IT Central Station is now PeerSpot: Here's why

Veracode Reviews

Jagusztin Laszlo - PeerSpot reviewer
Chief Technology Architect at Alerant Zrt.
Real User
Top 10
Excels when it comes to binary scanning and has helped us significantly increase development speed
Pros and Cons
  • "For use cases where our company buys a product with the source code, but only the final executables or the binaries, only Veracode is able to work on that type of tool."
  • "There is room for improvement in the speed of the system. Sometimes, the servers are very busy and slow... Also, the integration with SonarQube is very weak, so we had to implement a custom solution to extend it."

What is our primary use case?

We are using it for two purposes. The first is to analyze the final binaries in our normal development cycle and the second is for auditing old software.

It's a SaaS solution.

How has it helped my organization?

Veracode is able to analyze the final software products. We compile the applications and it's an advantage for us because there are a lot of areas where we don't have the source code. In some companies, only internal development is taking place and they have the source code and everything else for the software. With those companies, there are other tools that we can use. But for use cases where our company buys a product with the source code, but only the final executables or the binaries, only Veracode is able to work on that type of tool. We are working in the financial sector for big bank banks and insurance companies. A lot of times, these types of companies don't have the source code for the applications, only the final applications. This is the biggest advantage of Veracode, that it's able to analyze these types of applications.

We use the scanning process to help our security professionals and developers fix flaws in the code and that helps speed up the development cycle. It helps to "shift-left" all of the security control to the earliest phase of the development cycle. It has sped up the development cycle significantly. An unexpected vulnerability can stop the development pipeline, at least for a little while, and we are able to avoid that.

It has also helped to increase our fix rate by almost 100 percent. In the past, if it turned out that we had vulnerabilities, we had no time to correct them. We went into production with them. Now, we are able to fix everything, 100 percent, in the development cycle.

In terms of best practices, we have the results from Veracode and then we have a Knowledge Base of the types of vulnerabilities and how they should be corrected by our developers.

Another benefit is that it has helped us with certification and audits. We have a lot of automated reports based on the scans and we can show them to the auditors. That has saved us a lot of money and work.

And Veracode SCA has helped to reduce the risk of a security breach because it finds vulnerabilities as early as possible. It has increased our security and development teams’ productivity because, with the automated scanning, we are able to scan much more than previously. It saves us at least one week per development cycle, if not more.

The recommendations from Veracode have improved our efforts in fixing potential vulnerabilities, and not just finding them. That's important for us because fixing is a very expensive process. If you can save time on that, it is a big help. And SCA’s automated, peer, and expert advice have definitely reduced remediation times, saving us at least a week per development cycle.

Overall, SCA has significantly lowered the risk of vulnerabilities. If we didn't identify them before production, and it turned out that there were vulnerabilities, there would be a big risk. We would have to go into production with them or stop the development pipeline. So it lowers the security risk significantly by doing early scanning. It has reduced our risk by at least 60 percent. It definitely helps create secure software. That is 100 percent important because we are working for financial companies.

What is most valuable?

It's good that it's cloud-based because we don't have to operate a new IT system for security scanning.

It provides a centralized view across all testing types, including SaaS, DAST, SCA, and manual penetration testing. We now have a central place with overall visibility.

In addition, the mitigation recommendations provided by the scanning engine are good. They are not all perfect, but they are good and usable.

What needs improvement?

There is room for improvement in the speed of the system. Sometimes, the servers are very busy and slow. Also, because we are located in Europe, it would be a big help if they had a European or national service, because of the regulations, not only because of the speed.

Also, the integration with SonarQube is very weak, so we had to implement a custom solution to extend it.

For how long have I used the solution?

We have been using Veracode Software Composition Analysis for more than two years.

What do I think about the stability of the solution?

The stability is good. We haven't had any problems.

What do I think about the scalability of the solution?

The scalability issue is a good question because it's not too fast, but it's scalable because it's cloud-based.

We use it for 10 critical applications.

How are customer service and support?

Their technical support staff is skilled. We have been able to solve all of our problems with them. I wouldn't rate them a 10 because sometimes it's time-consuming to get the right guy to answer our questions. But we always get answers to our questions.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used SonarQube because the developers liked it. We also used Checkmarx. We switched to Veracode SCA because of the binary scanning ability. Neither Checkmarx nor SonarQube is able to do that.

