Great In-Depth Analysis of In-House Applications
March 15, 2024

Great In-Depth Analysis of In-House Applications

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Modules Used

  • Software Composition Analysis (SCA)
  • Dynamic Analysis (DAST)
  • Developer Training
  • Static Analysis (SAST)

Overall Satisfaction with Veracode

Within our organization we have a large portfolio of applications written over many years by many different developers. As part of our continuous improvement and dedication to security we have integrated Veracode's static code analysis platform into our process of monitoring and reviewing our portfolio, greatly increasing our coverage. As a company with smaller development teams we greatly value resource efficiency, and tools which can improve it; to this extent our developers can utilize their time effectively remediating important flaws the platform discovers, and our organization can feel assured that our focus on security continues to evolve and grow.

Pros

  • Veracode's static code analysis platform provides in-depth information as well as very useful suggestions regarding mitigation for flaws it discovers. This is very helpful in assisting developers towards a speedy and complete mitigation.
  • Veracode does well to keep connected with their customers, ensuring the success of their customers on their platform is evidently one of their goals which they hold highly. This responsiveness continues into their technical support which is both helpful and fast to respond.
  • Veracode continues to update their platforms, their capabilities, and their research often; the promise of continuous improvement from all facets provides value to us as an organization.

Cons

  • We would like to see Veracode continue to improve the integrations available, particularly with respect to .NET IDEs. Part of our development team uses JetBrains' Rider which is, as of this time, unsupported for static integration.
  • We would also like to see Veracode continue to improve their dynamic scan offerings; with the recent addition of DAST Essentials we feel this improvement may come sooner than later.
  • Veracode's platform has had a very positive impact on our security posture, paving the path towards having coverage monitored automatically on hundreds of internal applications throughout the development lifecycle.
  • Veracode's platform has also had a very positive impact on improving the security knowledge of our development team, providing meaningful feedback as well as training options to reduce mitigation time and help to prevent flaws before they are created.

Do you think Veracode delivers good value for the price?

Yes

Are you happy with Veracode's feature set?

Yes

Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?

Yes

Would you buy Veracode again?

Yes

Within our organization it is clear that when a codebase is available, and in a language that Veracode supports, the use of Veracode (with a particular focus to the static scanning platform) is a great suggestion. The depth of information it can provide with respect to security flaws is valuable, with very little setup required from the developers. When a codebase is unavailable, say in the instance of third-party applications for which you are creating extensions or some form of module, then static code scanning is not an option but even then dynamic scanning (DAST) may prove to be helpful, though potentially less so.

Comments

More Reviews of Veracode