My use case for Veracode is to identify security vulnerabilities in our production Jars.

Veracode's best features include the ability to perform multiple types of scans such as SAST and DAST scans, and we can scan third-party Jars as well. If we are using certain Jars that are expired and have no long-term support, we can mitigate that and change the versions. In the DAST scan, we can test in real-time how hackers would attack our system and identify security flaws while going through the results.

Veracode has improved our organization by allowing us to identify vulnerabilities and mitigate them as soon as possible without getting exposed to the outside world. Hackers cannot hack anything, so we can protect our entire system using this solution.

Veracode has areas for improvement in that the scan takes some time for each Jar depending on the size. If it were faster, that would be more helpful for us.

I have been using Veracode for around one to two years.

I have never faced downtime, bugs, or glitches with Veracode over the past few years. It is stable.

I find that Veracode's scalability is a ten out of ten, as I have never faced any issues.

When comparing Veracode with other products such as SonarQube, I find that Veracode has much more support because they offer numerous customer support options. Whenever there are doubts, we can log a session with them, and they are always happy to help.

Setting up Veracode is very easy. We are using it as a platform as a service, and we just need to integrate some creator access IDs and a few security passwords with our existing CI pipeline.

It takes about a week to set up Veracode.

Currently, we are using Veracode for on-premises services. If we have any doubts, we can schedule a meeting with them to explain all the services they offer, including types of scans and security details, which is how we got to know about Veracode.

Most of the developers in my organization, around fifty to eighty, are using Veracode because it is their code that they are building.

We are a customer of Veracode.

Veracode does not require any maintenance from our end. It is a platform as a service where we just put our code and do the scanning, with everything being taken care of by Veracode itself.

Regarding pricing, Veracode is cost-efficient and not that expensive.

Veracode saves us a lot in terms of security, ensuring that external users or others cannot easily hack our system, which is the main motive for using Veracode. It has saved everything for our organization.

I would rate the technical support of Veracode a ten out of ten.

I would definitely recommend Veracode to other users because it always helps in identifying security issues with our code and applications. It is the best tool that I can recommend, and I would rate it a ten out of ten.

We use Veracode mainly for legacy software audits.

The most valuable feature of Veracode is the binary scan feature for auditing, which allows us to audit the software without the source code. Veracode's most valuable feature is the verified vulnerability database, and we can do a full software audit at our company, including all of the systems.

Veracode should provide more flexibility in its pricing and licensing modules so that it could be more affordable for all types of projects and not only for very active mission-critical projects.

With the solution's security audit feature, an enterprise should be able to cover all of its applications with the desktops. Veracode is simply too expensive for that. If you know about the price of a web application, and if you multiply it by 1,000, the return on investment doesn't work. It's okay for one or two projects running very fast, but it doesn't work for all the legacies. So, it's a huge amount of money.

There should be some lighter tool that allows you to do some audit scanned one time. Only ten percent of the applications are actively developed. About 90% of the other applications have no projects or budgets, but we are still vulnerable. It is too much if you buy it for all of that.

I have been using Veracode for three years.

Veracode is a completely stable solution, and we had no problems with its stability. The solution was a bit slow, but it was stable.

We didn’t face any issues with the solution’s scalability.

We know only one person from Veracode, and he supported us when we had issues, and he was able to solve everything.

We have previously used Checkmarx. Veracode's pricing is cheaper than Checkmarx, and it has some unique features like binary scan. In Hungary, Checkmarx is installed more than Veracode.

The solution’s initial setup was very easy. Only one or two people are needed for the initial setup of the solution.

Veracode is a very expensive product.

Veracode can list a lot of vulnerabilities, but processing all of them is a time- and resource-intensive process. I think Veracode has no innovative features because a lot of other software can do that. In our opinion, innovative features are a commodity with Veracode, but they are doing a good job.

The solution's ability to provide visibility into application status at every phase of development is valuable. It can be faster, but it can also slow down because our backlog may be much longer. There will be a lot of vulnerabilities or false positives that have to be processed. So, it is not black and white, but it is safer. Veracode has helped our developers save time.

Veracode has had a very low impact on our organization’s overall security posture because it is a very expensive product. An enterprise with 1,000 applications uses the solution for one or two applications. Veracode does not need any maintenance because it's cloud-based.

Veracode is very important to our organization’s shift-left security strategy when we have a project with enough sources to provide the license. I use Veracode’s cloud version. The return on investment with Veracode is good for one or two mission-critical projects running in the company. For other things, users should use open-source solutions or much cheaper products like SonarQube that are not as good as Veracode.

The fact that Veracode scans only binary code and doesn't scan source code concerns me sometimes. Sometimes, we have to do some source repository audits. We cannot use Veracode for source repository audits because it scans only binary code. I would recommend Veracode to other users.

Overall, I rate the solution ten out of ten.