2017-11-26T07:43:00Z

What is your primary use case for Veracode?

Julia Miller - PeerSpot reviewer
  • 33
  • 386
PeerSpot user
Get the report
Helped 765,386 peers since 2012
94

94 Answers

SM
Reseller
Top 20
2023-08-31T07:43:00Z
Aug 31, 2023

The solution is used for performing application security processes like source code assessment, dynamic assessment, and SCA.

Search for a product comparison
MH
Real User
Top 20
2023-08-25T13:38:00Z
Aug 25, 2023

We are a software company providing software to paper manufacturing organizations, and we have an extensive ERP product along with many add-on products. With the need to increase security awareness and vulnerabilities, we decided that we needed to scan our software, so that was how we started using Veracode. We found Veracode eye-opening because we had many third-party libraries in our application, and we found vulnerabilities and had to upgrade those libraries or seek alternatives. Our use cases for Veracode were to make our software more secure and provide a better competitive advantage over our competitors by telling our clients that we have secure software.

Devid William - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-08-23T14:56:00Z
Aug 23, 2023

It's a fast solution, so we use it to search for vulnerabilities in our code, software composition analysis, and to search for vulnerabilities in our libraries.

Shobana Raghu - PeerSpot reviewer
Real User
Top 20
2023-08-15T17:52:00Z
Aug 15, 2023

We used it for static and dynamic testing to check if there were any vulnerabilities in the code. If there were any vulnerabilities, we would check the report downloaded from the Veracode portal and try to fix the code before deploying it.

Oluseyi Osifalujo - PeerSpot reviewer
Real User
Top 10
2023-08-11T15:16:00Z
Aug 11, 2023

We use Veracode to ensure our solutions meet the security standards in the financial industry in Nigeria.

CS
Real User
Top 20
2023-08-01T09:41:00Z
Aug 1, 2023

We use Veracode for its code analysis features, which include static code analysis, dynamic code analysis, and checking for security flaws in our code. Mainly, we utilize Veracode for application security, making code security one of our primary use cases.

Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Robert Hood - PeerSpot reviewer
Real User
Top 10
2023-07-31T20:43:00Z
Jul 31, 2023

My company is a financial and technical enterprise with involvement in healthcare as well. We use Veracode for scanning, utilizing both SAST and DAST approaches. The purpose of static testing is to assess our code for vulnerabilities before deployment. After completing this step and addressing any identified issues, we run dynamic application security testing on the applications we've created to ensure there are no vulnerabilities introduced after the build. These could be issues that arise during the execution of the code, rather than being inherent to the code itself. Additionally, we are currently considering or in the process of transitioning to Veracode for a specific function known as Software Composition Analysis, which is among the services they offer. In terms of my use cases, I oversee approximately 200 development teams managing around three to four hundred projects. About 30 percent of these projects are connected to Veracode. Moreover, I manage a user base of over 700 individuals, and many of our build pipelines include immediate SAST scanning during the building process. We currently use Vericode Cloud, specifically the public cloud. At the moment, I am in the process of deploying two Veracode ISM management servers from their platform. These servers will be responsible for scanning our internal applications that are not exposed to the external world. One significant aspect is that our company decided to transition to the cloud approximately three years ago. Initially, we had 27 data centers scattered worldwide, but now we have reduced that number to five. By the end of this year, we plan to further decrease it to three, and eventually, we will likely have only one or two data centers in the future. However, there are certain things that we cannot migrate to the cloud.

OK
Real User
Top 20
2023-07-28T07:59:00Z
Jul 28, 2023

Veracode is part of our overall security program. We use it to scan our daily build pipelines and all our fielded releases. The primary features we use are static application security testing and software composition analysis. We analyze third-party libraries for known vulnerabilities and taking action. Veracode is also part of our release procedure. We put the artifacts from the record and attach them to the release documentation to provide our customers with those documents if needed.

SR
Real User
Top 5
2023-07-10T07:19:00Z
Jul 10, 2023

The main purpose of Veracode is to deliver secure code on time. We use it to test our application security, at the implementation stage to make sure that code is secure. We do static and dynamic testing, as well as penetration testing with Veracode. We also use it for security threat detection for our enterprise applications.

