We performed a comparison between JFrog Xray and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Container Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It saves time, makes your environment more secure, and improves compliance. PingSafe helps with audits, ensuring that you are following best practices for cloud security. You don't need to be an expert to use it and improve your security."
"The offensive security where they do a fix is valuable. They go to a misconfiguration and provide detailed alerts on what could be there. They also provide a remediation feature where if we give the permission, they can also go and fix the issue."
"It used to guide me about an alert. There is something called an alert guide. I used to click on the alert guide, and I could read everything. I could read about the alert and how to resolve it. I used to love that feature."
"We liked the search bar in PingSafe. It is a global search. We were able to get some insights from there."
"It is very straightforward. It is not complicated. For the information that it provides, it does a pretty good job."
"PingSafe has a dashboard that can detect the criticality of a particular problem, whether it falls under critical, medium, or low vulnerability."
"The most valuable feature of the solution is its storyline, which helps trace an event back to its source, like an email or someone clicking on a link."
"Cloud Native Security's most valuable features include cloud misconfiguration detection and remediation, compliance monitoring, a robust authentication security engine, and cloud threat detection and response capabilities."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"The solution is stable and reliable."
"Good reporting functionalities."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"Before Veracode, the application was deployed to the production server and there would be a lot of bugs and issues. Once we implemented the Veracode scan, the full deployment issues were drastically reduced."
"Provides consistent evaluation and results without huge fluctuations in false positives or negatives."
"Veracode is very easy to use."
"I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them."
"I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities."
"Wide range of platforms and technology assessments."
"The time savings has been tremendous. We saw ROI in the first six months."
"Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful."
"In some cases, the rules are strictly enforced but do not align with real-world use cases."
"Bugs need to be disclosed quickly."
"There is room for improvement in the current active licensing model for PingSafe."
"Some of the navigation and some aspects of the portal may be a little bit confusing."
"PingSafe can be improved by developing a comprehensive set of features that allow for automated workflows."
"The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint."
"PingSafe can improve by eliminating 100 percent of the false positives."
"One of the issues with the product stems from the fact that it clubs different resources under one ticket."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"Lacks deeper reporting, the ability to compare things."
"JFrog Xray does not have a dashboard."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"JFrog Xray's documentation and error logging could be improved."
"Scanning large amounts of code can be a time-consuming process and there is scope for improvement."
"The Greenlight product that integrates into the IDE is not available for PHP, which is our primary language."
"The policies you have, where you can tune the findings you get, don't allow you not to file tickets about certain findings. It will always report the findings, even if you know you're not that concerned about a library writing to a system log, for example. It will keep raising them, even though you may have a ticket about it. The integration will keep updating the ticket every time the scan runs."
"When we engaged Veracode to conduct the manual penetration testing, they were extremely slow in completing the task and delivering the report, causing a delay of two to three weeks for us."
"The scanning process for records could be faster and there is room for improvement in Veracode's performance."
"Sometimes Veracode gives us results about small glitches in the necessary packages. For example, we recently found issues with Veracode's native libraries for .NET 6 that were fixed in the next versions of those libraries. But sometimes you do not know which version of the library particular components are using. The downside of that is that one day, the solution found some issues in that library for the necessary package we spent. Another day, it found the same issues with another library. It will clearly state that this is the same stuff you've already analyzed. This creates some additional work, but it isn't significant. However, sometimes you see the same issue for two or three days in a row."
"The zip file scanning has room for improvement."
"The feature that allows me to read which mitigation answer was submitted, and to approve it, requires me to use do so in different screens. That makes it a little bit more complicated because I have to read and then I have to go back and make sure it falls under the same number ID number. That part is a little bit complicated from my perspective, because that's what I use the most."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
JFrog Xray is ranked 18th in Container Security with 7 reviews while Veracode is ranked 4th in Container Security with 194 reviews. JFrog Xray is rated 8.2, while Veracode is rated 8.2. The top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". JFrog Xray is most compared with Black Duck, Snyk, Mend.io, Trivy and Fortify Static Code Analyzer, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our JFrog Xray vs. Veracode report.
See our list of best Container Security vendors and best Software Composition Analysis (SCA) vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
