Legit Security vs Veracode comparison

Legit Security and Veracode are both solutions in the Application Security Posture Management (ASPM) category. Legit Security is ranked #12, while Veracode is ranked #1 with an average rating of 8.1. Additionally, 100% of Legit Security users are willing to recommend the solution, compared to 89% of Veracode users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 13, 2024

Veracode and Legit Security compete in software security solutions, each having distinct advantages. Veracode leads in pricing and support, while Legit Security may have an edge with its robust features.

Features: Veracode offers a range of security testing options including static and dynamic analysis, and software composition analysis. It is recognized for its integration capabilities and extensive scanning suite. Legit Security is notable for its CI/CD security integrations and real-time risk assessment, appealing to organizations focused on continuous integration practices.

Room for Improvement: Veracode could enhance its user interface for better ease of use, reduce false positives, and improve the speed of its scans. Legit Security might benefit from refining its secret detection capabilities, addressing its false positive rate, and expanding its feature set for broader security coverage.

Ease of Deployment and Customer Service: Veracode's straightforward SaaS deployment model is complemented by dedicated support. It integrates well but follows a more traditional installation process. Legit Security also offers a SaaS model with quick deployment and personalized service, promising faster configuration and setup.

Pricing and ROI: Veracode provides competitive pricing with an ROI focus through a broad suite of security features, beneficial for larger enterprises. Legit Security’s pricing aligns with its focus on CI/CD pipelines, offering a specific ROI advantage for companies prioritizing pipeline security.

To learn more, read our detailed Legit Security vs. Veracode Report (Updated: December 2025).

Buyer's Guide

Legit Security vs. Veracode

December 2025

Download the complete report

Helped 881,082 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex Cloud by Palo Alto N...

Featured Reviews

Nuno-Santos

Cybersecurity Analyst at a tech services company with 11-50 employees

Has improved real-time threat detection and unified cloud protection through AI and automation

Cortex Cloud by Palo Alto Networks is creating some confusion in terms of names because this is recent. They changed the names of the products and are now clarifying their offer. The family of the products is not easy to follow because it's very recent. Regarding the generative AI security tool, I know for sure it's Agentic. Based on my experience with Palo Alto, I can suggest what Cortex Cloud by Palo Alto Networks could make better or what additional functions could be added. This is the best tool in the market. It's not the time to tell what they could do better because it's a recent tool. The market is now adopting it. Our experience doesn't show that they need to do more.

Read full review

Tim Crothers

CISO at Mandiant / FireEye

Provides strong visibility, straightforward integration, and reduces the risk of attacks

Legit Security is a product that hyper-focuses on the various aspects of the software development pipeline. For example, if an engineer spins off a new project and stands up a new Git project, Legit automatically detects it, connects Snyk and other tools, and ensures the engineering team doesn't have to think about it. This way, we stay on top of security from the beginning. On the other hand, Legit provides a clear view of the controls around repositories. We have standards requiring code reviews and similar practices, and Legit shows us whether these are being followed. Additionally, Legit helps us identify unmaintained repositories, which often arise when engineering teams try something and leave it behind. This knowledge allows us to determine the appropriate action for these neglected projects. One area where Legit falls short is secret detection. While it functions well overall, the feature has a 10-20 percent false positive rate, requiring some manual intervention. Almost everything else works flawlessly. The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates. Unlike traditional programs that require security reviews at specific stages, hindering development flow, we strive to partner with the product engineering team to ship secure code seamlessly within their existing workflows. Legit plays a crucial role in this by automatically notifying us of new projects, eliminating the need for manual communication. This partnership approach, enabled by Legit, allows us to work much closer with our engineering teams than ever before.

Read full review

reviewer2703864

Head of Security Architecture at a healthcare company with 5,001-10,000 employees

Onboarding developers successfully while improving code security through IDE integration

Regarding room for improvement, we have some problems when onboarding new projects because the build process has to be done in a certain way, as Veracode analyzes the binaries and not the code by itself alone. If the process is not configured correctly, it doesn't work. That's one of the things that we are discussing with Veracode. Something positive that we've been able to do is submit formal feature requests to them, and they are working on them; they've already solved some of them. This encourages us to propose new ideas and improvements. Another improvement that we asked for this use case is to be able to configure how Veracode Fix proposes and fixes because sometimes it makes proposals using libraries that go against our architecture design made by the enterprise architecture team. For example, we want them to propose using another library, and that's something we already asked Veracode, and they are working on it. We want to specify when you see this kind of vulnerability, you can only propose these two options.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Cortex Cloud by Palo Alto Networks has impacted our organization positively by keeping our machines secure and our team using the dashboard to find issues quickly."

"Overall, Cortex Cloud by Palo Alto Networks is a technically strong product, and I rate it ten out of ten."

