
Real User

It has almost completely eliminated the presence of SQLi vulnerabilities.

2018-10-11T01:43:00Z
Ashish Kulkarni - PeerSpot reviewer
Consultant

Veracode provides faster scans compared to other static analysis security testing tools.

2018-10-10T11:01:00Z
reviewer923928 - PeerSpot reviewer
User

We use Veracode static analysis during development to eliminate vulnerability issues

2018-09-01T11:52:00Z
Associat7de6 - PeerSpot reviewer
Real User

The tech support has been very much on the forefront of contacting customers. They help us by making sure all the processes have been outlined and are being followed. They regularly look with us at the whole platform process.

2018-07-03T06:10:00Z
Michael Ward - PeerSpot reviewer
User

Allows us to track the remediation and handling of identified vulnerabilities.

2018-07-02T10:13:00Z
it_user877104 - PeerSpot reviewer
Real User

Because it is a SaaS offering, I do not have to support the infrastructure.

2018-05-23T10:30:00Z
it_user873405 - PeerSpot reviewer
Real User

Scanning of .war and .jar is key for us.

2018-05-16T08:31:00Z
it_user873351 - PeerSpot reviewer
Real User

I don't have to have a team of developers behind me that keep up with all the latest threats because the subscription service they provide for me does that.

2018-05-16T06:43:00Z
it_user873345 - PeerSpot reviewer
Real User

What's important for me, from Veracode, is the all-in-one metrics location. I can see where everything is across the entire portfolio of applications I have in this program, and I can report out on it.

2018-05-16T06:43:00Z
Suzan Nascimento - PeerSpot reviewer
Real User

The most valuable feature is the remediation consulting that they give. I feel like any vendor can identify the flaws but fixing the flaws is what is most important. Being able to have those consultation calls, schedule them in the platform, and have that discussion with an applications expert, that process scales well and that is what has allowed a lot more reduction of risk to happen.

2018-05-16T06:43:00Z
Elina Petrovna - PeerSpot reviewer
Real User

I can have quick results by just uploading compiled components.

2018-05-04T18:03:00Z
it_user866175 - PeerSpot reviewer
Real User

The developers' awareness of the security weaknesses within their code has improved. They aren't just mitigating these issues, they are realizing these are, in fact, issues that have to be dealt with.

2018-05-02T07:27:00Z
it_user854784 - PeerSpot reviewer
Real User

Valuable features for us are the static scanning of the software, which is very important to us; the ability to set policy profiles that are specific to us; the software composition analysis, to give us reports on known vulnerabilities from our third-party components.

2018-04-12T05:42:00Z
it_user854052 - PeerSpot reviewer
Real User

It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies.

2018-04-11T10:47:00Z
it_user854049 - PeerSpot reviewer
Real User

Ad-hoc scanning during the development cycle and reports for audits are valuable features.

2018-04-11T10:47:00Z
it_user854046 - PeerSpot reviewer
Real User

Informs me of code security vulnerabilities. Bamboo build automation with Veracode API calls are used.​

2018-04-11T10:47:00Z
it_user852402 - PeerSpot reviewer
Real User

Provides consistent evaluation and results without huge fluctuations in false positives or negatives.

2018-04-09T13:11:00Z
it_user797976 - PeerSpot reviewer
Real User

The Static and Dynamic Analysis capabilities are very valuable to us. They've improved the speed of the inspection process.

2018-03-28T12:05:00Z
it_user846645 - PeerSpot reviewer
Real User

The coding standards in our development group have improved. From scanning our code we've learned the patterns and techniques to make our code more secure. An example would be SQL injection. We have mitigated all the SQL injection in our applications.

2018-03-28T12:05:00Z
it_user842937 - PeerSpot reviewer
Real User

With the tools that Veracode provides, our developers are actually able to comprehend what the vulnerability was and then resolve it. So a lot of knowledge has been grown as a result, around security, with our developers.

2018-03-22T09:39:00Z
it_user841116 - PeerSpot reviewer
Real User

It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security.

2018-03-20T11:53:00Z
Dave Cheli - PeerSpot reviewer
Real User

It eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code bundle over to Veracode, which automatically kicks off the static analysis. It sends an email when it's done, and we look at the report.

2018-03-15T07:51:00Z
it_user837504 - PeerSpot reviewer
Real User

Veracode static analysis allows us to pinpoint issues - from a simple hard-coded test password, to more serious issues - and saves us lot of time. For example, it raises a flag about a problematic third-party DLL before development invests time heavy using it.

2018-03-14T08:56:00Z
it_user836430 - PeerSpot reviewer
Real User

The most important features, I would say, are the scanning abilities and the remediation abilities within the product. Scanning because, obviously, we want to make sure that our application code is flaw-free. And the remediation tools are helpful to the developers to help them track and manage their flaws.

2018-03-13T06:59:00Z
Assistan84a9 - PeerSpot reviewer
Real User

When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them.

2018-03-11T06:55:00Z
it_user833553 - PeerSpot reviewer
Real User

For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE.

2018-03-08T09:23:00Z
it_user833550 - PeerSpot reviewer
Real User

We use it to get our scan results and see where our software is vulnerable or not vulnerable.

2018-03-08T09:23:00Z
Siddharth Kundalkar - PeerSpot reviewer
Real User

All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing).

2018-03-07T09:02:00Z
it_user831864 - PeerSpot reviewer
Real User

Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester.

2018-03-06T09:06:00Z
JorgeIzquierdo - PeerSpot reviewer
User

It helps me to detect vulnerabilities.

2018-01-15T19:17:00Z
it_user797976 - PeerSpot reviewer
Real User

It has the ability to scale, and the fact that it doesn't produce a lot of false positives.

2018-01-07T09:39:00Z
it_user778905 - PeerSpot reviewer
Real User

The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future.

2017-11-26T07:43:00Z
Buyer's Guide
Veracode
July 2022
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
620,987 professionals have used our research since 2012.