Veracode and Wiz have both received positive feedback on customer service and support. Wiz users have consistently praised data security and exposure prevention capabilities. Veracode users have found the pricing to be a key consideration, while Wiz users have focused on the ROI achieved. Both platforms have areas for improvement highlighted by users, with Veracode users mentioning the need for customizable reporting features, and Wiz users suggesting enhancements to advanced analytics tools.
The summary above is based on 190 interviews we conducted recently with Veracode and Wiz users. To access the review's full transcripts, download our report.
"We noted immediate benefits from using the solution."
"Cloud Native Security offers a valuable tool called an offensive search engine."
"It is fairly simple. Anybody can use it."
"PingSafe's integration is smooth. They are highly customer-oriented, and the integration went well for us."
"All the features we use are equal and get the job done."
"It is very straightforward. It is not complicated. For the information that it provides, it does a pretty good job."
"With PingSafe, it's easy to onboard new accounts."
"PingSafe offers comprehensive security posture management."
"It has the ability to scale, and the fact that it doesn't produce a lot of false positives."
"The centralized view of different testing types helps reduce our risk exposure. The development teams have the freedom to choose their own libraries and languages. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. Based on that report, we decide if we can continue. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. We immediately replace these with more permissive, open-source licenses, so we are safe in the end."
"That it is a cloud-based solution is very valuable to us. We don't need that hardware running our scans and hosting the environment to be scanned. Also, the technology, the static scanning versus dynamic scanning produces a much better result, a more accurate result."
"The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use."
"I don't have to have a team of developers behind me that keep up with all the latest threats because the subscription service they provide for me does that."
"This is a great tool for learning about potential vulnerabilities in code."
"I can have quick results by just uploading compiled components."
"It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail."
"Out of all the features, the one item that has been most valuable is the fact that Wiz puts into context all the pieces that create an issue, and applies a particular risk evaluation that helps us prioritize when we need to address a misconfiguration, vulnerability, or any issue that would put our environment into risk."
"The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address."
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."
"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"The security baseline and vulnerability assessments is the valuable feature."
"Cloud Native Security's reporting could be better. We are unable to see which images are impacted. Several thousand images have been deployed, so if we can see some application-specific information in the dashboard, we can directly send that report to the team that owns the application. We'd also like the option to download the report from the portal instead of waiting for the report to be sent to our email."
"PingSafe takes four to five hours to detect and highlight an issue, and that time should be reduced."
"Sometimes the Storyline ID is a bit wacky."
"PingSafe can be improved by developing a comprehensive set of features that allow for automated workflows."
"Maybe container runtime security could be improved."
"We've found a lot of false positives."
"The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint."
"There's room for improvement in the graphic explorer."
"There are few languages that take time for scanning. It covers the majority of languages from C to Scala, but it doesn't support certain languages and the newer versions of certain languages. For example, it doesn't support SAP and new JavaScript frameworks such as Node.js and React JS. They can include support for these. If you go to their website, you can see the list of languages that are currently supported. The false-positive rates are also something they can work on."
"It can have more APIs and capabilities to handle other things well. We were doing a trial for it. There were two things that I looked at: one was uploading some Java-related content and the other was uploading database SQL files and having the review done on the quarterback. The Java portion of it worked fine, and it was pretty seamless, but the database portion was not. We uploaded some files to use for vulnerabilities, and the tell-all portion of it was pretty easy. We uploaded a war file and Java files, and we got the reports back on these. They were pretty clear to understand. We did the same thing for the database portion for the most part. However, the content wasn't getting uploaded in a predictable fashion, and it was slow and hard to get done. We had to do it over and over. After it indicated that the content was uploaded, there were no results. There were zero search findings. It was possibly a user error, something that we didn't do correctly, but they had acknowledged that it was something they were currently enhancing. This is something that could be made easier if they haven't already done that. I don't know how many releases they've had in that timeframe. I haven't looked at it since then. It was a trial period."
"Veracode's container scanning could be improved. We containerize all the platforms we use inside a Docker image. For example, we create a Microsoft Docker image that we build our application on top of. I would like Veracode to implement IT scans before we commit the code."
"One area for improvement is the navigation in the UI. For junior developers or newcomers to the team, it can be confusing. The UI doesn't clearly bundle together certain elements associated with a scan. While running a scan, there are various aspects linked to it, but in the UI, they appear separate. It would be beneficial if they could redesign the UI to make it more intuitive for users."
"The product has issues with scanning."
"The language version support could be improved."
"On-premise implementation is not available."
"They should improve on the static scanning time."
"One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging."
"The remediation workflow within the Wiz could be improved."
"We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."
"The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that."
"The solution's container security could be improved."
"The only thing that needs to be improved is the number of scans per day."
"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
Veracode is ranked 4th in Container Security with 194 reviews while Wiz is ranked 2nd in Container Security with 12 reviews. Veracode is rated 8.2, while Wiz is rated 9.2. The top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". On the other hand, the top reviewer of Wiz writes "Multiple features help us prioritize remediation, and agentless implementation reduces overhead". Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap, whereas Wiz is most compared with Prisma Cloud by Palo Alto Networks, Orca Security, Microsoft Defender for Cloud, AWS Security Hub and Lacework. See our Veracode vs. Wiz report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