"I have seen several benefits from using Cortex Cloud by Palo Alto Networks: It was easy to use and easy to migrate from the IBM platform."

"The AI and automation features in detecting and responding to high-risk threats are impressive; it's one of the best tools regarding AI technology and unifies security in one platform in real-time, improving vulnerability analysis, incident response, and compliance reporting."

"I have absolutely seen improvements in our incident close rates, with mean time to detect and respond reduced significantly, sometimes by at least forty to fifty percent."

"We implemented Legit Security to gain visibility into all development teams and ensure that consistent controls are in place and accounted for on every route."

"Legit has had a positive effect on our overall security posture."

"The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates."

"Legit has increased my security posture to a level I couldn't achieve before. I don't need to worry as much about what's happening within my developer environments. I can rest assured that my vulnerabilities are being detected."

"Considering that in my project, we are mostly using Software Composition Analysis as a part of Static Code Analysis, for me, the main part is reporting and highlighting necessary vulnerabilities. Veracode platform has a rather good database of different vulnerabilities in different libraries and different sources. So, finding vulnerabilities in third-party libraries is the main feature of Software Composition Analysis that we use. It is the most important feature for us."

"It's not "one policy fits all." I really like that Veracode allows me to set up specific policies that I can apply to applications."

"The Security Labs [is] where I have the developers training and constantly improving their security, and remembering their security techniques. That way, they are more proactive and make sure things are correct. They're faster because they're doing it in the first place."

"The ease of integration with Bitbucket pipelines and Git pipelines is vital for us."

"The article scanning is excellent."

"To me, the principal feature is the CLI (command-line interface) because I put together a lot of implementations using it. Another important aspect is the low false-positive rate because the solution is very configurable. It is as low as 1 percent and that is a huge difference compared to competitors."

"The integration with DevOps pipelines is seamless."

"The coding standards in our development group have improved. From scanning our code we've learned the patterns and techniques to make our code more secure. An example would be SQL injection. We have mitigated all the SQL injection in our applications."

More Veracode pros

Cons

"Some aspects of the GUI can be confusing and make it difficult for me to find certain options or navigate where needed."

"Cortex Cloud by Palo Alto Networks is creating some confusion in terms of names because this is recent."

"The pricing is high, making ROI challenging to justify, especially during transitions between solutions."

"Overall, I rate Cortex Cloud by Palo Alto Networks as an eight out of ten. I think that it could improve on price, as I know that the Google solution has the best price, and this is one of the conditions."

"I would like them to have their own static code scanner, and I'd like them to have their own open-source software scanners."

"One issue is that engineering teams don't always embed secrets in the same way, making it difficult for the tool to consistently identify them."

"The one we're working on right now is the ability to dynamically rerun development teams and groups."

"Legit Security could do a little better with detecting publicly exposed keys. It's not bad. The detections that they are running get to everything eventually, but it would be great if they could increase some of that awareness."

"The on-platform reporting needs to be opened up much more. We'd like to be able to look at the inspection data from a trending perspective in a much more open manner. I need to be able to sort and filter much more flexibly than I can today."

"In the next release, I would like a proper way of packaging files for scanning and the packing of IOS apps and API Dynamic scan methodology."

"I'd like to see an improved component of it work in a DevOps world, where the scanning speed does not impede progress along the AppSec pipeline."

"A high number of false positives are reported and this should be reduced."

"One of the things that we have from a reporting point of view, is that we would love to see a graphical report. If you look through a report for something that has come back from Veracode, it takes a whole lot of time to just go through all the pages of the code to figure out exactly what it says. We know certain areas don’t have the greatest security features but those are usually minor and we don’t want to see those types of notifications."

"The scanning process for records could be faster and there is room for improvement in Veracode's performance."

"It needs better APIs, reporting that I can easily query through the APIs and, preferably, a license model that I can predict."

"It can take time to find options if you don’t use the interface a lot. At some point, a bit of interface restyling may help."

More Veracode cons

Pricing and Cost Advice

Information not available

"The pricing is reasonable."

"If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."

"It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."

"Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode."

"Veracode provides value for the cost, with no additional charges apart from the standard licensing fee."

"Aside from the standard licensing fees, we also have to pay for a competent Success Manager."

"The pricing and licensing are reasonable, and relatively straightforward, and different licensing and subscription models are available."

"The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."

"We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Posture Management (ASPM) solutions are best for your needs.

See recommendations

881,082 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Performing Arts

10%

Financial Services Firm

10%

Manufacturing Company

Computer Software Company

Financial Services Firm

16%

University

12%

Computer Software Company

12%

Educational Organization

Financial Services Firm

17%

Computer Software Company

13%

Manufacturing Company

10%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

By reviewers
Company Size	Count
Small Business	69
Midsize Enterprise	44
Large Enterprise	115

Questions from the Community

What is your experience regarding pricing and costs for Cortex Cloud by Palo Alto Networks?

