2017-11-26T07:43:00Z

What do you like most about Veracode?

Miriam Tover - PeerSpot reviewer
  • 34
  • 100
PeerSpot user
Get the report
Helped 765,234 peers since 2012
96

96 Answers

SM
Reseller
Top 20
2023-08-31T07:43:00Z
Aug 31, 2023

The SAST and DAST modules are great.

Search for a product comparison
Sairam Bathini - PeerSpot reviewer
Real User
Top 20
2023-08-29T10:30:00Z
Aug 29, 2023

The best feature of Veracode is that we can do static and dynamic scans.

MH
Real User
Top 20
2023-08-25T13:38:00Z
Aug 25, 2023

What we found most valuable in Veracode is the ability to do automatic scans of our software. We've incorporated the solution into our SDLC process, so we take our builds before they get released and put them through scans to ensure any new vulnerabilities haven't occurred.

Devid William - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-08-23T14:56:00Z
Aug 23, 2023

Vericode's policy reporting for ensuring compliance with industry standards and regulations is great. I

Shobana Raghu - PeerSpot reviewer
Real User
Top 20
2023-08-15T17:52:00Z
Aug 15, 2023

I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them.

Oluseyi Osifalujo - PeerSpot reviewer
Real User
Top 10
2023-08-11T15:16:00Z
Aug 11, 2023

The static scan is the most valuable feature.

Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
CS
Real User
Top 20
2023-08-01T09:41:00Z
Aug 1, 2023

Veracode offers various security features.

Robert Hood - PeerSpot reviewer
Real User
Top 10
2023-07-31T20:43:00Z
Jul 31, 2023

The most valuable feature is the SAST capability and its integration into the Veracode pipelines.

OK
Real User
Top 20
2023-07-28T07:59:00Z
Jul 28, 2023

It's hard to say that any single feature is the most essential. There are many errors and vulnerabilities in software today in the standard libraries for different vendors because. We don't need to reinvent the wheel every time because we're using standard libraries, and it's important to know that your security isn't compromised because you are using libraries with vulnerabilities.

SR
Real User
Top 5
2023-07-10T07:19:00Z
Jul 10, 2023

The dashboards and the threat insights it provides are very good. The dashboards are intuitive and pretty straightforward, but also pretty detailed.

VS
Real User
Top 20
2023-06-13T10:13:00Z
Jun 13, 2023

Static Scanning is the most valuable feature of Veracode.

VR
Real User
Top 20
2023-05-23T09:18:00Z
May 23, 2023

The static scan and the detailed reports, which include issue information and permissions, are the most valuable features.

Ivo Dias - PeerSpot reviewer
Reseller
Top 10
2023-05-22T17:30:00Z
May 22, 2023

To me, the principal feature is the CLI (command-line interface) because I put together a lot of implementations using it. Another important aspect is the low false-positive rate because the solution is very configurable. It is as low as 1 percent and that is a huge difference compared to competitors.

UmarQureshi - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-05-19T13:46:00Z
May 19, 2023

Veracode Fix is a new feature that functions similarly to auto-remediation for low or medium flaw codes.

Avinash Mukesh - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-05-17T11:16:00Z
May 17, 2023

Veracode is very easy to use.

JV
Reseller
Top 20
2023-05-12T14:37:00Z
May 12, 2023

Static code scanning is the most valuable feature.

NS
Real User
Top 10
2023-05-11T13:36:00Z
May 11, 2023

I like Veracode's ease of integration with various cloud platforms and tools.

AjitMatthew - PeerSpot reviewer
Real User
Top 10
2023-05-08T12:16:00Z
May 8, 2023

Veracode does not require any maintenance.

Michea Mbaziira - PeerSpot reviewer
Real User
Top 10
2023-04-05T18:22:00Z
Apr 5, 2023

Code scanning is the most valuable feature.

Hassan Saleh - PeerSpot reviewer
Real User
Top 10
2023-04-04T18:06:00Z
Apr 4, 2023

I like the static scanning, and Veracode's interface is excellent. The dashboard is easy to navigate.