How was the initial setup?

The initial setup was very easy. Because it's a cloud-based service, we were able to do it without the help of Veracode. We just read the recommendations and followed them. We had three guys involved, two developers and one security guy.

It took three months to implement. Our implementation strategy was to do a pilot and then everybody in the organization copied the reference implementation.

What was our ROI?

Our return on investment is due to saving a lot of development hours.

What's my experience with pricing, setup cost, and licensing?

It's too expensive for the European market. That is why, in a big bank with 400 applications, we are able to use it for only 10 of them. But the other solutions are also expensive, so it wasn't a differentiator.

The static cost model is not that important. Veracode works on a subscription model, so we have to pay for it every year. 

Which other solutions did I evaluate?

We chose Veracode's Software Composition Analysis after we evaluated more than 10 products. Among those we evaluated were Checkmarx, Fortify, and SonarQube. The primary differentiator was the binary scanning use case.

What other advice do I have?

Use Veracode for the special use case of binary scanning, because it is the best in this special use case.

Security Labs is very good as well. We are not using it day-to-day, but it's a good feature.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Oleksandr Klymenko - PeerSpot reviewer
Development Manager at a tech company with 5,001-10,000 employees
Real User
Significantly improves our productivity, helps us in complying with our security policy, and reports all necessary vulnerabilities
Pros and Cons
  • "Considering that in my project, we are mostly using Software Composition Analysis as a part of Static Code Analysis, for me, the main part is reporting and highlighting necessary vulnerabilities. Veracode platform has a rather good database of different vulnerabilities in different libraries and different sources. So, finding vulnerabilities in third-party libraries is the main feature of Software Composition Analysis that we use. It is the most important feature for us."
  • "The results of agent-based software composition analysis are not connected to policy scanning. So, for me, the only thing that Veracode can improve in Software Composition Analysis is to connect it with the policy scan because, at present, it is a bit inconvenient for those in our organization who use agent-based Software Composition Analysis. In the end, they need to make a static scan with all those libraries in order to receive that report. If Veracode implemented a connection between agent-based static scan and static scanning itself, it would be great because it would lead to fewer operations in order to prepare release documentation and release reporting from Veracode. We recently had a conversation with Veracode about it."

What is our primary use case?

At this moment in time, in my project, we are mostly using Static Analysis from Veracode. We automated it and added it as a step to our daily pipeline. We also tried using the pipeline plugin from Veracode that gives an immediate evaluation of your code. We're also using agent-based Software Composition Analysis. I have not exactly used it in my project, but I participated in investigating it and setting it up.

I know two flavors of doing Software Composition Analysis. The first one is a part of a daily static scan where you're uploading all your third-party libraries. The second one is by using agent-based, which gives more reporting capabilities but not doesn't affect policy scans, etc. We use both of them.

We use Software Composition Analysis as a part of our daily build pipeline, so we use Jenkins Plugin from Veracode. Every night, we upload our sources to the Veracode platform. In the morning, we receive results of Static Code Analysis and Software Composition Analysis. 

How has it helped my organization?

We are able to receive results for vulnerabilities in other libraries. We can then react to it and fix our code and those dependencies.

We do have a policy in regards to security. As a part of that policy, we cannot have very high-end issues. Usually, when you change third-party libraries, you need to do some level of regression testing. Our release cycle is long, and it could be half a year between releases or sometimes even more. By using Software Composition Analysis, we're checking our sources on a regular basis, and if needed, we change our libraries in our code, So, we are checking and mitigating any vulnerabilities if they are not applicable to our solution.

We use static scanning. This is the main use of Veracode for us. We package our application every day and send it to Veracode. We receive static code analysis results and also the software composition analysis results every day because the first focus for us is on quality improvement. The security improvement is definitely static scanning. We do have a process for analyzing and mitigating results around this static scanning. So far, we have been able to comply with our internal policy. At this moment in time, we are at the stage of releasing our product, and according to our internal policy, certain important issues from 2017 had to be addressed and fixed.