VS
Real User
Top 20
2023-06-13T10:13:00Z
Jun 13, 2023

We scan various types of software codes, such as codes or applications built in languages like C, Java, Python, PHP, and Ruby, among others. We assess the code quality using Veracode.

VR
Real User
Top 20
2023-05-23T09:18:00Z
May 23, 2023

We are developers who utilize Veracode for the static and dynamic scanning of our applications.

Ivo Dias - PeerSpot reviewer
Reseller
Top 10
2023-05-22T17:30:00Z
May 22, 2023

I currently work for a Veracode distributor here in Brazil. I work in both presales and post-sales, and I do implementations as well.

UmarQureshi - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-05-19T13:46:00Z
May 19, 2023

We utilize Veracode to assist in establishing secure-by-design and development processes for our web applications, as well as transitioning from other systems to microservices.

Avinash Mukesh - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-05-17T11:16:00Z
May 17, 2023

We use Veracode to identify and detect security vulnerabilities in our applications before they are uploaded, deployed, or used. This gives us greater confidence in the security of our applications, which leads to positive feedback from our clients.

JV
Reseller
Top 20
2023-05-12T14:37:00Z
May 12, 2023

We are a Veracode reseller and we utilize their solution for software vulnerability analysis. Our primary objective is to identify any security issues in open-source libraries that have been rejected. Additionally, we perform dynamic code scanning and employ Static Application Security Testing for comprehensive application security testing.

NS
Real User
Top 10
2023-05-11T13:36:00Z
May 11, 2023

We use Veracode to scan our code before release. The scan ensures our projects will have no issues. We only use Veracode for customer-facing and revenue-generating web applications.

AjitMatthew - PeerSpot reviewer
Real User
Top 10
2023-05-08T12:16:00Z
May 8, 2023

We use Veracode for product testing. We exclusively utilize Veracode for a product used in our consulting services, which we provide on a licensing basis. We deploy Veracode in the cloud and can utilize any cloud provider, including Google Cloud, Azure, and AWS.

Michea Mbaziira - PeerSpot reviewer
Real User
Top 10
2023-04-05T18:22:00Z
Apr 5, 2023

We use Veracode to scan our codes for vulnerabilities and risks.

Hassan Saleh - PeerSpot reviewer
Real User
Top 10
2023-04-04T18:06:00Z
Apr 4, 2023

I use Veracode to ensure the projects I deliver don't have vulnerabilities.

Shashank Niranjan - PeerSpot reviewer
Real User
Top 20
2023-04-04T08:35:00Z
Apr 4, 2023

We use Veracode for application scanning.

AkashKhurana - PeerSpot reviewer
Real User
Top 10
2023-03-31T20:35:00Z
Mar 31, 2023

In our company, we have various projects, and before beginning the development process, we utilize Veracode to scan the repository for any potential security issues. For instance, if we are using a third-party API or client dependency, such as a payment system, we require a third-party dependency. Once we have implemented this feature and scanned it using Veracode, any security vulnerabilities or code issues are highlighted. It is imperative that we resolve any Veracode issues to ensure our build is successful. To solve these issues, we may need to upgrade the version of our dependencies or investigate any security issues with the versions we are currently using. The code is checked for any security issues, as well as any potential code issues or code smells that could cause major critical blockers. In this context, blockers have the highest priority, and if any are identified, they must be addressed urgently. The bugs or code smells are analyzed, and priority or severity is assigned accordingly. Dependencies used in the code are also checked for security issues.

FN
Real User
Top 20
2023-03-17T08:24:00Z
Mar 17, 2023

I'm a security practitioner and I use it for security and vulnerability scanning and assessments.

KK
Real User
2023-03-16T21:15:00Z
Mar 16, 2023

I use Veracode to develop solutions faster while ensuring my code is secure and doesn't have vulnerabilities. I can deliver a stable, scalable product to users and our partners, and security is our top priority.

