We performed a comparison between JFrog Xray and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Container Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The user interface is well-designed and easy to navigate."
"The management console is highly intuitive to comprehend and operate."
"The visibility is the best part of the solution."
"PingSafe offers comprehensive security posture management."
"Support has been very helpful and provides regular feedback and help whenever needed. They've been very useful."
"The UI is responsive and user-friendly."
"The UI is very good."
"I did a lot of research before signing up and doing the demo. They have a good reputation as far as catching threats early on."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"The solution is stable and reliable."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"Good reporting functionalities."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"The product’s policy reporting for ensuring compliance with industry standards and regulations is great."
"I like Veracode's static scanning and SCA. We use three static scans, software composition analysis, and dynamic scans. We haven't used dynamic scanning as much, but we're trying to integrate that into our environment more."
"I contacted the solution's technical support during the automation part, and it went well, after which I never faced any issues."
"The installation was straightforward."
"The article scanning is excellent."
"Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers."
"It scans for the OWASP top-10 security flaws at the dynamic level and, at the static level, it scans for all the warnings so that developers can fix the code before we go to UAT or the next phase."
"What's important for me, from Veracode, is the all-in-one metrics location. I can see where everything is across the entire portfolio of applications I have in this program, and I can report out on it."
"They could generally give us better comprehensive rules."
"Maybe container runtime security could be improved."
"Cloud Native Security's reporting could be better. We are unable to see which images are impacted. Several thousand images have been deployed, so if we can see some application-specific information in the dashboard, we can directly send that report to the team that owns the application. We'd also like the option to download the report from the portal instead of waiting for the report to be sent to our email."
"There should be more documentation about the product."
"Currently, we would have to export our vulnerability report to an .xlsx file, and review it in an Excel spreadsheet, and then we sort of compile a list from there. It would be cool if there was a way to actually toggle multiple applications for review and then see those file paths on multiple users rather than only one user at a time or only one application at a time."
"I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes."
"Sometimes the Storyline ID is a bit wacky."
"They can work on policies based on different compliance standards."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"JFrog Xray's documentation and error logging could be improved."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"Lacks deeper reporting, the ability to compare things."
"JFrog Xray does not have a dashboard."
"Some important languages are not supported."
"Sometimes, the scans halt or drop for some reason, and we need to get help from Veracode to fix it."
"It needs better controls to include/exclude specific sections when creating a report that can be shared externally with customers and prospects."
"Veracode should make it easier to navigate between the solutions that they offer, i.e. between dynamic, static, and the source code analysis."
"The runtime code analysis could be improved so that we can see every element in one place."
"Improve Mobile Application Dynamic Scanning DAST - .ipa and .apk"
"The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified."
"Another problem we have is that, while it is integrated with single sign-on—we are using Okta—the user interface is not great. That's especially true for a permanent link of a report of a page. If you access it, it goes to the normal login page that has nothing that says "Log in with single sign-on," unlike other software as a service that we use. It's quite bothersome because it means that we have to go to the Okta dashboard, find the Veracode link, and log in through it. Only at that point can we go to the permanent link of the page we wanted to access."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
JFrog Xray is ranked 18th in Container Security with 7 reviews while Veracode is ranked 4th in Container Security with 194 reviews. JFrog Xray is rated 8.2, while Veracode is rated 8.2. The top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". JFrog Xray is most compared with Black Duck, Snyk, Mend.io, Trivy and Fortify Static Code Analyzer, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our JFrog Xray vs. Veracode report.
See our list of best Container Security vendors and best Software Composition Analysis (SCA) vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.