No more typing reviews! Try our Samantha, our new voice AI agent.

Ox Security vs Veracode comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex Cloud by Palo Alto N...
Sponsored
Ranking in Application Security Posture Management (ASPM)
7th
Average Rating
8.6
Reviews Sentiment
5.7
Number of Reviews
11
Ranking in other categories
Vulnerability Management (30th), Cloud Workload Protection Platforms (CWPP) (13th), Cloud Security Posture Management (CSPM) (16th), Cloud-Native Application Protection Platforms (CNAPP) (12th), Data Security Posture Management (DSPM) (11th), Software Supply Chain Security (8th), Cloud Infrastructure Entitlement Management (CIEM) (7th), Cloud Detection and Response (CDR) (5th)
Ox Security
Ranking in Application Security Posture Management (ASPM)
10th
Average Rating
8.0
Reviews Sentiment
8.1
Number of Reviews
1
Ranking in other categories
Static Application Security Testing (SAST) (25th), Software Composition Analysis (SCA) (18th), Software Supply Chain Security (9th)
Veracode
Ranking in Application Security Posture Management (ASPM)
1st
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
208
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Container Security (12th), Software Composition Analysis (SCA) (1st), Static Code Analysis (1st), Dynamic Application Security Testing (DAST) (1st)
 

