No more typing reviews! Try our Samantha, our new voice AI agent.

Legit Security vs Veracode comparison

Legit Security and Veracode are both solutions in the Application Security Posture Management (ASPM) category. Legit Security is ranked #12, while Veracode is ranked #1 with an average rating of 8.0. Legit Security holds a 3.0% mindshare in ASPM, compared to Veracode’s 11.9% mindshare. Additionally, 100% of Legit Security users are willing to recommend the solution, compared to 89% of Veracode users who would recommend it.
Sponsored
Cortex Cloud by Palo Alto N...
Read 11 Cortex Cloud by Palo Alto Networks reviews
  • 1,955 Views
  • 176 Comparison Views
100% willing to recommend
Legit Security
Read 4 Legit Security reviews
  • 908 Views
  • 508 Comparison Views
100% willing to recommend
Veracode
Read 208 Veracode reviews
  • 19,227 Views
  • 3,461 Comparison Views
89% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 13, 2024

Veracode and Legit Security compete in software security solutions, each having distinct advantages. Veracode leads in pricing and support, while Legit Security may have an edge with its robust features.

Features: Veracode offers a range of security testing options including static and dynamic analysis, and software composition analysis. It is recognized for its integration capabilities and extensive scanning suite. Legit Security is notable for its CI/CD security integrations and real-time risk assessment, appealing to organizations focused on continuous integration practices.

Room for Improvement: Veracode could enhance its user interface for better ease of use, reduce false positives, and improve the speed of its scans. Legit Security might benefit from refining its secret detection capabilities, addressing its false positive rate, and expanding its feature set for broader security coverage.

Ease of Deployment and Customer Service: Veracode's straightforward SaaS deployment model is complemented by dedicated support. It integrates well but follows a more traditional installation process. Legit Security also offers a SaaS model with quick deployment and personalized service, promising faster configuration and setup.

Pricing and ROI: Veracode provides competitive pricing with an ROI focus through a broad suite of security features, beneficial for larger enterprises. Legit Security’s pricing aligns with its focus on CI/CD pipelines, offering a specific ROI advantage for companies prioritizing pipeline security.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Legit Security vs. Veracode Report (Updated: February 2026).
Buyer's Guide
Legit Security vs. Veracode
February 2026
Download the complete report
Helped 885,311 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex Cloud by Palo Alto N...
Sponsored
Ranking in Application Security Posture Management (ASPM)
6th
Average Rating
8.6
Reviews Sentiment
5.7
Number of Reviews
11
Ranking in other categories
Vulnerability Management (25th), Cloud Workload Protection Platforms (CWPP) (12th), Cloud Security Posture Management (CSPM) (17th), Cloud-Native Application Protection Platforms (CNAPP) (12th), Data Security Posture Management (DSPM) (12th), Software Supply Chain Security (7th), Cloud Infrastructure Entitlement Management (CIEM) (6th), Cloud Detection and Response (CDR) (4th)
Legit Security
Ranking in Application Security Posture Management (ASPM)
12th
Average Rating
10.0
Reviews Sentiment
7.8
Number of Reviews
4
Ranking in other categories
Software Supply Chain Security (13th)
Veracode
Ranking in Application Security Posture Management (ASPM)
1st
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
208
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Dynamic Application Security Testing (DAST) (1st)
 

Mindshare comparison

As of March 2026, in the Application Security Posture Management (ASPM) category, the mindshare of Cortex Cloud by Palo Alto Networks is 1.8%. The mindshare of Legit Security is 3.0%, up from 2.4% compared to the previous year. The mindshare of Veracode is 11.9%, down from 24.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Posture Management (ASPM) Mindshare Distribution
ProductMindshare (%)
Veracode11.9%
Cortex Cloud by Palo Alto Networks1.8%
Legit Security3.0%
Other83.3%
Application Security Posture Management (ASPM)
 