Veracode gives the possibility to find different vulnerabilities and flaws in code, and it also makes things relatively easy because everything is automated. Implementing such a high-quality tool like Veracode, immediately made us aware of a lot of issues, but the volume of issues that we had to address was really high. The support from top management made it easy to fix the issues that Veracode identified in the product that has a long history of more than 20 years. Without the support of higher management in organizing and defining a process of fixing those issues, it wouldn't have been possible to fix all those issues. We took the reports received from Veracode, planned our activities, reviewed everything, and started acting on it as a result. The new release that we have is according to our policy, which is an important thing for us.

It definitely helps in reducing the risk of a security breach, which is rather important for us for providing our customers with a secure product. Among our customers, there are a lot of big companies that take security seriously. So, for us, it is really important. The fact that we have executive sponsorship shows that security is very important for our management. This initiative started because we're treating security really seriously.

It is improving our productivity significantly. We just finished a big chunk of results processing, and we are still in the process of setting up our processes. When you're first doing that scan with Veracode, you receive a bunch of results and an overwhelming amount of flaws in your code. All those results need to be investigated. For some of them, it is sufficient to have mitigations, but some of them need to be fixed. We just finished those fixes, and there were a significant amount of security findings from Veracode.

What is most valuable?

Considering that in my project, we are mostly using Software Composition Analysis as a part of Static Code Analysis, for me, the main part is reporting and highlighting necessary vulnerabilities. Veracode platform has a rather good database of different vulnerabilities in different libraries and different sources. So, finding vulnerabilities in third-party libraries is the main feature of Software Composition Analysis that we use. It is the most important feature for us.

What needs improvement?

The results of agent-based software composition analysis are not connected to policy scanning. So, for me, the only thing that Veracode can improve in Software Composition Analysis is to connect it with the policy scan because, at present, it is a bit inconvenient for those in our organization who use agent-based Software Composition Analysis. In the end, they need to make a static scan with all those libraries in order to receive that report. If Veracode implemented a connection between agent-based static scan and static scanning itself, it would be great because it would lead to fewer operations in order to prepare release documentation and release reporting from Veracode. We recently had a conversation with Veracode about it.

For how long have I used the solution?

I believe it has been about two years because Software Composition Analysis is a part of the policy scan, and our journey with Veracode has been for about two years.

What do I think about the stability of the solution?

It is stable. I didn't feel that many problems with it. We did have a few glitches with the platform, but they were not that many. So, I can say that it is stable.

What do I think about the scalability of the solution?

I can't say anything about the scalability of this solution because we are not bothered about keeping its infrastructure up and running. We use Veracode Cloud, and we are not supporting or deploying it. It is just a service for us, and we consider it as a service. We submit the information and receive reports back from that solution.

In our project, every night, we are currently scanning our development branch and three versions of our releases. We have four applications, and I believe that from my team, at least 15 scans happen every night. We have a partnership with another company that provides a part of our functionality. They provide releases to us to embed in our solution. We also do the scanning for their part and inform them about the issues that we've found.

We will increase the number of scanned versions because with each and every release, during the support period, we're supporting versions of our product, and we're also fixing the security stuff. We will be increasing the volume of scans, but it will come to a logical point. When a version is no longer supported, we will definitely remove it from Veracode. So, all in all, at any moment in time, I foresee four or maybe five versions to support multiplied by four applications. There is also a development branch for each application, so there will be around 20-25 automated scans per night.

How are customer service and support?

I am very pleased with the Veracode support because so far, there were no issues where they were not able to help us. Sometimes, in our questions to Veracode, we ask about the deep aspects of functionality, and so far, we've received answers for all those questions, and they were mostly good. I would rate them a nine out of 10 just because I didn't like some of their answers. Because of our approach of having each version as a separate sandbox in Veracode, we had questions about the consistency of results between different sandboxes, but then we realized that these are peculiarities of the platform. It is nothing serious or special. It was mostly related to our expectations from those algorithms, but it actually works perfectly. I can give a 10 for Veracode's support, but then they will have no growth to improve.

How was the initial setup?

It was pretty straightforward. The problem that we had was mostly about our solution's architecture because the solution itself is big and heterogeneous. Some parts or regions are using the Java platform, and some parts are in the .NET code. The main problem was to correctly build our solution for Veracode. This was the only challenge. Veracode provided us with good functionality with their Jenkins Plugin that made it possible for us to automate our daily development. So, the main problem for us was mostly related to properly building our solution and using it in Veracode. It was pretty straightforward. There was nothing complex, but it needed some work from our side.