Featured Reviews

SJ
Technical Solutions Architect at IBM
Cloud security has improved as AI-driven runtime protection detects threats and reduces incidents
In my opinion, Cortex Cloud by Palo Alto Networks could be improved or enhanced in various ways. I don't have an idea about that yet because for that you actually need to use two or three different other tools to make a basic comparison. If you ask me how good the tool is, I would fairly rate it quite high. The tool is very popular, and customers can already see that it is one of the cloud leaders in the security space. The platform had a very good feature which provides documentation links about how to use a specific feature on the UI. It takes you to the proper documentation page where it suggests what to do and tells you about the steps that need to be done for a resource deployment. My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella. It has XDR, XSOAR, and Cortex Cloud by Palo Alto Networks. Before, we used to have separate modules and separate environments for each of these capabilities or features. Right now, it is a little complex and users would take their own time to know the tool better. This is something that would have been way better, but I would say there would be different opinions on this. Talking about user-friendliness, it has decreased now.
Francisco Javier Vergara - PeerSpot reviewer
SecOps Engineer at IriusRisk
Centralized visibility has reduced vulnerability noise and prioritizes real exploit risks
The best features Ox Security offers in my experience are its ability to provide context to a vulnerability and determine if a vulnerability is likely to be exploited or not. Ox Security delivers context through a mix of several things, including dashboards and its prioritization scoring system. Basically, if you have some configuration and your software is vulnerable to some kind of vulnerability, but that exact code doesn't execute the vulnerable code itself, it determines that the risk is unlikely to be exploited, for example. Ox Security has positively impacted my organization by helping to reduce the amount of noise we received from vulnerabilities because of the prioritization scoring it has and all of the context it provides. Regarding measurable outcomes, I would say that it has reduced the amount of noise by about forty percent. We didn't have that much noise before, so around a forty percent decrease in noise has helped us reduce the amount of hours we have to spend reviewing each vulnerability.
reviewer2753535 - PeerSpot reviewer
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
Integrates security into the development process and improves team collaboration
Veracode helps organizations develop software by reducing the risk of security vulnerabilities through developer enablement and applications focused on governance. You can utilize different levels of processes to achieve better performance or a more scalable service. Since I started working with it in 2022, I’ve found it to be cost-effective as well. Overall, Veracode is a user-friendly security tool. It includes features such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). During the development phase, we can identify vulnerabilities in the application. This process occurs in the staging environment during development. When we're ready to go to production, we conduct a final check. Essentially, this tool helps identify vulnerabilities during the code development stage, including both high-level vulnerabilities and those related to open-source software composition. We utilize specific methodologies for this purpose. Additionally, it offers a feature that allows us to set up policies based on client requirements. This means we can customize the tool to meet the specific needs of our clients, ensuring that they receive the appropriate level of security in their applications. Veracode is user-friendly as well. Compared to other tools, their scans take 15 minutes or under. If you have a large scale of libraries or data, it might take longer, but based on my personal experience, the scan usually runs within fifteen minutes. For my case study using the Veracode tool, I worked on an internal project following industry standards. We used Veracode to improve our security posture and speed up the time to market by streamlining the development process. This enhanced collaboration between developers, operations, and security teams. The automated scanning process helped identify and fix vulnerabilities earlier in the development process. We maintained compliance with regulatory requirements, avoided fines, and built customer trust by integrating security into the development process. When we conduct this scan, we receive data on a list of vulnerabilities. This information improved our communication and increased transparency, which leads to better reports about the efforts being put in. This results in a more effective and efficient collaboration process, making it user-friendly for all involved. When considering costs, if we resort to manual processes, it can be time-consuming. Therefore, we utilize automated scans to identify and fix security issues. This allows us to address vulnerabilities early in the development process, as we discussed previously. This applies both to our in-house code and third-party libraries, using Software Composition Analysis (SCA) agent-based scans. In the future, we will also implement SCA agent-based scans as a separate feature within Veracode, which can help organizations avoid the expensive and time-consuming consequences of security issues. Furthermore, we have seen an increase in compliance, helping to maintain adherence to regulatory requirements and industry standards, thereby avoiding fines and reputational damage associated with noncompliance. Additionally, by integrating security into the development process, we enhance customer trust in our organization and its products.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most beneficial aspect of Cortex Cloud by Palo Alto Networks and Palo Alto in general is that there is a single platform for all cloud providers for securitization."
"Previously with Cortex Cloud by Palo Alto Networks, I deployed this product for one of my customers, and after three to four months, they said that previously they had around four hours of MTTR, and now it has reduced to just 15 to 20 minutes."
"I have absolutely seen improvements in our incident close rates, with mean time to detect and respond reduced significantly, sometimes by at least forty to fifty percent."
"The capabilities of Cortex Cloud by Palo Alto Networks are valuable because it is the best product in the market."
"The AI and automation features in detecting and responding to high-risk threats are impressive; it's one of the best tools regarding AI technology and unifies security in one platform in real-time, improving vulnerability analysis, incident response, and compliance reporting."
"Overall, Cortex Cloud by Palo Alto Networks is a technically strong product, and I rate it ten out of ten."
"The most valuable features I have found in Cortex Cloud by Palo Alto Networks are those that we provided to customers in a stock environment, as we have done some POCs and tried to check how it can help different organizations, and this same solution has been positioned for multiple customers."
"Cortex Cloud by Palo Alto Networks has impacted our organization positively by keeping our machines secure and our team using the dashboard to find issues quickly."
"Ox Security has positively impacted my organization by helping to reduce the amount of noise we received from vulnerabilities because of the prioritization scoring it has and all of the context it provides."
"My point is that Veracode is very good, and I would strongly recommend it."
"Veracode has improved our Application Security program by providing numerous integrations and tools to take our AppSec/DevSecOps to the next level."
"My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople are fabulous."
"The most valuable feature is the seamless automation of Veracode via the pipeline, in comparison to other solutions like Fortify SSC, which are complex to integrate through the pipeline."
"The main feature that I have found valuable is the solution's ability to find issues in static analysis, and additionally, there are plenty of useful tools."
"All the top vulnerabilities are detected, which makes sure all our applications are up-to-date on market threats, and it gives a good workaround process for the developers to secure their code and ensure all our applications are secure."
"This is a product that lives up to its promise, is easy to use, and is predictable."
"The solution is a specialist in SAST that you can rely on, and code scanning is fast with current, updated algorithms."
 

