Veracode and Prisma Cloud by Palo Alto Networks offer competitive pricing and valuable security features. Veracode has mixed reviews on customer support and setup complexity, while Prisma Cloud receives positive feedback in these areas. Veracode emphasizes ROI and comprehensive security testing, while Prisma Cloud focuses on cost savings and compliance automation.
The summary above is based on 283 interviews we conducted recently with Veracode and Prisma Cloud by Palo Alto Networks users. To access the review's full transcripts, download our report.
"It provides insights into potential vulnerabilities in our code, helping us identify and rectify issues before they can be exploited."
"We are provided with a single tool to protect all of our cloud resources and applications without having to manage and reconcile compliance reports."
"Its ease of integration is valuable because we need to get the solution out of the door quickly, so speed and ease matter."
"Comprehensive and valuable for providing security. It is scalable, its stability is impressive, and setting it up is straightforward."
"It helps to identify the misconfigurations by monitoring regularly which helps to secure the organization's cloud environment."
"Prisma Cloud helped us with compliance. Most of my deployments have been greenfield, so I don't have a benchmark to compare how the security posture has improved. I've always used this from day zero of the configuration. However, I can say that the compliance checks for PCI, DSS, HIPAA, etc., made my life simpler. I don't need to look at each of these standards and compare the rules I have in place."
"The most valuable feature is its cloud security posture management."
"The two most valuable features are container security and the capability to discover workloads."
"Integrations into our developer's IDE (Greenlight) and the DevOps Pipeline SAST / SourceClear Integrations has particularly increased our time to market and confidence."
"The developers' awareness of the security weaknesses within their code has improved. They aren't just mitigating these issues, they are realizing these are, in fact, issues that have to be dealt with."
"The source composition analysis component is great because it gives our developers some comfort in using new libraries."
"It gives feedback to developers on the effectiveness of their secure coding practices."
"It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail."
"In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application."
"The most valuable features of the solution are its extensive reporting capabilities and user-friendly interface."
"We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it."
"I think Prisma Cloud could improve its preventive governance policy and CWP run time modules."
"They could improve more features for the enterprise version of the solution."
"The information presented in the UI sometimes doesn't look intuitive enough."
"While the code security feature has undergone recent enhancements, there is room for improvement in terms of its cost module."
"We are encountering issues with the new permissions required for AWS integration with Prisma."
"The automation capabilities are growing each day, but the problem is that the updates are not that frequent. There are some services on Amazon that have come out with updates, and Azure is also getting up to date. But Prisma takes some time to follow. There's a time gap that Prisma inherits from these clouds. I understand why it takes some time, but that time should be reduced."
"Areas like the deployment of their defenders and their central control need manual intervention. They should focus more on automation. They have a very generic case for small companies. However, for bigger companies to work, we have to do a lot of changes to our system to accommodate it. Therefore, they should change their system or deployment models so it can be easy to integrate into existing architectures."
"The challenge that Palo Alto and Prisma have is that, at times, the instructions in an event are a little bit dated and they're not usable. That doesn't apply to all the instructions, but there are times where, for example, the Microsoft or the Amazon side has made some changes and Palo Alto or Prisma was not aware of them. So as we try to remediate an alert in such a case, the instructions absolutely do not work. Then we open up a ticket and they'll reply, "Oh yeah, the API for so-and-so vendor changed and we'll have to work with them on that." That area could be done a little better."
"When we engaged Veracode to conduct the manual penetration testing, they were extremely slow in completing the task and delivering the report, causing a delay of two to three weeks for us."
"In the last month or so, I had a problem with the APIs when doing some implementations. The Veracode support team could be more specific and give me more examples. They shouldn't just copy the URL for a doc and send it to me."
"Veracode can improve the price model and how they bill the final offer to customers. It's based on the amount of traffic. For example, you can buy 1 gigabyte distributed across various applications, and each one can consume part of the whole allotment of traffic data."
"The solution could improve the Dynamic Analysis Security Testing(DAST)."
"It could be improved with support for more programming languages, like SQL."
"Software developers are always thinking about the next big thing but lose sight of what's happening right now. If you have an idea for a feature request, you must submit it to be voted on by the Veracode community. I don't like this. No one will look at it unless enough people vote for it."
"Veracode would benefit greatly from more training resources. The videos are great, but I would like more hands-on training writing a script, validating a script with a unit test in a different language, etc. That's something that would be very valuable."
"One feature I would like would be more selectivity in email alerts. While I like getting these, I would like to be able to be more granular in which ones I receive."
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
Prisma Cloud by Palo Alto Networks is ranked 1st in Container Security with 83 reviews while Veracode is ranked 4th in Container Security with 194 reviews. Prisma Cloud by Palo Alto Networks is rated 8.4, while Veracode is rated 8.2. The top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Prisma Cloud by Palo Alto Networks is most compared with Wiz, Microsoft Defender for Cloud, Aqua Cloud Security Platform, AWS Security Hub and CrowdStrike Falcon Cloud Security, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Prisma Cloud by Palo Alto Networks vs. Veracode report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.