The strategy for Veracode implementation was pretty straightforward. From the very beginning, we stuck to the idea that it should be automated because all modern DevOps practices and approaches, such as Infrastructure as a Code, are widely used in our company. So, from the very beginning, we decided that it should be coded, and it should be stored in source control and uploaded. Veracode became a part of our process of everyday deployment, and it was a part of our strategy to make it a part of our life and use it as much as we can.

The number of people involved depended on the stage. At the initial stage, when we were evaluating it, there were somewhere around six or seven people who were making the decision of buying Veracode and other stuff. We have different companies and products inside our organization, and each and every product team is responsible for implementing it. We were the pioneers in using the solution from Veracode, and later on, it spread out to other projects. Now, we're acquiring additional licenses and so on. We planned everything with the help of the developer team. We follow the agile approach in our development, so everything was planned. User stories were created, and we just acted on them.

Which other solutions did I evaluate?

I participated in the review of tools. We reviewed not only Veracode. There were also other candidates for our main tool for static scan and software composition analysis. So, I have been involved in all activities around Veracode from the very beginning. What I liked about Veracode is that it is not just one product. It is a big ecosystem. It even has integration with Visual Studio, etc. First of all, we took a look at the scope of scanning. We compared the results of scanning and the functionality. Veracode had really great reporting functionality. In the end, we came up with the conclusion that Veracode fits best to our needs, and I believe we were right.

What other advice do I have?

My advice would be to adopt Veracode to serve your processes. I believe that the processes inside the company shouldn't be changed significantly with the introduction of new tools. Definitely, for each and every new tool, you need to build some process around usage in terms of administration and control. Veracode has a relatively big ecosystem of tools, which is a big advantage, and my advice would be to check all those tools and see how they can fit into your process, and how they can improve them. There are a lot of options and a lot of tools provided by Veracode that can fit each and every process. Whether you are using a waterfall process or DevOps practices in your organization, with Veracode, you can add necessary steps to your process without making significant changes in the processes that you have.

We take security seriously, and Veracode is not the only thing that we have for security. We do manual penetration testing to security test our applications. We also have some dynamic scanning. We follow some practices while engineering and architecting our solutions. At each and every step, we are trying to cover our solution with the necessary security testing activities or security design principles. Veracode is a big part of our security, but it is not the only one. We are fixing all issues, especially those that are non-compliant with our policy.

We don't use any connections with Software Composition Analysis. It is a separate product in the ecosystem that makes it possible for you to deeply scan your third-party libraries. This is the only way we use it. 

In terms of Veracode SCA reducing our overall scan times, I believe that it is not applicable at this point. In the case of agent-based scanning, the situation that we recently had has shown that you cannot fully substitute Software Composition Analysis from a static scan with agent-based. That's because, in the end, documents that you provide together with the release are the policy scan results generated by static scan. You can reduce the amount of time for your scanning, but in the end, you need at least one scan where you will figure out all third-party states as a part of the policy scan report. You cannot use only agent-based Software Composition Analysis because they are two separate sources of information. We can use Software Composition Analysis and then somehow merge results from two sources in one document for it, which is inconvenient. We are having nightly builds for Veracode, and it doesn't matter to us whether it takes more than 30 minutes or less than 30 minutes. We haven't measured the time, but with the approach that we have set in our company, we can leave it for longer time periods, and after nightly build, everything is okay for us. So, Jenkins just does its job of uploading, and no one monitors it. We are just monitoring that the jobs are stable and results are available. Considering that we're doing it at night, it is not that important for us for how long it runs.

It hasn't exactly increased our fix rate because it is not about our code. It is about the third-party code. We definitely have to mitigate, and sometimes, we have to change libraries to a newer version, so it somehow affects our fix rate, but mostly, the static scan affects our fix rate because it shows flaws in our code. So, I don't see any significant improvement with Veracode Software Composition Analysis in terms of our fix rate. I don't see a direct relationship between Veracode Software Composition Analysis and our fix rate, whereas Static Analysis works and gives us the necessary results and plans for fixing and doing our next steps in security.

It has not yet helped our company with certification and audits. We haven't yet shared those green results with our customers, and we didn't have any certifications the last time.