Shashank Niranjan - PeerSpot reviewer
Real User
Top 20
2023-04-04T08:35:00Z
Apr 4, 2023

Being able to scan our applications and identify all codes and defects is an extremely valuable feature.

AkashKhurana - PeerSpot reviewer
Real User
Top 10
2023-03-31T20:35:00Z
Mar 31, 2023

The most valuable feature is detecting security vulnerabilities in the project.

FN
Real User
Top 20
2023-03-17T08:24:00Z
Mar 17, 2023

It has improved the quality of code being delivered for test and its vulnerability resolutions timeline has improved.

KK
Real User
2023-03-16T21:15:00Z
Mar 16, 2023

I like the ability to integrate Veracode with other coding platforms like Visual Studio, which helps you write code quickly by implementing already inserted code. For example, if we have tags you want to put in the software, it is effortless to choose which programming language you want to use in the integrated development environment.

Reyansh Kumar - PeerSpot reviewer
Real User
Top 5
2023-02-17T21:33:00Z
Feb 17, 2023

The user interface is excellent, the code review process is quick and provides great analytics to understand our code better, and the SAST scan is high-speed.

Shiva Prasad Reddy - PeerSpot reviewer
Real User
Top 20
2023-01-27T19:57:00Z
Jan 27, 2023

It pinpoints the errors. Its accuracy is very interesting. It also elaborates on flaws, meaning it provides you with details about what is valid or not and how something can be fixed.

MC
Real User
Top 20
2023-01-24T15:40:00Z
Jan 24, 2023

The Security Labs [is] where I have the developers training and constantly improving their security, and remembering their security techniques. That way, they are more proactive and make sure things are correct. They're faster because they're doing it in the first place.

JA
Real User
Top 5Leaderboard
2023-01-21T03:07:00Z
Jan 21, 2023

It has the ability to statically scan your source code before it goes to production. It can be scanned within your testing or development environment, and that is very useful. And good explanations of all the vulnerabilities in your source code help take care of those issues in future code implementation as well.

HM
Real User
Top 20
2023-01-10T01:48:00Z
Jan 10, 2023

The best feature is definitely the detailed reports. It provides code-related queries in the order of high, medium, and low depending on what we need to do. Veracode is user-friendly as well.

SumalyaGuha - PeerSpot reviewer
Real User
Top 10
2023-01-09T23:33:00Z
Jan 9, 2023

In pipeline scanning, there is a configuration that can be set with respect to the security level of the flaw. If there is a high or a critical issue, there's a way the build can be failed and blocked before going into production.

Miodrag Zarev - PeerSpot reviewer
Real User
Top 10
2022-12-02T19:58:00Z
Dec 2, 2022

I like Veracode's integration with our CI/CD. It automatically scans our code when we do the build. It can also detect any security flaws in our third-party libraries. Veracode is good at pinpointing the sections of code that have vulnerabilities.

Prateek Agarwal - PeerSpot reviewer
Real User
Top 5Leaderboard
2022-08-23T10:01:00Z
Aug 23, 2022

The findings of their security analysis are wonderful. You can easily go through all the analyses done by Veracode. You can see what are the flaws and what could be the best possible resolution to minimize those flaws in the application. When an application is being used by the public, security is a challenge. Veracode helps us to analyze all the security flaws, discrepancies, and vulnerabilities inside the application. It provides good reports.

David Jellison - PeerSpot reviewer
Real User
Top 10
2022-06-06T14:54:33Z
Jun 6, 2022

Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed.

Daniel Krivda - PeerSpot reviewer
Real User
Top 20
2022-05-23T11:33:00Z
May 23, 2022

You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs.

Chris Sawyer - PeerSpot reviewer
Real User
Top 20
2022-04-25T09:35:00Z
Apr 25, 2022

The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use.

KB
Real User
2021-10-28T21:05:00Z
Oct 28, 2021

There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place.

