We performed a comparison between JFrog Xray and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Container Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"The solution is stable and reliable."
"Good reporting functionalities."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"The CSCA vulnerability scanning is useful."
"When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them."
"The static analysis gives you deep insights into problems."
"Veracode is easy to use even if you're not a security professional. I like the dynamic analysis feature, which offers a lot of cost savings when used in production."
"The pricing is worth it."
"It's comprehensive from a feature standpoint."
"Developer Sandboxes help move scanning earlier within the SDLC."
"It is a good product for creating secure software. The static code analysis is pretty good and useful."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"Lacks deeper reporting, the ability to compare things."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"JFrog Xray does not have a dashboard."
"JFrog Xray's documentation and error logging could be improved."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"There should be more control for administrative users so that we can add and delete any functionality or module within the platform. We should not have to reach out to Veracode's customer support every time. We should be able to customize our modules."
"Mitigation review isn't always super easy."
"The Web portal, at times, is not necessarily intuitive. I can get around when I want to but there are times when I have to email my account manager on: "Hey, where do I find this report?" Or "How do I do this?" They always respond with, "Here's how you do it." But that points to a somewhat non-intuitive portal."
"All areas of the solution could use some improvement."
"I would like to see expanded coverage for supporting more platforms, frameworks, and languages."
"It's problematic if you want to integrate it with your pipelines because the documentation is not so well written and it's full of typos. It is not presented in a structured way. It does not say, "If you want to achieve this particular thing, you have to do steps 1, 2, and 3." Instead, it contains bits of information in different parts, and you have to read everything and then understand the big picture."
"When it comes to the speed of the pipeline scan, one of the things we have found with Veracode is that it's very fast with Java-based applications but a bit slow with C/C++ based applications. So we have implemented the pipeline scan only for Java-based applications not for the C/C++ applications."
"Veracode can be slow at times and has room for improvement, which may cause delays in our products and prolonged static scans."
JFrog Xray is ranked 18th in Container Security with 7 reviews while Veracode is ranked 4th in Container Security with 194 reviews. JFrog Xray is rated 8.2, while Veracode is rated 8.2. The top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". JFrog Xray is most compared with Black Duck, Snyk, Mend.io, Trivy and Fortify Static Code Analyzer, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our JFrog Xray vs. Veracode report.
See our list of best Container Security vendors and best Software Composition Analysis (SCA) vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
