No more typing reviews! Try our Samantha, our new voice AI agent.

Harness vs Invicti comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Harness
Ranking in Static Application Security Testing (SAST)
6th
Average Rating
8.0
Reviews Sentiment
7.3
Number of Reviews
11
Ranking in other categories
Build Automation (5th), Cloud Cost Management (5th), Feature Management (1st)
Invicti
Ranking in Static Application Security Testing (SAST)
12th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Container Security (26th), Software Composition Analysis (SCA) (10th), API Security (10th), Dynamic Application Security Testing (DAST) (4th), Application Security Posture Management (ASPM) (8th)
 

Mindshare comparison

As of July 2026, in the Static Application Security Testing (SAST) category, the mindshare of Harness is 0.7%, up from 0.2% compared to the previous year. The mindshare of Invicti is 1.8%, up from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Mindshare Distribution
ProductMindshare (%)
Harness0.7%
Invicti1.8%
Other97.5%
Static Application Security Testing (SAST)
 

Featured Reviews

MK
Technical Associate at ZS
Templatized pipelines have improved efficiency while limitations in code-based development remain
Harness UI can do a lot of good things. Harness's UI should not feel very complicated. At the current stage, it feels very commercialized and compared to other platforms such as Argo CD or Jenkins, which feel much more lively and much more simple. Infrastructure as code or pipeline as code is something that Harness severely lacks. There is not a lot of good support for pipeline as code, and I often find myself not using pipeline as code the way other platforms such as GitHub Actions or Jenkins integrate pipeline as code. Pipeline as code is definitely one of the disadvantages when it comes to Harness. Additionally, the entire platform feels very commercialized, which is something that a lot of developers, especially open-source enthusiasts, might not appreciate even within the organization. One of the very important key factors I observed was that there is no way to execute nested pipelines, which means that we cannot execute child pipelines within child pipelines and child pipelines even within those child pipelines. There is no way to execute nested pipeline execution, which may or may not be required based on the use case, but it is definitely one of those features that I wish the platform had.
Valavan Sivgalingam - PeerSpot reviewer
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The features of Harness are valuable, supporting rolling deployments, basic deployments, and blue-green deployments with zero downtime."
"Everything in Harness is configured and runs smoothly."
"Harness has positively impacted my organization as several teams have already migrated to it, and some are in the process of moving, reducing the dependency on one specific platform and making it faster with shortened build times and much faster deployments."
"Harness positively impacts our organization by reducing deployment time, improving release confidence, and lowering operational overhead during deployment."
"It's a highly customizable DevOps tool."
"By adopting templates and various different pipelines across our own IDP platform, we have saved upwards of 30 to 40% of development time and also reduced risks of failures or error rates by upwards of 70%."
"Approximately seventy-five percent time was reduced in case of deployment and around sixty to sixty-five percent time was reduced while troubleshooting it."
"Harness integrates all functions like execution pipelines, environment checks, and log monitoring in one place, making it convenient."
"High level of accuracy and quick scanning."
"Netsparker has done an awesome job with its crawler, as it has found all of the links (also thanks to its good DOM parser)."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"The scanner and the result generator are valuable features for us."
"I like that it's stable and technical support is great."
"Netsparker provides a more interactive interface that is more appealing."
"I would rate the stability as ten out of ten."
"Invicti is a good product, and its API testing is also good."
 

Cons

"When integrating Harness with more than twenty applications in one place, it becomes less stable, causing improvements to be necessary."
"When deploying multiple components to multiple environments, like production and BCP, failures sometimes occur. Improvements are needed when deploying one component to one environment."
"Even with automation, there's a requirement for manual change requests for approvals."
"Infrastructure as code or pipeline as code is something that Harness severely lacks."
"I prefer the previous less compact UI version of Harness, which showed more details on the screen."
"The initial setup can be complex and time-consuming, and the advanced features may require some learning time due to a steep learning curve."
"There are some UI components that can be improved."
"One improvement I see for Harness is simplifying the configuration process for smaller teams or startups, as the platform offers powerful features that new users may require some time to understand."
"I find that the scannings are not sufficiently updated."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"Maybe supported clients can be improved. It still does not search vulnerabilities in DB2 databases, for example."
"Invicti takes too long with big applications, and there are issues with the login portal."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"Right now, they are missing the static application security part, especially web application security."
"The scanner itself should be improved because it is a little bit slow."
 

Pricing and Cost Advice

Information not available
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"It is competitive in the security market."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"The price should be 20% lower"
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"We never had any issues with the licensing; the price was within our assigned limits."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
25%
Manufacturing Company
8%
Computer Software Company
7%
Outsourcing Company
5%
Financial Services Firm
16%
Manufacturing Company
9%
Construction Company
7%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise1
Large Enterprise10
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
 

Questions from the Community

What needs improvement with Harness?
There are some UI components that can be improved. The needed UI improvements include more graphs, more history, the ability to create pipelines through the UI, and more interactions, with UI compo...
What is your primary use case for Harness?
My main use case for Harness is to create pipelines, deploy applications, and manage security pipelines. I use Harness to deploy applications to EC2 instances and Kubernetes instances, and I create...
What advice do you have for others considering Harness?
My advice for others looking into using Harness is to use AI capabilities, create pipelines, and then use it to deploy. Harness is a good tool. I would rate this review a nine out of ten.
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150 or sometimes less than $100, depending on the conversion or the number of licen...
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-to-neck competitors. Speaking about it, there are a couple of factors which they ...
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with respect to PAM, I have worked with BeyondTrust. I have not worked specifically fo...
 

Comparisons

 

Also Known As

Armory
Netsparker
 

Overview

 

Sample Customers

Linedata, Openbank, Home Depot, Advanced
Samsung, The Walt Disney Company, T-Systems, ING Bank
Find out what your peers are saying about Harness vs. Invicti and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.