KE
Real User
2021-09-29T20:54:00Z
Sep 29, 2021

The visibility into application status helps reduce risk exposure for our software. Today, any findings provided by the DAST are reviewed by the developers and we have internal processes in place to correct those findings before there can be a release. So it absolutely does prevent us from releasing weak code.

NS
Real User
2021-08-23T14:07:08Z
Aug 23, 2021

Good static analysis and dynamic analysis.

RO
Real User
2021-06-08T15:13:38Z
Jun 8, 2021

The main feature that I have found valuable is the solution's ability to find issues in static analysis. Additionally, there are plenty of useful tools.

VV
Vendor
2021-04-06T13:48:04Z
Apr 6, 2021

It's comprehensive from a feature standpoint.

RR
Real User
Leaderboard
2021-02-17T00:15:00Z
Feb 17, 2021

My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous.

HB
Real User
2020-12-03T05:52:00Z
Dec 3, 2020

It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail.

SR
Real User
2020-12-02T06:24:00Z
Dec 2, 2020

It is SaaS hosted. That makes it very convenient to use. There is no initial time needed to set up an application. Scanning is a matter of minutes. You just log in, create an application profile, associate a security configuration, and that's about it. It takes 10 minutes to start. The lack of initial lead time or initial overhead to get going is the primary advantage.

MV
Real User
2020-11-19T07:44:00Z
Nov 19, 2020

Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool.

Deepak Naik - PeerSpot reviewer
Real User
2020-11-11T08:18:00Z
Nov 11, 2020

The centralized view of different testing types helps reduce our risk exposure. The development teams have the freedom to choose their own libraries and languages. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. Based on that report, we decide if we can continue. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. We immediately replace these with more permissive, open-source licenses, so we are safe in the end.

SS
Real User
2020-11-11T08:18:00Z
Nov 11, 2020

The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA.

YT
Real User
2020-11-11T08:18:00Z
Nov 11, 2020

Veracode provides guidance for fixing vulnerabilities. It enables developers to write secure code from the start by pointing them to the problematic line of code, and saying, "This function/method has security vulnerabilities," then suggests alternatives to fix it. Then, we adopt their suggestions of the tool. By implementing it in the right way, we can fix the issue. For example, if the tool has found a method where it copied one piece of memory into another piece of memory in the code. The tool points to problematic methods with the vulnerability and provides ways to code it more securely. By adopting their suggestions, we are fixing this vulnerability.

SM
Real User
2020-11-09T08:11:00Z
Nov 9, 2020

The time savings has been tremendous. We saw ROI in the first six months.

KM
Real User
2020-11-08T07:00:00Z
Nov 8, 2020

In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application.

DM
Real User
2020-11-08T07:00:00Z
Nov 8, 2020

One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable.

MT
Real User
2020-11-04T07:28:00Z
Nov 4, 2020

The solution's ability to prevent vulnerable code from going into production is perfectly fine. It delivers, at least for the reports that we have been checking on Java and JavaScript. It has reported things that were helpful.

RL
Real User
2020-11-04T07:28:00Z
Nov 4, 2020

The policy reporting for ensuring compliance with industry standards and regulations is pretty comprehensive, especially around PCI. If you do the static analysis, the dynamic analysis, and then a manual penetration test, it aggregates all of these results into one report. And then they create a PCI-specific report around it which helps to illustrate how the application adheres to different standards.

AS
Real User
2020-10-14T06:37:00Z
Oct 14, 2020

There are quite a few features that are very reliable, like the newly launched Veracode Pipelines Scan, which is pretty awesome. It supports the synchronous pipeline pretty well. We been using it out of the Jira plugin, and that is fantastic.

