![Drivers touchpad htc shift windows 7](https://kumkoniak.com/28.jpg)
![sonarqube vs veracode sonarqube vs veracode](https://lasopaspecialist289.weebly.com/uploads/1/2/5/3/125352477/252733648.png)
![sonarqube vs veracode sonarqube vs veracode](https://i.postimg.cc/3wFHGjkX/DevOPS2.png)
Overlooking a single email resulted in all associated scans from being unable to complete. As a result, our Veracode scans had been failing due the expired API keys. There were no additional follow up emails or notifications in the portal etc, that warn of the expired API key. We found that Veracode appeared to only send 1 notification regarding the pending expiration, just 1 day prior to the API key expiring.
#Sonarqube vs veracode code#
Developers cannot rewrite the code for 3rd party developers. This resulted in our code failing the scan. As a result, scans showed the incorrect results. The scans incorrectly identified one of the 3rd party libraries as our internal organization code.And one of our JIRA updates broke the Plug-in. Its JIRA plugin itself was not regularly updated.This resulted in hundreds of new tickets being raised in JIRA creating a clutter. For example, a client side validation issue that could be addressed by a single change to the validation library in place was flagged as a new ticket for every text box was created. Veracode would raise dozens or even hundreds of tickets for the same finding if it was found in more than area such as a text box.We eventually fall-back to creating tickets manually in JIRA due to following reasons: Integration with JIRA was not usable and did not solve our purpose.Often it took follow up emails to even get a response from them.This was even the case when the ticket raised was in regards to the same outdated documentation. Support from tickets raised almost always included nothing more than a link to outdated documentation.Veracode Support took weeks to respond and when they did respond, the responses were short with no help.It did not support some basic integrations. Its UI looked dated and far from intuitive. Veracode UI portal left lot to be desired.We found the Veracode APIs very hard to use and integrate with our build pipeline.At few places even we found it misleading. Veracode Documentation did not keep up the pace with their updates (which anyway happened once in a blue moon).Please exercise your own independent skill and judgement before you rely on the information in this post. It should not be seen as endorsement or opposition of any SAST tool. Unfortunately, our experience with Veracode was quite opposite.ĭisclaimer : This post talks about our experience with Veracode and other SAST tools based on our needs last year. It is considered a leader in Application Security by Gartner and is used by hundreds of organizations across the globe. Until recently, our organization used Veracode for security analysis for few our applications.
#Sonarqube vs veracode series#
This post is Part-1 of multi-part series describing our journey to ditch popular Static Application Security Testing (SAST) tool Veracode and our quest for a better security tool.
![Drivers touchpad htc shift windows 7](https://kumkoniak.com/28.jpg)