Featured Reviews

SJ
Sonali Jha
Technical Solutions Architect at IBM
Cloud security has improved as AI-driven runtime protection detects threats and reduces incidents
In my opinion, Cortex Cloud by Palo Alto Networks could be improved or enhanced in various ways. I don't have an idea about that yet because for that you actually need to use two or three different other tools to make a basic comparison. If you ask me how good the tool is, I would fairly rate it quite high. The tool is very popular, and customers can already see that it is one of the cloud leaders in the security space. The platform had a very good feature which provides documentation links about how to use a specific feature on the UI. It takes you to the proper documentation page where it suggests what to do and tells you about the steps that need to be done for a resource deployment. My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella. It has XDR, XSOAR, and Cortex Cloud by Palo Alto Networks. Before, we used to have separate modules and separate environments for each of these capabilities or features. Right now, it is a little complex and users would take their own time to know the tool better. This is something that would have been way better, but I would say there would be different opinions on this. Talking about user-friendliness, it has decreased now.
Read full review
Tim Crothers - PeerSpot reviewer
Tim Crothers
CISO at Mandiant / FireEye
Provides strong visibility, straightforward integration, and reduces the risk of attacks
Legit Security is a product that hyper-focuses on the various aspects of the software development pipeline. For example, if an engineer spins off a new project and stands up a new Git project, Legit automatically detects it, connects Snyk and other tools, and ensures the engineering team doesn't have to think about it. This way, we stay on top of security from the beginning. On the other hand, Legit provides a clear view of the controls around repositories. We have standards requiring code reviews and similar practices, and Legit shows us whether these are being followed. Additionally, Legit helps us identify unmaintained repositories, which often arise when engineering teams try something and leave it behind. This knowledge allows us to determine the appropriate action for these neglected projects. One area where Legit falls short is secret detection. While it functions well overall, the feature has a 10-20 percent false positive rate, requiring some manual intervention. Almost everything else works flawlessly. The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates. Unlike traditional programs that require security reviews at specific stages, hindering development flow, we strive to partner with the product engineering team to ship secure code seamlessly within their existing workflows. Legit plays a crucial role in this by automatically notifying us of new projects, eliminating the need for manual communication. This partnership approach, enabled by Legit, allows us to work much closer with our engineering teams than ever before.
Read full review
reviewer2703864 - PeerSpot reviewer
reviewer2703864
Head of Security Architecture at a healthcare company with 5,001-10,000 employees
Onboarding developers successfully while improving code security through IDE integration
Regarding room for improvement, we have some problems when onboarding new projects because the build process has to be done in a certain way, as Veracode analyzes the binaries and not the code by itself alone. If the process is not configured correctly, it doesn't work. That's one of the things that we are discussing with Veracode. Something positive that we've been able to do is submit formal feature requests to them, and they are working on them; they've already solved some of them. This encourages us to propose new ideas and improvements. Another improvement that we asked for this use case is to be able to configure how Veracode Fix proposes and fixes because sometimes it makes proposals using libraries that go against our architecture design made by the enterprise architecture team. For example, we want them to propose using another library, and that's something we already asked Veracode, and they are working on it. We want to specify when you see this kind of vulnerability, you can only propose these two options.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The AI and automation features in detecting and responding to high-risk threats are impressive; it's one of the best tools regarding AI technology and unifies security in one platform in real-time, improving vulnerability analysis, incident response, and compliance reporting."
"I have seen several benefits from using Cortex Cloud by Palo Alto Networks: It was easy to use and easy to migrate from the IBM platform."
"I have absolutely seen improvements in our incident close rates, with mean time to detect and respond reduced significantly, sometimes by at least forty to fifty percent."
"From a technical standpoint or pricing, Cortex Cloud by Palo Alto Networks is a stronger solution in the market at the moment compared to other products from ConnectWise or Symantec."
"The most beneficial aspect of Cortex Cloud by Palo Alto Networks and Palo Alto in general is that there is a single platform for all cloud providers for securitization."
"Cortex Cloud by Palo Alto Networks has impacted our organization positively by keeping our machines secure and our team using the dashboard to find issues quickly."
"Previously with Cortex Cloud by Palo Alto Networks, I deployed this product for one of my customers, and after three to four months, they said that previously they had around four hours of MTTR, and now it has reduced to just 15 to 20 minutes."
"Cortex Cloud by Palo Alto Networks' cloud runtime security in terms of stopping attacks in real time is impressive."
More Cortex Cloud by Palo Alto Networks pros
"Legit has had a positive effect on our overall security posture."
"Legit has increased my security posture to a level I couldn't achieve before. I don't need to worry as much about what's happening within my developer environments. I can rest assured that my vulnerabilities are being detected."
"We implemented Legit Security to gain visibility into all development teams and ensure that consistent controls are in place and accounted for on every route."
"The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates."
"Overall, we've never had any problem with vulnerable code going into production."
"It has almost completely eliminated the presence of SQLi vulnerabilities."
"Veracode provides faster scans compared to other static analysis security testing tools."
"Static Scanning is the most valuable feature of Veracode."
"We have used the results of scans to train our people and make them more sensitive to security issues during development, and our customers benefit from the fact that the application is more secure."
"All of the Veracode applications operate as one platform, and with Veracode, you get a single pane of glass and reporting that you can combine with the different scan types to look at compliance."
"When those scans kick, Veracode integrates back into our JIRA and actually open tickets with the appropriate development teams. We can use that as a measurement of vulnerabilities opened, closed; we can tie them to releases. So, we get a whole lot more statistical information about security in our software products."
"The platform itself has a lot of AppSec best practices information, especially in the mitigation recommendation process."
More Veracode pros
 

