Overview
Product Information on Veracode
What is Veracode?
Veracode Pricing
Overall experience with Veracode
“Rich Explanations Provided, But False Positives and Speed Persist as Major Issues”
“Great product if your organization is ready for SAST.”
About Company
Company Description
Veracode is a software security firm focused on identifying flaws and vulnerabilities across all stages of the software development lifecycle. The foundation of Veracode's approach lies in its Software Security Platform, which uses advanced AI algorithms trained on vast datasets of code. This allows for faster and more precise identification and rectification of security flaws. Veracode's mission is to evolve the concept of software security, ensuring it stays aligned with the dynamic needs of today's software development processes.
Company Details
Do You Manage Peer Insights at Veracode?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
User Sentiment About Veracode
Reviewer Insights for: Veracode
Performance of Veracode Across Market Features
Veracode Likes & Dislikes
- it allows to perform multiple sandbox scans not affecting the overall compliance status of the project - Veracode has rich UI allowing to analyze and triage the findings - There are great explanations of the findings, including links to the source documents and training materials
Having the environment (scanning platform) ready to use and always working.
The dedication of the account team that supports the solution, combined with the fact that the various scanners Veracode offers are integrated in a single platform.
- lot of false positive findings caused by not considering the overall structure of a project and dependencies; - slow assessment even of a quite small projects; - limited support of Python/JavaScript projects
Ways that you can view and validate findings. Web portal is not usable and IDE plugins are not polished. Also some of the IDEs are not supported at all.
Last year there have been many changes in the Veracode team supporting my organization. While this was inconvenient it did not affect the delivered service.
Top Veracode Alternatives
Peer Discussions
Veracode Reviews and Ratings
- IT OPS SPECIALIST10B+ USDBankingReview Source
Rich Explanations Provided, But False Positives and Speed Persist as Major Issues
Veracode does a great job in finding the potential security flaws in code. Yet its limited intelligence on the overall project structure provides a lot of false positive findings. Also its support of the Python/JavaScript projects is quite limited - IT Security & Risk Management Associate50M-1B USDBankingReview Source
Good scanning capabilities and frequent release of new features
The SAST & SCA capabilities are easy to implement and deliver on the promises made by Veracode. Veracode is extremely committed with a good support desk and experts that are easy accessible. It does seem that the company mainly focuses at the US market and functionality in the EU comes with a slight delay. The performance of the solution is sometimes criticized - static scans delay the deployment pipelines and developers have to wait for the results. - CyberSecurity Consultant50M-1B USDHealthcare and BiotechReview Source
Excellent tool with great support, but room for UX improvements.
An excellent and comprehensive tool that has improved significantly over the past two years, with exceptional and prompt customer support. - IT Associate10B+ USDBankingReview Source
Veracode Enables Rapid Code Analysis but May Cause False Positive Alerts
I use Veracode every time my PRs synced via pipeline and it works well in analysing the code and performing security checks in a couple of minutes. - Manager, IT Security and Risk Management10B+ USDBankingReview Source
Attentive Support Aids Transition Amid Unannounced Production Environment Adjustments
Since the beginning of the migration , we have had constant support and assistance , always ready to help us at every step of the process