The solution is costly, with high-end capabilities suitable for enterprises. It is less affordable for startups or sm...

See all answers

What needs improvement with Cortex Cloud by Palo Alto Networks?

Regarding areas for improvement, the tool performs its functions well, but frequent name changes across Palo Alto Net...

See all answers

What is your primary use case for Cortex Cloud by Palo Alto Networks?

Cortex Cloud by Palo Alto Networks serves as our primary tool for understanding our assets and performing API integra...

See all answers

Ask a question

Earn 20 points

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. Son...

See all answers

What do you like most about Veracode Static Analysis?

I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabil...

See all answers

What is your experience regarding pricing and costs for Veracode Static Analysis?

My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.

See all answers

Comparisons

Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks

Compared 19% of the time

Wiz vs Cortex Cloud by Palo Alto Networks

Compared 17% of the time

Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks

Compared 8% of the time

SentinelOne Singularity Cloud Security vs Cortex Cloud by Palo Alto Networks

Compared 7% of the time

AWS GuardDuty vs Cortex Cloud by Palo Alto Networks

Compared 6% of the time

More Cortex Cloud by Palo Alto Networks Competitors

Docker vs Legit Security

Compared 25% of the time

Ox Security vs Legit Security

Compared 15% of the time

Apiiro vs Legit Security

Compared 13% of the time

Ivanti Neurons for ASPM vs Legit Security

Compared 10% of the time

Cycode vs Legit Security

Compared 9% of the time

More Legit Security Competitors

SonarQube vs Veracode

Compared 12% of the time

Checkmarx One vs Veracode

Compared 8% of the time

GitHub Advanced Security vs Veracode

Compared 5% of the time

Coverity Static vs Veracode

Compared 4% of the time

OWASP Zap vs Veracode

Compared 3% of the time

More Veracode Competitors

Product Reports

Buyer's Guide

Cortex Cloud by Palo Alto Networks

January 2026

Cortex Cloud by Palo Alto Networks report

Download Cortex Cloud by Palo Alto Networks product report

Buyer's Guide

Legit Security

January 2026

Download Legit Security product report

Buyer's Guide

Veracode

January 2026

Download Veracode product report

Also Known As

No data available

Crashtest Security , Veracode Detect

Overview

Cortex Cloud by Palo Alto Networks provides comprehensive cybersecurity management, focusing on enhancing security operations with advanced automation and threat intelligence, addressing complex security challenges efficiently.

Cortex Cloud by Palo Alto Networks integrates cloud-scale data analytics and automation to streamline security operations, enabling faster threat detection and response. It leverages AI and machine learning to provide real-time threat intelligence and automate routine tasks, reducing the burden on security teams. Users benefit from improved visibility across networks and greater operational efficiency, making it crucial for enterprises aiming to secure their digital assets against evolving cyber threats.

What are the key features of Cortex Cloud by Palo Alto Networks?

Automated Threat Detection: Identifies and mitigates threats in real-time using AI algorithms.
Advanced Analytics: Provides in-depth data insights for proactive threat prevention.
Incident Management: Streamlines incident response with automated workflows.
Scalable Architecture: Offers flexibility to grow with organizational needs.

What benefits or ROI should you expect from Cortex Cloud by Palo Alto Networks reviews?

Increased Efficiency: Automation reduces manual efforts in threat management.
Enhanced Security Posture: Improved visibility leads to better threat preparedness.
Cost Savings: Minimizes expenses related to manual threat detection and response.
Scalability: Grows with the organization, reducing the need for constant upgrades.

Cortex Cloud by Palo Alto Networks is favored in sectors like finance, healthcare, and telecommunications, where data security is paramount. Its ability to integrate with existing infrastructure and provide real-time insights makes it a preferred choice for securing sensitive information and ensuring compliance within industry regulations.

Palo Alto Networks

Legit Security provides application security posture management platform that secures application delivery from code to cloud and protects an organization's software supply chain from attack. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Legit Security

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode

Sample Customers

Information Not Available

Google, NYSE, Kraft-Hienz, Takeda Pharmaceuticals, and many other large enterprise and Fortune 500 customers. Learn more by going to: https://www.legitsecurity.com/...

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Buyer's Guide

Legit Security vs. Veracode

December 2025

Free Report: Legit Security vs. Veracode

Find out what your peers are saying about Legit Security vs. Veracode and other solutions. Updated: December 2025.

DOWNLOAD NOW

881,082 professionals have used our research since 2012.

See our Legit Security vs. Veracode report.

See our list of best Application Security Posture Management (ASPM) vendors.

We monitor all Application Security Posture Management (ASPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.