I would rate Veracode Software Composition Analysis a nine out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate

Veracode Questions

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
Jun 06 2022

Hi Everyone,

What advice do you have for others considering Veracode?

Thanks for sharing your thoughts with the community!

Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
Jun 06 2022

Hi Everyone,

What is your primary use case for Veracode?

Thanks for sharing your thoughts with the community!

reviewer1121823 - PeerSpot reviewer
reviewer1121823We used it for performing security checks. We have many Java applications and… more »
60 Answers
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
Jun 06 2022

Hi Everyone,

What needs improvement with Veracode?

Thanks for sharing your thoughts with the community!

it_user842937 - PeerSpot reviewer
it_user842937From a technical standpoint, I'm pretty happy with everything. The one thing I'd… more »
Elina Petrovna - PeerSpot reviewer
Elina Petrovna* Management of false positives * Agile best practices: Violation detection. *… more »
Michael Stricklen - PeerSpot reviewer
Michael Stricklen* More timely support for newer languages and framework versions. * Integration… more »
66 Answers
Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
Jun 06 2022

Hi Everyone,

What is your experience regarding pricing and costs for Veracode?

Thanks for sharing your thoughts with the community!

Karen Meohas - PeerSpot reviewer
Karen MeohasVeracode is expensive. Some of its products are expensive. I don't think it's… more »
41 Answers
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
Jun 06 2022

Hi Everyone,

What do you like most about Veracode?

Thanks for sharing your thoughts with the community!

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
May 26 2022

If you were talking to someone whose organization is considering Veracode Static Analysis, what would you say?

How would you rate it and why? Any other tips or advice?

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
May 26 2022

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
May 26 2022

Please share with the community what you think needs improvement with Veracode Static Analysis.

What are its weaknesses? What would you like to see changed in a future version?

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
May 26 2022

Hi Everyone,

What do you like most about Veracode Static Analysis?

Thanks for sharing your thoughts with the community!

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
May 12 2022

If you were talking to someone whose organization is considering Veracode Software Composition Analysis, what would you say?

How would you rate it and why? Any other tips or advice?

Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
May 12 2022

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Reviewer64985 - PeerSpot reviewer
Reviewer64985Software Composition Analysis (SCA) is used to detect vulnerabilities in open… more »
12 Answers
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
May 12 2022

Please share with the community what you think needs improvement with Veracode Software Composition Analysis.

What are its weaknesses? What would you like to see changed in a future version?

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
May 12 2022

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
May 12 2022

Hi Everyone,

What do you like most about Veracode Software Composition Analysis?

Thanks for sharing your thoughts with the community!

Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
May 07 2022

If you were talking to someone whose organization is considering Veracode Security Labs, what would you say?

How would you rate it and why? Any other tips or advice?

Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
May 07 2022

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
May 07 2022

Please share with the community what you think needs improvement with Veracode Security Labs.

What are its weaknesses? What would you like to see changed in a future version?

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
May 07 2022

Hi Everyone,

What do you like most about Veracode Security Labs?

Thanks for sharing your thoughts with the community!

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
May 07 2022

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
May 02 2022

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
Apr 29 2022

If you were talking to someone whose organization is considering Veracode Manual Penetration Testing, what would you say?

How would you rate it and why? Any other tips or advice?

Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
Apr 29 2022

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
Apr 29 2022

Please share with the community what you think needs improvement with Veracode Manual Penetration Testing.

What are its weaknesses? What would you like to see changed in a future version?

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
Apr 29 2022

Hi Everyone,

What do you like most about Veracode Manual Penetration Testing?

Thanks for sharing your thoughts with the community!

Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
Apr 27 2022

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Grzegorz Grabarczyk - PeerSpot reviewer
Grzegorz Grabarczyk
Project / Delivery Manager at Spyrosoft
Jan 05 2022

Is there anyone here that has used the trial version of Veracode Security Labs? Did you decide to go with a different option and why?

CristobalRodriguez - PeerSpot reviewer
CristobalRodriguezVeracode was running a few monthly competitions in 2021 from Jan-July.  The… more »
1 Answer
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)

Why is one better than the other?

reviewer1572348 - PeerSpot reviewer
reviewer1572348We have used SonarQube quite a lot and this is great to check code quality… more »
6 Answers