Try our new research platform with insights from 80,000+ expert users

JFrog Xray vs Veracode comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
3.5
JFrog Xray improved efficiency, security, and compliance, reduced downtime, and sped up release cycles with enhanced vulnerability detection and reporting.
Sentiment score
6.6
Veracode enhances security, reduces costs, and boosts efficiency, with varied ROI perceptions, but some struggle to quantify it financially.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
 

Customer Service

Sentiment score
4.0
JFrog Xray's customer service is generally well-received, with positive technical support, though not all users engage directly.
Sentiment score
7.2
Veracode's customer service is praised for expertise and responsiveness, though variability and time zones can affect efficiency.
When we need clarifications, we contact our account manager, and they arrange demos.
On a scale of 1 to 10, I would rate the technical support of JFrog Xray an eight because they are very knowledgeable.
Access to the engineering team is crucial for faster feedback on the product fix process.
I have communicated with the technical support of Veracode a couple of times, and this was a really great experience because these professionals know their material.
They share detailed information via email, including screenshots or further clarification about the issue.
 

Scalability Issues

Sentiment score
6.8
JFrog Xray is scalable and suitable for multiple applications, despite PostgreSQL limitations and some performance challenges.
Sentiment score
7.4
Veracode efficiently scales, supports large applications and users, integrates seamlessly, providing fast results with minimal challenges or performance issues.
According to my use case, it is highly scalable.
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
Implementing these features into our normal CI/CD was good, so I can say that scalability is really good.
 

Stability Issues

Sentiment score
7.6
JFrog Xray is praised for stability and security, compared favorably to competitors, with minor concerns about PostgreSQL support.
Sentiment score
7.8
Veracode is highly stable with minimal downtime, effective workload handling, and no significant operational issues reported by users.
I use JFrog Xray primarily for security purposes, and I find it reliable.
We did experience crashes, downtimes, and performance issues with JFrog Xray.
If the Veracode server is down, we experience many issues during the scan.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
 

Room For Improvement

Users demand better reporting, documentation, UI, site performance, API limits, custom reports, vulnerability management, and integration support.
Veracode needs improvements in false positives, interface, speed, reporting, tool integration, language support, cost, APIs, and documentation.
When we have given a very long tag, it doesn't work as expected and requires excessive scrolling.
somehow you need to adapt your GitLab pipeline and turn them into JFrog pipeline, and this is something they don't really advertise at first—you're obliged to use the JFrog CLI.
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
 

Setup Cost

Veracode's pricing is high, valued for features, but complex and costly for small organizations, justified for large enterprises.
JFrog Xray provides a free trial of 14 days.
The basic scanning capabilities come with Artifactory, however, curation requires additional licenses.
It's not the most expensive solution.
Overall, Veracode's pricing is lower and more scalable than many alternatives in the market.
If there's a security gap, you'll never know the cost or effect.
 

Valuable Features

JFrog Xray offers deep scanning, seamless integration with Artifactory, robust vulnerabilities management, flexible deployment, and attractive pricing.
Veracode offers static code analysis, integrates with development tools, provides remediation guidance, and enhances security while ensuring scalability and compliance.
The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features.
The policy-driven approach of JFrog Xray helped me maintain security standards by integrating it in the development pipeline.
With other registries such as ECR, we can use the images only in the AWS cloud. With JFrog, we can use this registry from any cloud or work locally as well.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
 

Categories and Ranking

JFrog Xray
Ranking in Container Security
18th
Ranking in Software Composition Analysis (SCA)
6th
Average Rating
7.8
Reviews Sentiment
6.3
Number of Reviews
10
Ranking in other categories
Vulnerability Management (32nd), Software Supply Chain Security (2nd)
Veracode
Ranking in Container Security
8th
Ranking in Software Composition Analysis (SCA)
3rd
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
204
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)
 

Mindshare comparison

As of September 2025, in the Container Security category, the mindshare of JFrog Xray is 3.8%, up from 2.3% compared to the previous year. The mindshare of Veracode is 3.5%, down from 4.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Market Share Distribution
ProductMarket Share (%)
Veracode3.5%
JFrog Xray3.8%
Other92.7%
Container Security
 

Featured Reviews

Anand Nanwana - PeerSpot reviewer
Offers flexibility across clouds and easy credential management while interface improvements are needed
For JFrog Xray, the Artifactory and package repositories are valuable features. There are many benefits from JFrog Xray. For example, with other registries such as ECR, we can use the images only in the AWS cloud. With JFrog, we can use this registry from any cloud or work locally as well. JFrog can support multiple packages, such as NuGet package, pip, and other technologies. It can be used for Terraform as well. The credential management is very easy in JFrog. For instance, when using GitHub action as a CI/CD tool, I just need to create a token and set up JFrog CLI there and give access to the repository. With multiple repositories, I can generate a token for a specific repository, add that token in the GitHub secret, fetch from the CI/CD, run the command JFrog CLI, and authenticate through the token. Then we can push the images into JFrog.
Kv Rao - PeerSpot reviewer
Integrates pipelines smoothly and fortifies code against vulnerabilities
I use Veracode in multiple places including static code analysis, penetration testing, and dynamic code analysis. It is part of our pipeline and integrates well with Bitbucket and Git pipelines The ease of integration with Bitbucket pipelines and Git pipelines is vital for us. Veracode allows us…
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
867,676 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
25%
Manufacturing Company
12%
Computer Software Company
11%
Government
5%
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business1
Midsize Enterprise3
Large Enterprise6
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise43
Large Enterprise112
 

Questions from the Community

What do you like most about JFrog Xray?
JFrog Xray shows us a list of vulnerabilities that can impact our code.
What needs improvement with JFrog Xray?
The UI of JFrog Xray could be improved. There is a dialogue box in the Xray section that doesn't always work properly. When we have given a very long tag, it doesn't work as expected and requires e...
What is your primary use case for JFrog Xray?
I work with JFrog Xray. I use JFrog as an Artifactory registry and package registry. In JFrog Xray, there are many artifactories. I can configure tokens for each repository and give access to speci...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What do you like most about Veracode?
The SAST and DAST modules are great.
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
 

Also Known As

JFrog Security Essentials
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

google, amazon, cisco, netflix, oracle, vmware, facebook
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about JFrog Xray vs. Veracode and other solutions. Updated: July 2025.
867,676 professionals have used our research since 2012.