Reyansh Kumar - PeerSpot reviewer
Real User
Top 5
2023-02-17T21:33:00Z
Feb 17, 2023

Our primary uses are for reviews of our code and overall software environment, bug fixes, and detection of security flaws. We use the solution across multiple locations and regions, including Asia Pacific, EMEA, and North America. Our user base consists of 5200 individuals.

Shiva Prasad Reddy - PeerSpot reviewer
Real User
Top 20
2023-01-27T19:57:00Z
Jan 27, 2023

In my previous company, we had a healthcare app. We used Veracode to run a spontaneous static analysis as well as dynamic analysis, to resolve our vulnerabilities. We were releasing versions every month. Each month we were looking at the results of Veracode and fixing the problems.

MC
Real User
Top 20
2023-01-24T15:40:00Z
Jan 24, 2023

We use it for security validation. As a company, we need to make sure that our code is secure. Not only do we need and want to do this for ourselves, but we also need to do it because of our security obligations to our clients.

JA
Real User
Top 5Leaderboard
2023-01-21T03:07:00Z
Jan 21, 2023

Veracode is being used to check our application source code, whether it is working well or not, and to track changes in the code from different developers and engineering teams.

HM
Real User
Top 20
2023-01-10T01:48:00Z
Jan 10, 2023

We use Veracode for security scanning purposes, and our security services team has developed the logic. We create the pipeline and run the Veracode scan for particular microservices. My role is to run the Veracode pipeline and to see all the detailed reports. Once the scan is complete, I download the Veracode report and share it with developers. We have multiple environments, and all entities use the solution. We have approximately 1000 users.

SumalyaGuha - PeerSpot reviewer
Real User
Top 10
2023-01-09T23:33:00Z
Jan 9, 2023

We use Veracode for static code analysis, dynamic code analysis, and software composition analysis. In our organization, we have a bunch of applications that are running on a monorepo or microservice level. We have to do SAST on those applications so that we have a code review done on a bit level. Going forward through the application pipeline, we do it on the dynamic level, as well, where we are scanning the public URLs of those applications to see what people can see externally. It's a type of out-to-in scanning in which we are analyzing the traffic that is sent out and even the traffic that is coming in, the response and request headers of the URLs, whenever someone is at a single URL. Finally, for the software composition, Veracode uses a third-party analysis tool in which it has the libraries and the functions that are being used at a source code level. They are open source or dependent files that are used for building that in-house application.

Miodrag Zarev - PeerSpot reviewer
Real User
Top 10
2022-12-02T19:58:00Z
Dec 2, 2022

We are a relatively young company that started about a decade ago. The company adopted Veracode about five years ago because it's a market leader in that segment. Veracode checks for security flaws in our code. We provide software for companies in the financial sector, so it's critical that we use Veracode. There are some lesser-known competitors, but Veracode is the biggest player in security software. In a way, it's good marketing to use Veracode. We are running it locally, but we plan to move to the cloud in the next few months. We're a small company with 20 employees. Our development team deals primarily with it, and some other support guys are involved occasionally.

Prateek Agarwal - PeerSpot reviewer
Real User
Top 5Leaderboard
2022-08-23T10:01:00Z
Aug 23, 2022

Veracode is used to perform the dynamic analysis of our applications for security flaws. We have applications that are being used by millions of users. We needed a security analysis tool to secure the application. Veracode is helping us with the analysis of all the security flaws and discrepancies. It is software-as-a-service. It is in the cloud.

David Jellison - PeerSpot reviewer
Real User
Top 10
2022-06-06T14:54:33Z
Jun 6, 2022

Our primary use case for Veracode is SAST and SCA in our SDLC pipelines. We also use it for DAST on a periodic basis and time-based scans on our staging system. We use the trading modules for certifying all our developers annually. In addition, we use Veracode to scan within our build's pipeline. We do use Greenlight, which is their IDE solution for prevention of issues of vulnerabilities. we are FedRAMP certified as a company, so we use this as part of our certification process for Veracode ISO 27001 and various other certifications we have.

