Veracode and Prisma Cloud by Palo Alto Networks offer competitive pricing and valuable security features. Veracode has mixed reviews on customer support and setup complexity, while Prisma Cloud receives positive feedback in these areas. Veracode emphasizes ROI and comprehensive security testing, while Prisma Cloud focuses on cost savings and compliance automation.
The summary above is based on 283 interviews we conducted recently with Veracode and Prisma Cloud by Palo Alto Networks users. To access the review's full transcripts, download our report.
"The management console is the most valuable feature."
"The ease of use of the platform is very nice."
"Cloud Native Security helps us discover vulnerabilities in a cloud environment like open ports that allow people to attack our environment. If someone unintentionally opens a port, we are exposed. Cloud Native Security alerts us so we can remediate the problem. We can also automate it so that Cloud Native Security will fix it."
"We use the infrastructure as code scanning, which is good."
"When creating cloud infrastructure, Cloud Native Security evaluates the cloud security parameters and how they will impact the organization's risk. It lets us know whether our security parameter conforms to international industry standards. It alerts us about anything that increases our risk, so we can address those vulnerabilities and prevent attacks."
"They're responsive to feature requests. If I suggest a feature for Prisma, I will need to wait until the next release on their roadmap. Cloud Native Security will add it right away."
"It is advantageous in terms of time-saving and cost reduction."
"I like CSPM the most. It captures a lot of alerts within a short period of time. When an alert gets triggered on the cloud, it throws an alert within half an hour, which is very reasonable. It is a plus point for us."
"You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums."
"Prisma Cloud's monitoring features such as the compute compliance dashboard and the vulnerability dashboard, where we can get a clear visualization of their docker, have also been valuable. We can get layer-by-layer information that helps us see exactly where it's noncompliant. They update the dashboards quite frequently."
"The most valuable features are vulnerability monitoring, serverless access, container runtime features, and Defender."
"It scans our containers in real time. Also, as they're built, it's looking into the container repository where the images are built, telling us ahead of time, "You have vulnerabilities here, and you should update this code before you deploy." And once it's deployed, it's scanning for vulnerabilities that are in production as the container is running."
"It has helped us understand the dynamic topology of our containers, and manage security through the application of policies that our pipelines apply straight from Git."
"The product provides very good network security."
"The dynamic workload identity creation, attestation, and assignment is the best feature. In addition, the application dependency map across heterogeneous environments for compliance is a striking feature."
"It provides insights into potential vulnerabilities in our code, helping us identify and rectify issues before they can be exploited."
"I have found the user interface extremely helpful in prioritizing issues."
"We like the fact that all the issues are identified and that Veracode provides sufficient information on how to resolve them."
"The source composition analysis component is great because it gives our developers some comfort in using new libraries."
"I like Veracode's API. You can put it into a simple bash script and run your own security testing from your MacBook in less than 15 minutes."
"The best feature is definitely the detailed reports. It provides code-related queries in the order of high, medium, and low depending on what we need to do. Veracode is user-friendly as well."
"Veracode's cloud-based approach, coupled with the appliance that lets us use Veracode to scan internal-only web applications, has provided a seamless, always-up-to-date application security scanning solution."
"The centralized view of different testing types helps reduce our risk exposure. The development teams have the freedom to choose their own libraries and languages. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. Based on that report, we decide if we can continue. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. We immediately replace these with more permissive, open-source licenses, so we are safe in the end."
"The Static and Dynamic Analysis capabilities are very valuable to us. They've improved the speed of the inspection process."
"I want PingSafe to integrate additional third-party resources. For example, PingSafe is compatible with Azure and AWS, but Azure AD isn't integrated with AWS. If PingSafe had that ability, it would enrich the data because how users interact with our AWS environment is crucial. All the identity-related features require improvement."
"PingSafe is an excellent CSPM tool, but the CWPP features need to improve, and there is a scope for more application security posture management features. There aren't many ASPM solutions on the market, and existing ones are costly. I would like to see PingSafe develop into a single pane of glass for ASPM, CSPM, and CWPP. Another feature I'd like to see is runtime protection."
"Maybe container runtime security could be improved."
"We are getting reports only in a predefined form. I would like to have customized reports so that I can see how many issues are open or closed today or in two weeks."
"Some of the navigation and some aspects of the portal may be a little bit confusing."
"The resolution suggestions could be better, and the compliance features could be more customizable for Indian regulations. Overall, the compliance aspects are good. It gives us a comprehensive list, and its feedback is enough to bring us into compliance with regulations, but it doesn't give us the specific objects."
"PingSafe can improve by eliminating 100 percent of the false positives."
"There is a bit of a learning curve for new users."
"For some custom policies, we need more features."
"We would like it to have more features from the risk and compliance perspectives."
"The UI could use some improvement; we usually find the information we're looking for, but what fields can be clicked on and what workflow to follow to get the required information is not always evident. Sometimes we're all over the place, clicking around to drill in and uncover the alert and investigation details we're looking for."
"The licensing is a bit confusing."
"I would like Prisma Cloud to improve its mapping feature to increase usability."
"They could improve more features for the enterprise version of the solution."
"This solution is more AWS and Azure-centric. It needs to be more specific on the GCP side, which they are working on."
"We identified two things that we felt would be great to have, but they are under NDA. So, I can't disclose them. Other than those two things, we identified a generic bug in the secret key management service on AWS that needs to be fixed. We reported it to them, and we want them to fix it."
"The overall reporting structure is complicated, and it's difficult to understand the report."
"It takes a lot of time to scan the applications. They can make them faster and provide an option to scan a specific portion of the app. Such a feature would be very helpful."
"I would like Veracode to also have the ability to fix these flaws in a future release."
"The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved."
"I would like to see more technical support for some of the connectors, some more detailed diagrams or run-books on how to install some of stuff; more hand-holding in the sense of understanding our environment."
"There is room for improvement in documentation."
"One feature I would like would be more selectivity in email alerts. While I like getting these, I would like to be able to be more granular in which ones I receive."
"We have approximately 900 people using the solution. The solution is scalable, but there is a high cost attached to it."
More Singularity Cloud Security by SentinelOne Pricing and Cost Advice →
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
Prisma Cloud by Palo Alto Networks is ranked 1st in Container Security with 82 reviews while Veracode is ranked 4th in Container Security with 194 reviews. Prisma Cloud by Palo Alto Networks is rated 8.4, while Veracode is rated 8.2. The top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Prisma Cloud by Palo Alto Networks is most compared with Wiz, Microsoft Defender for Cloud, Aqua Cloud Security Platform, AWS Security Hub and CrowdStrike Falcon Cloud Security, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Prisma Cloud by Palo Alto Networks vs. Veracode report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.