Cons

"As per my experience with Cortex Cloud by Palo Alto Networks, the UI could be simpler."
"In my opinion, Cortex Cloud by Palo Alto Networks can be improved by addressing forensic information collection and storage, although I cannot suggest specific things right now, based on what customers might need."
"From the commercial perspective, we have some limitations because Palo Alto has a minimum number of users of endpoints set at 200, which is quite high for the Italian market."
"Cortex Cloud by Palo Alto Networks is creating some confusion in terms of names because this is recent."
"My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella."
"Cortex Cloud by Palo Alto Networks is not the cheapest solution in the market, but I know that is the best solution for SOC and Cloud once have all tools to connect cloud issues with SOC procedures, because we are partners with T-Systems."
"The pricing is high, making ROI challenging to justify, especially during transitions between solutions."
"Overall, I rate Cortex Cloud by Palo Alto Networks as an eight out of ten. I think that it could improve on price, as I know that the Google solution has the best price, and this is one of the conditions."
"The main pain point I have with Ox Security as a tool is the user interface, which can feel quite complex when navigating large datasets."
"We get some false positives with JavaScript languages like React, TypeScript, and Angular. The problem is rooted in the build process of JavaScript, not the code we are using. This is something we spend lots of time trying to resolve. When we point to a specific library and review that on the code, we can see it is a part of the build that isn't going into production. It's only a part of the build because JavaScript has a different build process."
"The Veracode platform probably hasn't improved our organization overall, although through no fault of theirs."
"I'd like to see an improved component of it work in a DevOps world, where the scanning speed does not impede progress along the AppSec pipeline."
"But the support is a little bit expensive and it could be a little bit better."
"The user interface could be more sleek."
"When we implement a policy, it can be very difficult to locate."
"An area for improvement in Veracode is the time that it takes to scan large projects, as that makes it difficult to fit into our CI/CD pipelines."
"The technical support service has room for improvement."
 

Pricing and Cost Advice

Information not available
Information not available
"Veracode is costly. They have different license models for different customers. What we had was based on the amount of code that has been analyzed. The license that we had was capped to a certain amount, for example, 5 Gig. There would be an extra charge for anything above 5 Gig."
"The cost of Veracode is high."
"There is a fee to scale up the solution which I consider expensive."
"Its pricing is fair."
"For the value we get out of it, coupled with the live defect review sessions, we find it an effective value for the money. We are a larger organization."
"Veracode is one of the more expensive solutions in the market, but it is worth the expense because of the eLearning and the security consultations; everything is included in the license."
"I don't really get too involved in the cost sides of things that's in my job, I'm more of a technical focus, but I have heard from my manager and a couple other people that the solution is quite expensive."
"I'm unfamiliar with the solution's pricing, but it must be worth the cost from a company perspective, as we have been using it for years and have no plans to move away from it."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
903,933 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Construction Company
11%
Financial Services Firm
8%
Outsourcing Company
7%
Financial Services Firm
15%
Manufacturing Company
12%
Computer Software Company
11%
Educational Organization
9%
Financial Services Firm
15%
Manufacturing Company
11%
Computer Software Company
9%
Construction Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise1
Large Enterprise4
No data available
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise46
Large Enterprise114
 

Questions from the Community

What is your experience regarding pricing and costs for Cortex Cloud by Palo Alto Networks?
I am not fully aware of the pricing and licensing of Cortex Cloud by Palo Alto Networks. The pricing is also based on...
What needs improvement with Cortex Cloud by Palo Alto Networks?
In my opinion, Cortex Cloud by Palo Alto Networks could be improved or enhanced in various ways. I don't have an idea...
What is your primary use case for Cortex Cloud by Palo Alto Networks?
The usual use cases for Cortex Cloud by Palo Alto Networks that I have been working with mostly are as simple as dete...
What needs improvement with Ox Security?
The main pain point I have with Ox Security as a tool is the user interface, which can feel quite complex when naviga...
What is your primary use case for Ox Security?
My main use for Ox Security is having a centralized way of aggregating all of the vulnerabilities that I may encounte...
What advice do you have for others considering Ox Security?
My advice to others looking into using Ox Security is that its strength relies on the aggregation of several tools. I...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. Son...
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed Ap...
What is your experience regarding pricing and costs for Veracode Static Analysis?
My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.
 

Also Known As

No data available
No data available
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Static Application Security Testing (SAST). Updated: June 2026.
903,933 professionals have used our research since 2012.