Daniel Krivda - PeerSpot reviewer
Real User
Top 20
2022-05-23T11:33:00Z
May 23, 2022

We use it for static scans. It is mandatory in our company for every sort of project. Veracode provides the organization an understanding of security bugs and security holes in our software, finding out if the software is production-ready. It is used as gate management, so we can have a fast understanding if the software is suitable for deployment and production. My job is to help projects by getting the data integrated in Veracode. I don't own the code or develop code. In this area, I am a little bit like an integration specialist. We use Azure and AWS, though AWS is relatively fresh as we are now just starting to define guidelines and how the architecture will look. Eventually, within a half year to a year, we would like to have deployments there. I am not sure if dynamic scanning is possible in AWS Cloud. If so, that would be just great.

Ajit Matthew - PeerSpot reviewer
Real User
2022-04-27T08:20:00Z
Apr 27, 2022

We use Veracode for static and dynamic code analysis, as well as software composition analysis (SCA). Using it ensures that our products are compliant, and it also provides an external method to assure our customers that our products are free from any flaws, or application security issues. Our product resides on the Azure Cloud, and we have Veracode access it directly.

Chris Sawyer - PeerSpot reviewer
Real User
Top 20
2022-04-25T09:35:00Z
Apr 25, 2022

We have a website built on the Microsoft stack, with .NET. Veracode comes in and scans our code and, for the static side of it, we zip up the CS files and the JavaScript files, and upload them for scanning.

SP
Real User
2021-10-14T07:27:00Z
Oct 14, 2021

My company produces a SaaS application that is used by very large customers for pricing analytics and sales workflows. The data that our customers put into our software is very sensitive and confidential. This means that they want a high degree of confidence that our solution is secure. We use Veracode as one of the pillars that we can point to as helping us to deliver on the promise of having a secure product. We have a multi-dimensional security program and Veracode is one important aspect of that.

RO
Real User
2021-06-08T15:13:38Z
Jun 8, 2021

We are using this solution for static analysis.

SeshagiriSriram - PeerSpot reviewer
Real User
Leaderboard
2019-06-16T07:23:00Z
Jun 16, 2019

We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes.

KB
Real User
2021-10-28T21:05:00Z
Oct 28, 2021

There are three areas where we started using Veracode immediately. One is static component analysis. The second is their static application security test, where they take a static version of your code and scan through it, looking for security vulnerabilities. The third piece is the DAST product or dynamic application security test. We also use their manual pen-testing professional services solution in which they manually hit a live version of your product and try to break it or to break through passwords or try to get to your database layer—all that stuff that hackers typically do.

KE
Real User
2021-09-29T20:54:00Z
Sep 29, 2021

We utilize it to scan our in-house developed software, as a part of the CI/CD life cycle. Our primary use case is providing reporting from Veracode to our developers. We are still early on in the process of integrating Veracode into our life cycle, so we haven't consumed all features available to us yet. But we are betting on utilizing the API integration functionality in the long-term. That will allow us to automate the areas that security is responsible for, including invoking the scanning and providing the output to our developers so that they can correct any findings. Right now, it hasn't affected our AppSec process, but our 2022 strategy is to implement multiple components of Veracode into our CI/CD life cycle, along with the DAST component. The goal is to bridge that with automation to provide something closer to real-time feedback to the developers and our DevOps engineering team. We are also looking for it to save us productivity time across the board, including security. It's a SaaS solution.

NS
Real User
2021-08-23T14:07:08Z
Aug 23, 2021

I'm an automation practice leader and we are customers of Veracode.

RR
Real User
Leaderboard
2021-02-17T00:15:00Z
Feb 17, 2021

We use this solution for Digital Health.

HB
Real User
2020-12-03T05:52:00Z
Dec 3, 2020

We use the Static Analysis, Dynamic Analysis, and SCA, the software composition analysis.

SR
Real User
2020-12-02T06:24:00Z
Dec 2, 2020

Veracode has both static application security testing as well as dynamic application security testing, also called Dynamic Analysis. Our primary use case was on the static analysis side, not on the dynamic, because we have an automated tool in the dynamic analysis scope. So our primary use was static analysis security testing.