Christian Camerlengo - PeerSpot reviewer
Real User
2020-08-30T08:33:00Z
Aug 30, 2020

The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up.

reviewer1359297 - PeerSpot reviewer
Real User
2020-05-28T19:19:00Z
May 28, 2020

The source composition analysis component is great because it gives our developers some comfort in using new libraries.

reviewer1360617 - PeerSpot reviewer
Real User
2020-05-28T18:19:00Z
May 28, 2020

Veracode's cloud-based approach, coupled with the appliance that lets us use Veracode to scan internal-only web applications, has provided a seamless, always-up-to-date application security scanning solution.

RB
Real User
2020-05-28T15:57:00Z
May 28, 2020

Integrations into our developer's IDE (Greenlight) and the DevOps Pipeline SAST / SourceClear Integrations has particularly increased our time to market and confidence.

reviewer1360623 - PeerSpot reviewer
Consultant
2020-05-28T14:28:00Z
May 28, 2020

Veracode is a valuable tool in our secure SDLC process.

SeshagiriSriram - PeerSpot reviewer
Real User
Leaderboard
2019-06-16T07:23:00Z
Jun 16, 2019

We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes.

DR
Real User
2019-06-11T11:10:00Z
Jun 11, 2019

I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code.

it_user920715 - PeerSpot reviewer
Consultant
2019-06-11T11:10:00Z
Jun 11, 2019

The most valuable feature comes from the fact that it is cloud-based, and I can scale up without having to worry about any other infrastructure needs.

ST
Consultant
2019-05-23T06:10:00Z
May 23, 2019

We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle.

it_user673734 - PeerSpot reviewer
Real User
2018-11-12T09:12:00Z
Nov 12, 2018

It has an easy-to-use interface.

SH
Real User
2018-11-01T11:57:00Z
Nov 1, 2018

One of the valuable features is that it gives us the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important.

MS
Real User
2018-10-11T01:43:00Z
Oct 11, 2018

It has almost completely eliminated the presence of SQLi vulnerabilities.

AK
Real User
2018-10-10T11:01:00Z
Oct 10, 2018

Veracode provides faster scans compared to other static analysis security testing tools.

JB
User
2018-09-01T11:52:00Z
Sep 1, 2018

We use Veracode static analysis during development to eliminate vulnerability issues

ST
Real User
2018-07-03T06:10:00Z
Jul 3, 2018

The tech support has been very much on the forefront of contacting customers. They help us by making sure all the processes have been outlined and are being followed. They regularly look with us at the whole platform process.

MW
Real User
2018-07-02T10:13:00Z
Jul 2, 2018

Allows us to track the remediation and handling of identified vulnerabilities.

it_user877104 - PeerSpot reviewer
Real User
2018-05-23T10:30:00Z
May 23, 2018

Because it is a SaaS offering, I do not have to support the infrastructure.

it_user873405 - PeerSpot reviewer
Real User
2018-05-16T08:31:00Z
May 16, 2018

Scanning of .war and .jar is key for us.

it_user873351 - PeerSpot reviewer
Real User
2018-05-16T06:43:00Z
May 16, 2018

I don't have to have a team of developers behind me that keep up with all the latest threats because the subscription service they provide for me does that.

it_user873345 - PeerSpot reviewer
Real User
2018-05-16T06:43:00Z
May 16, 2018

What's important for me, from Veracode, is the all-in-one metrics location. I can see where everything is across the entire portfolio of applications I have in this program, and I can report out on it.

SN
Real User
2018-05-16T06:43:00Z
May 16, 2018

The most valuable feature is the remediation consulting that they give. I feel like any vendor can identify the flaws but fixing the flaws is what is most important. Being able to have those consultation calls, schedule them in the platform, and have that discussion with an applications expert, that process scales well and that is what has allowed a lot more reduction of risk to happen.