Cons

"My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella."
"The pricing is high, making ROI challenging to justify, especially during transitions between solutions."
"Cortex Cloud by Palo Alto Networks is not the cheapest solution in the market, but I know that is the best solution for SOC and Cloud once have all tools to connect cloud issues with SOC procedures, because we are partners with T-Systems."
"The negative aspects or areas for improvement in the product include the fact that the cost might be a bit high, which challenges commercials, but not technically."
"From the commercial perspective, we have some limitations because Palo Alto has a minimum number of users of endpoints set at 200, which is quite high for the Italian market."
"Cortex Cloud by Palo Alto Networks is creating some confusion in terms of names because this is recent."
"In my opinion, Cortex Cloud by Palo Alto Networks can be improved by addressing forensic information collection and storage, although I cannot suggest specific things right now, based on what customers might need."
"Some aspects of the GUI can be confusing and make it difficult for me to find certain options or navigate where needed."
More Cortex Cloud by Palo Alto Networks cons
"The one we're working on right now is the ability to dynamically rerun development teams and groups."
"One issue is that engineering teams don't always embed secrets in the same way, making it difficult for the tool to consistently identify them."
"Legit Security could do a little better with detecting publicly exposed keys. It's not bad. The detections that they are running get to everything eventually, but it would be great if they could increase some of that awareness."
"I would like them to have their own static code scanner, and I'd like them to have their own open-source software scanners."
"It could have better integration with our pipeline. If we could have better integration with our application pipeline, e.g., Jira, Bamboo, or Azure DevOps, then that will be very helpful."
"The policies you have, where you can tune the findings you get, don't allow you not to file tickets about certain findings. It will always report the findings, even if you know you're not that concerned about a library writing to a system log, for example. It will keep raising them, even though you may have a ticket about it. The integration will keep updating the ticket every time the scan runs."
"I have contacted the technical support and customer support. With Veracode's technical support, for some issues, it has been really difficult for them to understand the problem, and they ask us to do some tests we've already told them we completed in the first ticket."
"The Web portal, at times, is not necessarily intuitive."
"I haven't heard about any problems so far. However, it would be great if Veracode automatically packaged stuff up for you."
"The dynamic scanning feature works, but it doesn't work properly for some of our applications. It doesn't allow us to skip. They claim that we can do this, but it doesn't work when we're scanning the applications in real-time."
"We have encountered occasional issues with scalability."
"The scanning process could be more streamlined as it has certain limitations when performing manual scans."
More Veracode cons
 

Pricing and Cost Advice

Information not available
"The pricing is reasonable."
"Veracode's price is reasonable."
"Veracode is fairly priced."
"Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward."
"Pricing/licensing is complicated."
"The product’s price is a bit higher compared to other solutions."
"Veracode is expensive. But the solution is worth it."
"We are still considering it at the enterprise level. It has a subscription-based model. We find its price a little high based on the features it provides."
"It's too expensive for the European market. That is why, in a big bank with 400 applications, we are able to use it only for 10 of them. But the other solutions are also expensive, so it wasn't a differentiator."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Posture Management (ASPM) solutions are best for your needs.
See recommendations
885,311 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
9%
Manufacturing Company
8%
Construction Company
7%
Performing Arts
7%
Financial Services Firm
15%
University
12%
Computer Software Company
9%
Retailer
8%
Financial Services Firm
16%
Computer Software Company
12%
Manufacturing Company
11%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise1
Large Enterprise4
No data available
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise45
Large Enterprise114
 

Questions from the Community

What is your experience regarding pricing and costs for Cortex Cloud by Palo Alto Networks?
The solution is costly, with high-end capabilities suitable for enterprises. It is less affordable for startups or sm...
See all answers
What needs improvement with Cortex Cloud by Palo Alto Networks?
As per my experience with Cortex Cloud by Palo Alto Networks, the UI could be simpler. There are few features which a...
See all answers
What is your primary use case for Cortex Cloud by Palo Alto Networks?
My use case for Cortex Cloud by Palo Alto Networks is for CSPM, application security, and IAM. I use it for checking ...
See all answers
Ask a question
Earn 20 points
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. Son...
See all answers
What do you like most about Veracode Static Analysis?
I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabil...
See all answers
What is your experience regarding pricing and costs for Veracode Static Analysis?
My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.
See all answers
 