MV
Real User
2020-11-19T07:44:00Z
Nov 19, 2020

We use both the static and the dynamic scanning. What we do is run the code through the scanner once we make any modifications. And periodically, we also run the dynamic to connect several applications. We use Veracode to check for specific vulnerabilities such as cross-site scripting. When we are checking for those vulnerabilities, we take a portion of code that is going to be generated and we run the scanner.

Deepak Naik - PeerSpot reviewer
Real User
2020-11-11T08:18:00Z
Nov 11, 2020

We use Veracode primarily for three purposes: * Static Analysis, which is integrated into our CI/CD pipeline, using APIs. * Every release gets certified for a static code analysis and dynamic code analysis. There is a UAT server, where it gets deployed with the latest release, then we perform the dynamic code scanning on that particular URL. * Software Composition Analysis: We use this periodically to understand the software composition from an open source licensing and open source component vulnerability perspective.

SS
Real User
2020-11-11T08:18:00Z
Nov 11, 2020

We use Veracode for static analysis of source code as well as some dynamic analysis.

YT
Real User
2020-11-11T08:18:00Z
Nov 11, 2020

We focus on these two use cases: * Our first use case is for Static Analysis (SAST). The purpose of it is to scan our code for any vulnerabilities and security breaches. Then, we get some other reports from the tool, pointing us to the problematic line of code, showing us what is the vulnerability, and giving us suggestions on how to fix or mitigate them. * The second use case is for the Software Composition Analysis (SCA) tool, which is scanning our open sources and third-party libraries that we consumed. They scan and check on the internal database (or whatever depository tool it is using), then they return back a report saying our open sources, the versions, and what are the exposures of using those versions. For any vulnerability, it suggests the minimum upgrades to do in order to move to another more secure version.

SM
Real User
2020-11-09T08:11:00Z
Nov 9, 2020

We use it for dynamic scanning and Static Code Analysis as well as for Software Composition Analysis (SCA). We do use this solution's support for cloud-native applications.

DM
Real User
2020-11-08T07:00:00Z
Nov 8, 2020

We use it to scan our biggest applications, our bread and butter. We've got a lot of developers using it in our organization, and we've got quite a few applications using it as well.

KM
Real User
2020-11-08T07:00:00Z
Nov 8, 2020

We have three use cases. We have the dynamic scans that we use to scan the production, public-facing URLs. We also use the static scan where we work with the Dev team and scan the code base for the web application and the mobile application on both iOS and Android. Our third use case is manual penetration tests, which my team manages. We do annual manual penetration tests. It's deployed to our platform infrastructure, which is in a public cloud.

MT
Real User
2020-11-04T07:28:00Z
Nov 4, 2020

The use case is that we have quite a few projects on GitHub. As we are a consulting company, some of these projects are open source and others are enterprise and private. We do security investigating for these projects. We scan the repository for both the static analysis—to find things that might be dangerous—and we use the Software Composition Analysis as well. We get notifications when we are using some open source library that has a known vulnerability and we have to upgrade it. We can plan accordingly. We are using the software as a service.

RL
Real User
2020-11-04T07:28:00Z
Nov 4, 2020

We use it to scan our web applications before we publish them to see if there are any security vulnerabilities. We use it for static analysis and dynamic analysis.

AS
Real User
2020-10-14T06:37:00Z
Oct 14, 2020

We use the Veracode SAST solution to scan the Java, Node.js, and Python microservices as part of our CI/CD pipeline, wherein we are using our CI/CD server as Bamboo, Jenkins, and GitLab CI/CD. We have teams for both our cloud pipeline and on-prem pipeline, and both teams use this solution. We are using Veracode to constantly run the internal application source code and ensure the code's security hygiene.

