We performed a comparison between JFrog Xray and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Container Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."JFrog Xray's reporting feature has a lot of options in it, including scanning."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"The solution is stable and reliable."
"Good reporting functionalities."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"The Veracode technical support is very good. They are responsive and very knowledgeable."
"The best feature is definitely the detailed reports. It provides code-related queries in the order of high, medium, and low depending on what we need to do. Veracode is user-friendly as well."
"Veracode is easy to use even if you're not a security professional. I like the dynamic analysis feature, which offers a lot of cost savings when used in production."
"With the pipeline scanner, it's easier for developers to scan their products, as they don't have to export anything from their computers. They can do everything with the command line on their computer."
"Static code scanning is the most valuable feature."
"Veracode's cloud-based approach, coupled with the appliance that lets us use Veracode to scan internal-only web applications, has provided a seamless, always-up-to-date application security scanning solution."
"I have found the user interface extremely helpful in prioritizing issues."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"Lacks deeper reporting, the ability to compare things."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"JFrog Xray's documentation and error logging could be improved."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"JFrog Xray does not have a dashboard."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"The technical support service has room for improvement."
"The current version of the application does not support testing for API."
"I would also like to see some improvement in the speed. That is really the only complaint, but in all reality we have a massive Java application that needs to be scanned. Our developers are saying, "It takes 72 hours to scan it." That is probably the nature of the beast, and I'm actually pretty accepting of that time frame, but since it's a complaint that I get, faster is always better. I don't necessarily think that the speed is bad as it is, just that faster would be better."
"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."
"Veracode Static Analysis can improve the false positive. There are always improvements that can be done to the false positive rate. There are some things that get flagged that are not an issue. However, it is not a huge concern."
"Veracode can be slow at times and has room for improvement, which may cause delays in our products and prolonged static scans."
"The only notable problem we have had is that when new versions of Swift have come out, we have found Veracode tends to be a bit behind in updates to support the new language changes."
"There needs to be better API integration to the development team's pipeline, which is something that is missing and needs to be improved."
JFrog Xray is ranked 18th in Container Security with 7 reviews while Veracode is ranked 4th in Container Security with 194 reviews. JFrog Xray is rated 8.2, while Veracode is rated 8.2. The top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". JFrog Xray is most compared with Black Duck, Snyk, Mend.io, Fortify Static Code Analyzer and Trivy, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our JFrog Xray vs. Veracode report.
See our list of best Container Security vendors and best Software Composition Analysis (SCA) vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.