Veracode and Prisma Cloud by Palo Alto Networks offer competitive pricing and valuable security features. Veracode has mixed reviews on customer support and setup complexity, while Prisma Cloud receives positive feedback in these areas. Veracode emphasizes ROI and comprehensive security testing, while Prisma Cloud focuses on cost savings and compliance automation.
The summary above is based on 283 interviews we conducted recently with Veracode and Prisma Cloud by Palo Alto Networks users. To access the review's full transcripts, download our report.
"The mean time to detect has been reduced."
"Cloud Native Security's best feature is its ability to identify hard-coded secrets during pull request reviews."
"We like the platform and its response time. We also like that its console is user-friendly as well as modern and sleek."
"The management console is the most valuable feature."
"The UI is responsive and user-friendly."
"The ease of use of the platform is very nice."
"There's real-time threat detection. It can show threats and find issues based on their severity and helps us with real-time monitoring."
"We've seen a reduction in resources devoted to vulnerability monitoring. Before PingSafe we spent a lot of time monitoring and fixing these issues. PingSafe enabled us to divert more resources to the production environment."
"Most of the customers we are tackling have different tools and solutions, like Qualys, Nessus, and vulnerability management assessment solutions. There are plugins for them, and we can integrate Prisma Cloud with them. We can enrich our telemetry with their data and use the predefined correlation rules in Prisma Cloud. That means we have that work done in seconds."
"Integrating with a CI/CD pipeline and incorporating a vulnerability assessment process are highly effective features, especially when combined with runtime protection."
"What I like most about Prisma Cloud is its zero-day signatures, maximum security, minimal downtime, cloud visibility, control, and ease of deployment."
"The runtime mechanism on the solution is very useful. It's got very good network mapping between containers. If you have more than one container, you can create a content data link between them."
"One of the most valuable features is the compliance of RedLock, which we are using for any issues with security. It flags them and that's the primary objective of that feature."
"The support is excellent."
"Technical support is quite helpful."
"Configuration monitoring and alerting is the most valuable feature; it happens at the cloud's speed, allowing our development team to respond quickly. If a configuration goes against our security best practices, we're alerted promptly and can act to resolve the issue. As cloud security staff, we're not staring at the cloud all the time, and we want to let the developers do their jobs so that our company is protected and work is proceeding within our security controls."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
"The user interface is excellent, the code review process is quick and provides great analytics to understand our code better, and the SAST scan is high-speed."
"The solution can scan old databases and old code written 20 years back."
"The coding standards in our development group have improved. From scanning our code we've learned the patterns and techniques to make our code more secure. An example would be SQL injection. We have mitigated all the SQL injection in our applications."
"The most valuable feature of Veracode Static Analysis is the scanning."
"The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA."
"The Static and Dynamic Analysis capabilities are very valuable to us. They've improved the speed of the inspection process."
"I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities."
"Sometimes the Storyline ID is a bit wacky."
"PingSafe can improve by eliminating 100 percent of the false positives."
"There is room for improvement in the current active licensing model for PingSafe."
"The resolution suggestions could be better, and the compliance features could be more customizable for Indian regulations. Overall, the compliance aspects are good. It gives us a comprehensive list, and its feedback is enough to bring us into compliance with regulations, but it doesn't give us the specific objects."
"Currently, we would have to export our vulnerability report to an .xlsx file, and review it in an Excel spreadsheet, and then we sort of compile a list from there. It would be cool if there was a way to actually toggle multiple applications for review and then see those file paths on multiple users rather than only one user at a time or only one application at a time."
"It does not bring much threat intel from the outside world. All it does is scan. If it can also correlate things, it will be better."
"They could generally give us better comprehensive rules."
"It took us a while to configure the software to work well in this type of environment, as the support documents were not always clear."
"We would like it to have more features from the risk and compliance perspectives."
"They should improve the user experience."
"The alignment of Twistlock Defender agents with image repositories needs improvement. These deployed agents have no way of differentiating between on-premise and cloud-based image repositories. If I deploy a Defender agent to secure an on-premise Kubernetes cluster, that agent also tries to scan my ECR image repositories on AWS. So, we have limited options for aligning those Defenders with the repositories that we want them to scan. It is scanning everything rather than giving us the ability to be real granular in choosing which agents can scan which repositories."
"This solution is more AWS and Azure-centric. It needs to be more specific on the GCP side, which they are working on."
"The visibility on the SIEM needs to be streamlined so we can get the data without any issues."
"They could improve more features for the enterprise version of the solution."
"Prisma Cloud lags behind in terms of security automation capabilities."
"They can improve the integrations into the SDLC lifecycle."
"The Greenlight product that integrates into the IDE is not available for PHP, which is our primary language."
"Veracode's container scanning could be improved. We containerize all the platforms we use inside a Docker image. For example, we create a Microsoft Docker image that we build our application on top of. I would like Veracode to implement IT scans before we commit the code."
"Static scanning takes a long time, so you need to patiently wait for the scan to achieve. I also think the software could be more accurate. It isn't 100 percent, so you shouldn't completely rely on Veracode. You need to manually verify its findings."
"It's very expensive for a small organization."
"Calypso (our application) is large and the results take up to two months. Further, we also have to package Calypso in a special manner to meet size guidelines."
"The scanning process for records could be faster and there is room for improvement in Veracode's performance."
"It's taking too much time to do a quality scan."
"I would like to see them provide more content in the developer training section. This field is really changing each day and there are flaws that are detected each day. Some sort of regular updates to the learning would help."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
Prisma Cloud by Palo Alto Networks is ranked 1st in Container Security with 82 reviews while Veracode is ranked 4th in Container Security with 194 reviews. Prisma Cloud by Palo Alto Networks is rated 8.4, while Veracode is rated 8.2. The top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Prisma Cloud by Palo Alto Networks is most compared with Wiz, Microsoft Defender for Cloud, Aqua Cloud Security Platform, AWS Security Hub and CrowdStrike Falcon Cloud Security, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Prisma Cloud by Palo Alto Networks vs. Veracode report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.