Christian Camerlengo - PeerSpot reviewer
Real User
2020-08-30T08:33:00Z
Aug 30, 2020

We're required to make sure we have no high or very high security issues in our code. Veracode is a code reviewer to prevent hacking and other bad things from happening.

reviewer1359297 - PeerSpot reviewer
Real User
2020-05-28T19:19:00Z
May 28, 2020

This was intended to scan all of our custom development efforts to ensure a certain level of (secure) code quality. Right now the scope of that effort is limited to web exposed systems but with maturity, we hope to increase that scope.

reviewer1360617 - PeerSpot reviewer
Real User
2020-05-28T18:19:00Z
May 28, 2020

We are using Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Static Component Analysis (SCA). We use different types of scanning across numerous applications. We also use Greenlight IDE integration. We are scanning external web applications, internal web applications, and mobile applications with various types/combinations of scanning. We use this both to improve our application security as well as achieve compliance with various compliance bodies that require code scanning.

RB
Real User
2020-05-28T15:57:00Z
May 28, 2020

Veracode is a cornerstone of our Development Security Operations Program, particularly scanning automation and remediation tracking. We've been able to monitor the release cycle and verify our Security Standards are met by setting policy and ensuring scans are taking place. If a scan fails to meet our standard the build breaks and the flaws are remediated before releasing to Stage and ultimately Production - where the potential impact is much more costly. We have discovered opportunities to make our code even better thanks to Veracode!

reviewer1360623 - PeerSpot reviewer
Consultant
2020-05-28T14:28:00Z
May 28, 2020

Our primary use cases are for comprehensive security assessment using static analysis, dynamic analysis, source code composition, and manual penetration tests. We also use it for security training for developers.

DR
Real User
2019-06-11T11:10:00Z
Jun 11, 2019

I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code.

it_user920715 - PeerSpot reviewer
Consultant
2019-06-11T11:10:00Z
Jun 11, 2019

Our primary use case for this solution is application security.

ST
Consultant
2019-05-23T06:10:00Z
May 23, 2019

Our primary use case of this solution is for static and dynamic analysis along with the source gear for the third party dependency (not IDM). We were looking into actually moving towards IDM, but that's the extent of my knowledge. They are licensed as two separate products. They're part of the same platform, but they are licensed separately. We have Veracode, Veracode Developer Training, Veracode Software Composition Analysis, and SourceClear. SourceClear and SDA are pretty much the same. They just support different languages. Veracode as a whole, the top option, is the one that includes everything.

it_user673734 - PeerSpot reviewer
Real User
2018-11-12T09:12:00Z
Nov 12, 2018

We use it for security scanning of SaaS and mobile software that we develop: one server-side and two mobile applications. Most customers require SAST and DAST scanning in order to purchase.

EC
Real User
2018-11-12T09:12:00Z
Nov 12, 2018

We use Veracode to scan custom-developed code for flaws.

SH
Real User
2018-11-01T11:57:00Z
Nov 1, 2018

We use it for static checking.

MS
Real User
2018-10-11T01:43:00Z
Oct 11, 2018

* Scanning web-facing applications for potential security weaknesses. * Helping to document the introduction of technical debt in our code bases.

AK
Real User
2018-10-10T11:01:00Z
Oct 10, 2018

Static application security testing, which is the primary use case. There were different web applications which were scanned using this tool.

JB
User
2018-09-01T11:52:00Z
Sep 1, 2018

I use Veracode to run scans on .NET applications, web applications and Windows/fat form applications. I also use it to make deployments in three-tier environments: the application server tier, web server tier and the database tier.

ST
Real User
2018-07-03T06:10:00Z
Jul 3, 2018

Application security scanning.

MW
Real User
2018-07-02T10:13:00Z
Jul 2, 2018

We are planning on introducing a static code analysis tool to support a DevOps effort in our environment. The objective of the solution is to allow the team to identify vulnerabilities in the source code and improve the hygiene of the developed code before deployment.

it_user877104 - PeerSpot reviewer
Real User
2018-05-23T10:30:00Z
May 23, 2018

SAST vulnerability scanning. Veracode is embedded in our release pipeline.

it_user873405 - PeerSpot reviewer
Real User
2018-05-16T08:31:00Z
May 16, 2018

SAST. We have not yet integrated it into our software development lifecycle as it doesn't have the feature that enables us to integrate it with our repository.

