Veracode and Prisma Cloud by Palo Alto Networks offer competitive pricing and valuable security features. Veracode has mixed reviews on customer support and setup complexity, while Prisma Cloud receives positive feedback in these areas. Veracode emphasizes ROI and comprehensive security testing, while Prisma Cloud focuses on cost savings and compliance automation.
The summary above is based on 283 interviews we conducted recently with Veracode and Prisma Cloud by Palo Alto Networks users. To access the review's full transcripts, download our report.
"The most valuable feature is the option to add custom queries using the RQL language that they supply so that we can customize the compliance frameworks to what we need to look for."
"Prisma Cloud provides the needed visibility and control regardless of how complex and distributed the cloud environments become."
"As a pure-play CSPM, it is pretty good. From the data exposure perspective, Prisma Cloud does a fairly good job. Purely from the perspective of reading the conflicts, it is able to highlight any data exposures that I might be having."
"CSPM is the most valuable feature for any organization that runs its workloads in the cloud."
"The client wasn't using all of the features, but the one that stood out was infrastructure-as-code (IaC). I built IaC use cases and was trying to get them to use it. I also liked cloud workload protection. I worked with the vulnerability management team to develop a process. It's a manual process, so it can be challenging to remediate many image or container issues. It was nice that we could build out a reporting process and download the reports. The reports are solid."
"The visibility on alerts helps you investigate more easily and see details faster."
"Its ease of integration is valuable because we need to get the solution out of the door quickly, so speed and ease matter."
"Integration is very easy. And because it supports security that spans multi- and hybrid-cloud environments, it's very easy to use."
"The solution's ability to help create secure software is very valuable. We're a zero-trust networking company so we want to have the ability to say that we're practicing security seriously. Having something like Veracode allows us to have confidence when we're speaking to people about our product that we can back up what we're doing with a certification, with a reputable platform, and say, "This is what we're using to scan an application. Here's the number of vulnerabilities that are on an application. And here's the risk that we're accepting.""
"It has almost completely eliminated the presence of SQLi vulnerabilities."
"When we do have errors, Veracode is always available, their consultants, to help us either mitigate the error, or provide technical assistance on pointing exactly where the problem is and how we could probably fix it. I'm always amazed at how knowledgeable they are."
"Ours is a Java-based application and Veracode can detect vulnerabilities in both Angular, which is used for the UI, and also in the backend code, which includes APIs and microservices."
"It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies."
"Veracode is a cloud-based platform, where they manage all the back-end, and they do a lot of analysis during the scans, and they do a lot of post-scan reconciliation."
"The main feature that I have found valuable is the solution's ability to find issues in static analysis. Additionally, there are plenty of useful tools."
"From a developer's perspective, Veracode's greenlight feature on the IDE is helpful. It helps the developer to be more proactive in secure coding standards. Apart from that, static analysis scanning is definitely one of the top features of Veracode."
"The alignment of Twistlock Defender agents with image repositories needs improvement. These deployed agents have no way of differentiating between on-premise and cloud-based image repositories. If I deploy a Defender agent to secure an on-premise Kubernetes cluster, that agent also tries to scan my ECR image repositories on AWS. So, we have limited options for aligning those Defenders with the repositories that we want them to scan. It is scanning everything rather than giving us the ability to be real granular in choosing which agents can scan which repositories."
"The dashboard can be created at the user level instead of the cloud account level, which will help save time."
"Prisma is good about compliance, and their support is excellent, but they struggle with automation and integration. They need to stay on top of the newest types of connectors. How can you connect other applications and other tools in order for this to work cohesively? That's a challenge."
"The licensing is a bit confusing."
"I have some challenges customizing and personalizing some of the capabilities in the CSPM in terms of new policies and services. We have to reconfigure and rebuild the CSPM."
"One major observation is that it is not possible to implement Prisma Cloud on-premises. This is the limitation. Prisma Cloud itself is on a cloud. It is sitting on AWS and Google Cloud. It is a SaaS solution, but some of my clients have a local regulatory requirement, and they want to install it locally on their premises. That capability is not there, but government entities and ministries want to have Prisma Cloud installed locally."
"Some of the usability within the Compute functionality needs improvement. I think when Palo Alto added on the Twistlock functionality, they added a Compute tab on the left side of the navigation. Some of the navigation is just a little dense. There is a lot of navigation where there is a tab and dropdowns. So, just improving some of the navigation where there is just a very dense amount of buttons and drop-down menus, that is probably the only thing, which comes from having a lot of features. Because there are a lot of buttons, just navigating around the platform can be a little challenging for new users."
"Support is an area that needs improvement."
"The pricing for qualified startups such as Neo4j could be improved."
"We have some constraints interacting with Veracode self-support. I'm not talking about their technical support. I'm talking about self-support. We sometimes have a hard time communicating with them."
"The Web portal, at times, is not necessarily intuitive. I can get around when I want to but there are times when I have to email my account manager on: "Hey, where do I find this report?" Or "How do I do this?" They always respond with, "Here's how you do it." But that points to a somewhat non-intuitive portal."
"The documentation is poor and the technical support isn't helpful."
"There were some additional manual steps or work involved that we should not have needed to do."
"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."
"It can have more APIs and capabilities to handle other things well. We were doing a trial for it. There were two things that I looked at: one was uploading some Java-related content and the other was uploading database SQL files and having the review done on the quarterback. The Java portion of it worked fine, and it was pretty seamless, but the database portion was not. We uploaded some files to use for vulnerabilities, and the tell-all portion of it was pretty easy. We uploaded a war file and Java files, and we got the reports back on these. They were pretty clear to understand. We did the same thing for the database portion for the most part. However, the content wasn't getting uploaded in a predictable fashion, and it was slow and hard to get done. We had to do it over and over. After it indicated that the content was uploaded, there were no results. There were zero search findings. It was possibly a user error, something that we didn't do correctly, but they had acknowledged that it was something they were currently enhancing. This is something that could be made easier if they haven't already done that. I don't know how many releases they've had in that timeframe. I haven't looked at it since then. It was a trial period."
"One area for improvement is the navigation in the UI. For junior developers or newcomers to the team, it can be confusing. The UI doesn't clearly bundle together certain elements associated with a scan. While running a scan, there are various aspects linked to it, but in the UI, they appear separate. It would be beneficial if they could redesign the UI to make it more intuitive for users."
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
Prisma Cloud by Palo Alto Networks is ranked 1st in Container Security with 83 reviews while Veracode is ranked 4th in Container Security with 194 reviews. Prisma Cloud by Palo Alto Networks is rated 8.4, while Veracode is rated 8.2. The top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Prisma Cloud by Palo Alto Networks is most compared with Wiz, Microsoft Defender for Cloud, Aqua Cloud Security Platform, AWS Security Hub and CrowdStrike Falcon Cloud Security, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our Prisma Cloud by Palo Alto Networks vs. Veracode report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
