Listing Thumbnail

    Veracode Continuous Software Security Platform GovCloud

     Info
    Sold by: Veracode 
    An American built, American owned and FedRAMP authorized vendor, Veracode is a 9x leader in Gartner Magic Quadrant for Application Security Testing. The Veracode Continuous Software Security Platform is a comprehensive software security solution that is pervasive not invasive throughout the SDLC. The Veracode platform enables security teams to define & manage policy, gain view of security posture of your application portfolio, leverage rich analytics and reporting to make informed plans, produce evidence to meet regulatory requirements, and deliver a successful DevSecOps program. Your development teams enjoy tools that are seamlessly embedded into their SDLC to continuously scan & prioritize potential issues, provide guidance on how to fix, and offer in-context education to avoid future issues. This always-on orchestration of secure development provides confidence that your software is secure while empowering developers with frictionless support & guidance needed to code securely.
    Listing Thumbnail

    Veracode Continuous Software Security Platform GovCloud

     Info
    Sold by: Veracode 

    Overview

    Application Security Testing is a required element of key federal mandates, as outlined in the White House Cybersecurity Executive Order 14028, section 4e, which states that the security of software used by the Federal Government's ability to perform its critical functions, and there is a pressing need to implement more rigorous and predictable mechanisms for ensuring that products function securely, and as intended.

    According to the NIST Secure Software Development Framework (SSDF), secure software development practices should be integrated throughout software life cycles for three reasons: 1) to reduce the number of vulnerabilities in released software, 2) to reduce the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and 3) to address the root causes of vulnerabilities to prevent recurrences.

    Acting to ensure that the above guidance is met, the Office of Management and Budget includes Application Security Testing as a vital component in Memo M-22-09, 'Moving the U.S. Government Toward Zero Trust Cybersecurity Principles,' which stipulates that federal agencies must achieve specific zero trust security goals by the end of Fiscal Year (FY) 2024 (September 30, 2024).

    Veracode can assist federal agencies to comply with the above guidance and mandates through provision of the following product and service offerings:

    Veracode Static Analysis: Secure Software as you write it You need a holistic, scalable way to reduce security risk, align teams, and enable developers. Veracode Static Analysis provides fast, automated feedback to your developers in the IDE and CI/CD pipeline, conducts a full Policy Scan before deployment, and gives clear guidance on how to find, prioritize, and fix issues fast and accurately, with a <1.1% false positive rate.

    Veracode Dynamic Analysis: Secure Software in the Runtime Environment. According to the 2020 Verizon Data Breach Investigations Report, web applications were the source of 43% of breaches, more than double that in 2019.

    Veracode Dynamic Analysis scans runtime applications, providing the scale necessary to audit hundreds of target applications simultaneously, including APIs (Application Programming Interface.) Used in conjunction with Static and Software Composition Analysis, Veracode Dynamic Analysis complements a shift-left approach to application security by verifying in production that vulnerabilities were addressed or mitigated before application release.

    Veracode Software Composition Analysis: Secure the Software Supply Chain.

    With third-party components, including open-source libraries, making up as much as 80% of an applications codebase, it is critical to scan those libraries for vulnerabilities to reduce the introduction of risk into your apps. The recent log4j vulnerability only served to emphasize the importance of scanning and securing open-source libraries.

    Veracode software Composition Analysis (SCA) identifies risks from open-source libraries early so you can reduce unplanned work, covering both security and license risk. SCA helps Engineering keep roadmaps on track, Security achieves regulatory compliance (SBOM), and the Business makes smart decisions.

    Veracode SCA protects your applications from open-source risk by identifying known vulnerabilities in open-source libraries used by your applications. In addition to providing a list of vulnerabilities when your application is scanned, Veracode SCA can also alert you when new vulnerabilities are discovered after your application has been scanned or when existing known vulnerabilities have had their severity level upgraded. Integrated with CI (Continuous Integration) systems, you can fail your build based on vulnerabilities discovered as well as any components that your security team has blocked. As part of the Veracode Platform, Veracode SCA provides a unified experience to display all your security testing results in one place.

    Security Labs: Enable developers.

    Data from the 12th edition of Veracode's State of the Software Security shows that developers who complete at least one training course from Veracode Security Labs fix security flaws over 35% faster than those who have not. With security absent from most Computer Science programs it is critical to give your development team a leg up both on the competition and on bad actors.