Comparisons

Wiz vs Cortex Cloud by Palo Alto Networks Logo
Wiz vs Cortex Cloud by Palo Alto Networks
Compared 15% of the time
Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks Logo
Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks
Compared 14% of the time
SentinelOne Singularity Cloud Security vs Cortex Cloud by Palo Alto Networks Logo
SentinelOne Singularity Cloud Security vs Cortex Cloud by Palo Alto Networks
Compared 9% of the time
Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks Logo
Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks
Compared 6% of the time
WithSecure Elements Exposure Management (XM) vs Cortex Cloud by Palo Alto Networks Logo
WithSecure Elements Exposure Management (XM) vs Cortex Cloud by Palo Alto Networks
Compared 6% of the time
More Cortex Cloud by Palo Alto Networks Competitors
Docker vs Legit Security Logo
Docker vs Legit Security
Compared 28% of the time
Ox Security vs Legit Security Logo
Ox Security vs Legit Security
Compared 13% of the time
Apiiro vs Legit Security Logo
Apiiro vs Legit Security
Compared 9% of the time
Ivanti Neurons for ASPM vs Legit Security Logo
Ivanti Neurons for ASPM vs Legit Security
Compared 9% of the time
GitGuardian Platform vs Legit Security Logo
GitGuardian Platform vs Legit Security
Compared 8% of the time
More Legit Security Competitors
SonarQube vs Veracode Logo
SonarQube vs Veracode
Compared 9% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 7% of the time
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
Compared 4% of the time
Coverity Static vs Veracode Logo
Coverity Static vs Veracode
Compared 3% of the time
OWASP Zap vs Veracode Logo
OWASP Zap vs Veracode
Compared 3% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
Cortex Cloud by Palo Alto Networks
March 2026
Cortex Cloud by Palo Alto Networks reportDownload Cortex Cloud by Palo Alto Networks product report
Buyer's Guide
Legit Security
March 2026
Legit Security reportDownload Legit Security product report
Buyer's Guide
Veracode
March 2026
Veracode reportDownload Veracode product report
 

Also Known As

No data available
No data available
Crashtest Security , Veracode Detect
 

Overview

Cortex Cloud by Palo Alto Networks enhances cloud security with features like AI/ML threat detection and automated remediation, ensuring real-time protection and efficient management across cloud environments.

Cortex Cloud by Palo Alto Networks offers comprehensive cloud security posture management and runtime protection. It reduces manual tasks and accelerates incident investigation through advanced threat detection and AI-driven anomaly detection. With integration to the MITRE ATT&CK framework, it boosts threat response while reducing incident resolution time. Although users find the UI complex and pricing high, its capabilities in securing AWS, Azure, and other environments, as well as its potential integration with CyberArk, emphasize its enterprise-ready design for cloud transformation across diverse industry sectors.

What are the key features of Cortex Cloud by Palo Alto Networks?
  • Runtime Protection: Ensures real-time security for workloads.
  • AI/ML-powered Threat Detection: Identifies threats using AI/ML technology.
  • Automated Remediation: Streamlines threat response through automation.
  • Comprehensive Detection Coverage: Offers extensive detection capabilities with unified data.
  • Integration with MITRE ATT&CK: Enhances threat response efficiency.
What benefits or ROI should users consider?
  • Enhanced Security Visibility: Provides dashboards for better security insights.
  • Reduced Manual Tasks: Automates processes for efficiency gains.
  • Improved Threat Response: Accelerates incident resolution with AI-driven anomaly detection.
  • Seamless Cloud Integration: Supports APIs and multi-cloud environments.

Cortex Cloud by Palo Alto Networks is deployed across industries like telecom, BFSI, and manufacturing for robust cloud security. It's leveraged for detecting misconfigurations and vulnerabilities, aiding cloud transformation and compliance with standards such as GDPR and NIST. The integration across cloud infrastructures, including AWS and Azure, supports policy creation and threat management strategies for diverse enterprises.

Palo Alto Networks

Legit Security provides application security posture management platform that secures application delivery from code to cloud and protects an organization's software supply chain from attack. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Legit Security

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

  • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
  • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
  • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
  • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
  • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

  • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
  • Scalability - Supports organizations with large-scale application portfolios.
  • Compliance support - Ensures applications meet various security standards and regulations.
  • Developer training - Provides tools for educating developers on secure coding practices.
  • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode
 

Sample Customers

Information Not Available
Google, NYSE, Kraft-Hienz, Takeda Pharmaceuticals, and many other large enterprise and Fortune 500 customers. Learn more by going to: https://www.legitsecurity.com/...
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
Legit Security vs. Veracode
February 2026
Free Report: Legit Security vs. Veracode
Find out what your peers are saying about Legit Security vs. Veracode and other solutions. Updated: February 2026.
DOWNLOAD NOW
885,311 professionals have used our research since 2012.
See our Legit Security vs. Veracode report.
See our list of best Application Security Posture Management (ASPM) vendors.

We monitor all Application Security Posture Management (ASPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.