It provides good reports." "The solution's ability to prevent vulnerable code from going into production is perfectly fine.
Veracode helps us to analyze all the security flaws, discrepancies, and vulnerabilities inside the application. When an application is being used by the public, security is a challenge. You can see what are the flaws and what could be the best possible resolution to minimize those flaws in the application. You can easily go through all the analyses done by Veracode. They are responsive and very knowledgeable." "The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA." "The findings of their security analysis are wonderful. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use." "In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application." "The Veracode technical support is very good. If we have any outstanding issues, they get serviced and addressed." "The dynamic scanning tool is what I like the best. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. We immediately replace these with more permissive, open-source licenses, so we are safe in the end." "Veracode's technical support is great.
In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. Based on that report, we decide if we can continue.
However, as per our mandate, for every new repository that gets added and scanned, a report gets published. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it.
The development teams have the freedom to choose their own libraries and languages. "The centralized view of different testing types helps reduce our risk exposure.
0 kommentar(er)