    Veracode Security Labs shifts software security knowledge left, giving you hands-on training to confidently tackle modern threats by exploiting and patching real code, and applying developer principles to deliver secure code on time.

    Highlights

    • Veracode platform unites dev & security teams; from integrated development environment, code repository, CLI, to dev pipeline. Developers address security findings with inline automated remediation advice & in-context learning, reducing time to fix.
    • Provides flexible & powerful interface to define, manage, & apply policy. Rich reporting & insights gained from 2 decades of scanning provide understanding of app security posture, enhancing communications, meet GRC requirements, & mitigate risks.
    • Cloud-native SaaS architecture: the platform provides elastic scalability, high performance, and lower costs to customers.

    Details

    Sold by

    Delivery method

    Pricing

    Veracode Continuous Software Security Platform GovCloud

    Content restricted
    Sign in with your AWS account credentials to determine if you're eligible to view product information.

    Vendor refund policy

    Content restricted
    Sign in with your AWS account credentials to determine if you're eligible to view product information.

    Legal

    Vendor terms and conditions

    Content restricted
    Sign in with your AWS account credentials to determine if you're eligible to view product information.

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Veracode Documentation: https://docs.veracode.com/  Application Security Knowledge Base: https://www.veracode.com/security  Veracode Developer Quick Start Guide: https://docs.veracode.com/r/r_supported_table  Veracode Technical Support: https://www.veracode.com/resources/customers/technical-support 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    23 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Consumer Goods

    Good product and vision

    Reviewed on Jul 16, 2024
    Review provided by G2
    What do you like best about the product?
    Serves great as a single entry point for all our applications portfolio, allowing to have both a general overview and to go in details on the security findings.
    What do you dislike about the product?
    Account executive way too pushy and creates unneeded pressure.
    The company delivers way more features to the US market than EU, and the features are never delivered as promised.
    There are mismatches between what is described in the docs and what is actually delivered.
    Overly complex license model.
    The investment on the customer success package is hard to justify and its services are not measurable.
    What problems is the product solving and how is that benefiting you?
    Veracode allows us to ensure that our digital products are secure and compliant with security standards, without sacrificing productivity.
    Sunil B.

    Best security tool to have in the organization

    Reviewed on Aug 23, 2023
    Review provided by G2
    What do you like best about the product?
    security scanning which can conduct on our sdk'd , ipa's , jar files is something whoich one should appreciate . Because it gives back the exact report with correction required and suggestions .
    What do you dislike about the product?
    Fro scanning as we upload sdk'd , ipa's ,jar files . When upload is not successfull ,user is not intimated immediately. This causes little confusion for a new comer.
    What problems is the product solving and how is that benefiting you?
    Instead of relying on free tools , we have adopted Verqacode for static and dynamic scans and we were able to get good results . Which helped us in identifying things in the right time.
    Neha B.

    Code Scanning over Veracode

    Reviewed on Mar 31, 2023
    Review provided by G2
    What do you like best about the product?
    It's a tool to make a static code scan and detect the exposed secrets or passwords before the application is released. We can create multiple sandboxes and run various parts of the code individually. Veracode can be easily integrated with CI/CD pipelines, making it easy to trigger the scan.
    What do you dislike about the product?
    Any meditation of false positive flaws is not straightforward or internal to the team. There is always dependency on the Veracode admin team to mitigate the flows, interrupting the overall workflow.
    What problems is the product solving and how is that benefiting you?
    We use Veracode for static code scanning to identify the vulnerabilities.
    It helps us identify the same and fix the code as per the action plan.
    We even conduct secure code review end to end for better code processing.
    Information Technology and Services

    Best tool to analyse or found security threats in code

    Reviewed on Aug 03, 2022
    Review provided by G2
    What do you like best about the product?
    Help to analyse or found security threats in code.
    Performing Security testing get easy
    What do you dislike about the product?
    Bit complex to implement and understand the threats.
    Description is to less for many errors.
    Scaning take more time to complete the result or report
    What problems is the product solving and how is that benefiting you?
    Security testing to easy by implementing veracode.
    It helps to do Vulnerability scanning.
    Source code review can also do
    Computer Software

    Security Platform

    Reviewed on Aug 15, 2021
    Review provided by G2
    What do you like best about the product?
    The ease of finding the CVE and possible libraries that needs to be upgrade for security compliance
    What do you dislike about the product?
    Ease of console usage is a little challenging
    What problems is the product solving and how is that benefiting you?
    Dynamic Analysis, Penetration testings and Software composition analysis
    View all reviews