EP
Real User
2018-05-04T18:03:00Z
May 4, 2018

I can have quick results by just uploading compiled components.

it_user866175 - PeerSpot reviewer
Real User
2018-05-02T07:27:00Z
May 2, 2018

The developers' awareness of the security weaknesses within their code has improved. They aren't just mitigating these issues, they are realizing these are, in fact, issues that have to be dealt with.

it_user854784 - PeerSpot reviewer
Real User
2018-04-12T05:42:00Z
Apr 12, 2018

Valuable features for us are the static scanning of the software, which is very important to us; the ability to set policy profiles that are specific to us; the software composition analysis, to give us reports on known vulnerabilities from our third-party components.

it_user854052 - PeerSpot reviewer
Real User
2018-04-11T10:47:00Z
Apr 11, 2018

It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies.

it_user854049 - PeerSpot reviewer
Real User
2018-04-11T10:47:00Z
Apr 11, 2018

Ad-hoc scanning during the development cycle and reports for audits are valuable features.

it_user854046 - PeerSpot reviewer
Real User
2018-04-11T10:47:00Z
Apr 11, 2018

Informs me of code security vulnerabilities. Bamboo build automation with Veracode API calls are used.​

it_user852402 - PeerSpot reviewer
Real User
2018-04-09T13:11:00Z
Apr 9, 2018

Provides consistent evaluation and results without huge fluctuations in false positives or negatives.

it_user797976 - PeerSpot reviewer
Real User
2018-03-28T12:05:00Z
Mar 28, 2018

The Static and Dynamic Analysis capabilities are very valuable to us. They've improved the speed of the inspection process.

it_user846645 - PeerSpot reviewer
Real User
2018-03-28T12:05:00Z
Mar 28, 2018

The coding standards in our development group have improved. From scanning our code we've learned the patterns and techniques to make our code more secure. An example would be SQL injection. We have mitigated all the SQL injection in our applications.

it_user842937 - PeerSpot reviewer
Vendor
2018-03-22T09:39:00Z
Mar 22, 2018

With the tools that Veracode provides, our developers are actually able to comprehend what the vulnerability was and then resolve it. So a lot of knowledge has been grown as a result, around security, with our developers.

it_user841116 - PeerSpot reviewer
Real User
2018-03-20T11:53:00Z
Mar 20, 2018

It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security.

DC
Real User
2018-03-15T07:51:00Z
Mar 15, 2018

It eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code bundle over to Veracode, which automatically kicks off the static analysis. It sends an email when it's done, and we look at the report.

it_user837504 - PeerSpot reviewer
Real User
2018-03-14T08:56:00Z
Mar 14, 2018

Veracode static analysis allows us to pinpoint issues - from a simple hard-coded test password, to more serious issues - and saves us lot of time. For example, it raises a flag about a problematic third-party DLL before development invests time heavy using it.

it_user836430 - PeerSpot reviewer
Real User
2018-03-13T06:59:00Z
Mar 13, 2018

The most important features, I would say, are the scanning abilities and the remediation abilities within the product. Scanning because, obviously, we want to make sure that our application code is flaw-free. And the remediation tools are helpful to the developers to help them track and manage their flaws.

BM
Real User
2018-03-11T06:55:00Z
Mar 11, 2018

When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them.

it_user833553 - PeerSpot reviewer
Real User
2018-03-08T09:23:00Z
Mar 8, 2018

For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE.

it_user833550 - PeerSpot reviewer
Real User
2018-03-08T09:23:00Z
Mar 8, 2018

We use it to get our scan results and see where our software is vulnerable or not vulnerable.

SK
Real User
2018-03-07T09:02:00Z
Mar 7, 2018

All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing).

it_user831864 - PeerSpot reviewer
Real User
2018-03-06T09:06:00Z
Mar 6, 2018

Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester.

it_user802140 - PeerSpot reviewer
User
2018-01-15T19:17:00Z
Jan 15, 2018

It helps me to detect vulnerabilities.

it_user797976 - PeerSpot reviewer
Real User
2018-01-07T09:39:00Z
Jan 7, 2018

It has the ability to scale, and the fact that it doesn't produce a lot of false positives.

it_user778905 - PeerSpot reviewer
Real User
2017-11-26T07:43:00Z
Nov 26, 2017

The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future.

Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing. Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references....
Download Veracode ReportRead more

Related Q&As