EP
Real User
2018-05-04T18:03:00Z
May 4, 2018

C++ financial application acting as hub for my academic accounting system. Application, which my institution partially owns, was analyzed after just having compiled the code. This happens seldom in academic software. It does software composition analysis, discovering open source software weaknesses.

it_user866175 - PeerSpot reviewer
Real User
2018-05-02T07:27:00Z
May 2, 2018

Dynamic and static code analysis.

it_user854784 - PeerSpot reviewer
Real User
2018-04-12T05:42:00Z
Apr 12, 2018

Application development and secure code development.

it_user854052 - PeerSpot reviewer
Real User
2018-04-11T10:47:00Z
Apr 11, 2018

Certifying the application security of my SAS-based application code base.

it_user854049 - PeerSpot reviewer
Real User
2018-04-11T10:47:00Z
Apr 11, 2018

We test each major release of our software using Veracode static and dynamic testing. We also do manual penetration testing annually.

it_user854046 - PeerSpot reviewer
Real User
2018-04-11T10:47:00Z
Apr 11, 2018

Scanning for code security vulnerabilities within our company's products.

it_user852402 - PeerSpot reviewer
Real User
2018-04-09T13:11:00Z
Apr 9, 2018

Provides static code analysis of the customers' applications from all industries. It includes any type of code and scripts, but mostly Java, .Net, C++, and C# environments.

it_user797976 - PeerSpot reviewer
Real User
2018-03-28T12:05:00Z
Mar 28, 2018

We use it to assess or do security inspections of our software that we produce or assemble. We have a very large portfolio of software across our enterprise. The Veracode system is a platform that scales with the dynamics of our organization. We have people that are in many locations, in the US and abroad. The fact that the Veracode platform is essentially a cloud-based platform, that makes it scalable.

it_user846645 - PeerSpot reviewer
Real User
2018-03-28T12:05:00Z
Mar 28, 2018

To certify that we have valid code, and that the developers are working with valid structures and writing good code.

it_user842937 - PeerSpot reviewer
Vendor
2018-03-22T09:39:00Z
Mar 22, 2018

Security scanning of the applications, of software that my company built.

it_user841116 - PeerSpot reviewer
Real User
2018-03-20T11:53:00Z
Mar 20, 2018

Security scanning.

DC
Real User
2018-03-15T07:51:00Z
Mar 15, 2018

The primary use is as a static analysis tool. But we also use Greenlight and dynamic, and we're currently having a manual penetration test.

it_user837504 - PeerSpot reviewer
Real User
2018-03-14T08:56:00Z
Mar 14, 2018

We test two mission-critical web applications (C# Web forms).

it_user836430 - PeerSpot reviewer
Real User
2018-03-13T06:59:00Z
Mar 13, 2018

Application security management.

it_user835104 - PeerSpot reviewer
Real User
2018-03-11T06:55:00Z
Mar 11, 2018

Static code scan.

BM
Real User
2018-03-11T06:55:00Z
Mar 11, 2018

Static code analysis for internally developed critical systems.

it_user833553 - PeerSpot reviewer
Real User
2018-03-08T09:23:00Z
Mar 8, 2018

We use it for a lot of things and they're all primary: SAST, DAST, and Greenlight.

it_user833550 - PeerSpot reviewer
Real User
2018-03-08T09:23:00Z
Mar 8, 2018

Dynamic and static scanning.

SK
Real User
2018-03-07T09:02:00Z
Mar 7, 2018

To have a third-party analyze our code and make recommendations from a security perspective.

it_user831864 - PeerSpot reviewer
Real User
2018-03-06T09:06:00Z
Mar 6, 2018

Static analysis.

it_user802140 - PeerSpot reviewer
User
2018-01-15T19:17:00Z
Jan 15, 2018

We are Veracode partners/distributors in Quito, Ecuador. At this moment, I am reviewing the solution.

it_user778905 - PeerSpot reviewer
Real User
2017-11-26T07:43:00Z
Nov 26, 2017

Software security, static code scanning. It has performed very well.

Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing. Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references....
Download Veracode ReportRead more

Related Q&As