Veracode and Prisma Cloud by Palo Alto Networks offer competitive pricing and valuable security features. Veracode has mixed reviews on customer support and setup complexity, while Prisma Cloud receives positive feedback in these areas. Veracode emphasizes ROI and comprehensive security testing, while Prisma Cloud focuses on cost savings and compliance automation.
The summary above is based on 283 interviews we conducted recently with Veracode and Prisma Cloud by Palo Alto Networks users. To access the review's full transcripts, download our report.
"Cloud Native Security offers a valuable tool called an offensive search engine."
"PingSafe released a new security graph tool that helps us identify the root issue. Other tools give you a pass/fail type of profile on all misconfigurations, and those will run into the thousands. PingSafe's graphing algorithm connects various components together and tries to identify what is severe and what is not. It can correlate various vulnerabilities and datasets to test them on the back end to pinpoint the real issue."
"Cloud Native Security is user-friendly. Everything in the Cloud Native Security tool is straightforward, including detections, integration, reporting, etc. They are constantly improving their UI by adding plugins and other features."
"The most valuable feature of PingSafe is its integration with most of our technology stack, specifically all of our cloud platforms and ticketing software."
"The most valuable feature of the solution is its storyline, which helps trace an event back to its source, like an email or someone clicking on a link."
"The solution helped free other staff to work on other projects or other tasks. We basically just had to do a bunch of upfront configuring. With it, we do not have to spend as much time in the console."
"It's positively affected the communication between cloud security, application developers, and AppSec teams."
"The user interface is well-designed and easy to navigate."
"You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums."
"Integrating with a CI/CD pipeline and incorporating a vulnerability assessment process are highly effective features, especially when combined with runtime protection."
"I like Prisma's ability to integrate with other tools. We can integrate it with Jira so that when Prisma triggers an alert, it opens a ticket in Jira. That was a big selling point for the product. There's a feature called the guest custom template that allows you to trigger alerts in Jira based on the template. That can also be added as a feature on Jira."
"The CVEs are valuable because we used to have a tool to scan CVEs, at the language level, for the dependencies that our developers had. What is good about Prisma Cloud is that the CVEs are not only from the software layer, but from all layers: the language, the base image, and you also have CVEs from the host. It covers the full base of security."
"Visibility is a key feature. Integration with other technologies across the board, whether they are Palo Alto technologies, Windows technologies, or cloud technologies, is probably the biggest thing."
"It also provides us with a single tool to manage our entire cloud architecture. In fact, we are using a multi-account strategy with our AWS organization. We use Prisma as a single source of truth to identify high- or medium-severity threats inside our organization."
"The two most valuable features are container security and the capability to discover workloads."
"My favorite feature is the CWPP module. We can define various kinds of rules for vulnerabilities, incidents, or suspicious activities."
"I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities."
"Veracode is a valuable tool in our secure SDLC process."
"Valuable features for us are the static scanning of the software, which is very important to us; the ability to set policy profiles that are specific to us; the software composition analysis, to give us reports on known vulnerabilities from our third-party components."
"We use it to get our scan results and see where our software is vulnerable or not vulnerable."
"The solution's ability to help create secure software is very valuable. We're a zero-trust networking company so we want to have the ability to say that we're practicing security seriously. Having something like Veracode allows us to have confidence when we're speaking to people about our product that we can back up what we're doing with a certification, with a reputable platform, and say, "This is what we're using to scan an application. Here's the number of vulnerabilities that are on an application. And here's the risk that we're accepting.""
"It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail."
"The security team can track the remediation and risk acceptance statistics."
"The ability on static scans to be able to do sandbox scans which do not generate metrics."
"PingSafe's current documentation could be improved to better assist customers during the cluster onboarding process."
"Whenever I view the processes and the process aspect, it takes a long time to load."
"In some cases, the rules are strictly enforced but do not align with real-world use cases."
"The alerting system of the product is an area that I look at and sometimes get confused about. I feel the alerting feature needs improvement."
"It would be really helpful if the solution improves its agent deployment process."
"I export CSV. I cannot export graphs. Restricting it to the CSV format has its own disadvantages. These are all machine IP addresses and information. I cannot change it to the JSON format. The export functionality can be improved."
"There is no break-glass account feature. They should implement this as soon as possible because we can't implement SSO without a break-glass feature."
"PingSafe can be improved by developing a comprehensive set of features that allow for automated workflows."
"The UI is the worst."
"The pricing for the solution needs improvement."
"The dashboard can be created at the user level instead of the cloud account level, which will help save time."
"While Prisma provides a lot of visibility, it also creates a ton of work. Most customers that implement Prisma Cloud have thousands of alerts that are urgent."
"A couple of exporting functionalities should be more user-friendly because if I want to export something, I can get a lot of data visible to that particular CSV."
"More documentation with real-world use cases would be helpful."
"It would be ideal if they could somehow reduce the deployment time."
"Support is an area that needs improvement."
"Mitigation review isn't always super easy."
"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."
"The sandbox could use some improvement; when creating a sandbox, it requires us to put the application name in twice, which seems unnecessary."
"They could improve how they fix vulnerabilities. They could have more support in place to help the developers."
"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had."
"Sometimes we get a lot of false positives even after configuring our policies, so that could be improved."
"We have encountered occasional issues with scalability."
"The reports on offer are too verbose."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
Prisma Cloud by Palo Alto Networks is ranked 1st in Container Security with 82 reviews while Veracode is ranked 4th in Container Security with 194 reviews. Prisma Cloud by Palo Alto Networks is rated 8.4, while Veracode is rated 8.2. The top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Prisma Cloud by Palo Alto Networks is most compared with Wiz, Microsoft Defender for Cloud, Aqua Cloud Security Platform, AWS Security Hub and CrowdStrike Falcon Cloud Security, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Prisma Cloud by Palo Alto Networks vs. Veracode report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.