Qualys VMDR and Veracode are competitive products in vulnerability management and application security, respectively. Qualys VMDR holds an advantage in infrastructure vulnerability management with continuous monitoring, while Veracode excels in application code analysis across multiple languages.
Features: Qualys VMDR provides robust vulnerability management with patch management and asset categorization, making it crucial for infrastructure security. It supports continuous monitoring that helps in maintaining real-time visibility. Veracode offers strong static and dynamic code analysis capabilities, allowing deep insight into code vulnerabilities and comprehensive developer training to promote secure coding practices.
Room for Improvement: Qualys VMDR could enhance the simplicity of its user interface and improve reporting capabilities. The complexity of pricing and cloud-only approach may not suit smaller enterprises. Veracode needs to reduce false positives and simplify its user interface further. It could also improve integration with modern tools like microservices frameworks and enhance its dynamic scanning features.
Ease of Deployment and Customer Service: Qualys VMDR provides hybrid and private cloud deployment options which allow for better infrastructure compatibility and is supported by reliable technical assistance. However, there may be response delays. Veracode mainly utilizes a public cloud or on-premises approach, offering excellent customer support with extensive guidance, though the limited on-premises options might pose challenges for flexible deployments.
Pricing and ROI: Qualys VMDR offers various pricing models including per-asset and flexible payments, yet it can be seen as costly, particularly with bundled options. It generally presents significant ROI through effective risk reduction. Veracode's pricing depends on application size and scan type with potential additional costs. It tends to suit larger organizations with its relatively high cost but provides value by significantly improving security posture.
We saw a return on investment through significant savings in time, money, and resources.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
We usually get on calls with tech support, and they are very helpful.
The response time takes a while.
The technical support provided by Qualys is pretty good.
Access to the engineering team is crucial for faster feedback on the product fix process.
I have communicated with the technical support of Veracode a couple of times, and this was a really great experience because these professionals know their material.
They are very responsive and quick to help with queries within our scope.
Scalability depends on the license and the number of assets being monitored.
Qualys VMDR can handle scalability, although increasing the inventory can raise the licensing costs.
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
Implementing these features into our normal CI/CD was good, so I can say that scalability is really good.
If the Veracode server is down, we experience many issues during the scan.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
It does not automate patching unless the patch management module is purchased separately.
If AI features were integrated, it could enhance the capabilities significantly.
They can tweak their UI since the new version seems a bit jumbled up.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
I would rate the pricing between seven to eight out of ten.
I have a notion that Qualys might be more expensive than Rapid7.
Qualys offers better pricing and is feature-packed compared to other tools.
It's not the most expensive solution.
If there's a security gap, you'll never know the cost or effect.
Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode.
The prioritization of vulnerabilities has improved our remediation efforts by around thirty to thirty-five percent.
It impacts my workflow overall, with the patch management features as it has the missing patches listed in detail, making it easier to get a comprehensive report and providing some dashboards that offer visual representation.
Qualys VMDR offers a one-stop solution for monitoring and reporting.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
Vulnerability Management, Detection, and Response (VMDR) is a cornerstone product of the Qualys TruRisk Platform and a global leader in the enterprise-grade vulnerability management (VM) vendor space. With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure their actual risk exposure over time.
Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB), Qualys Patch Management, Custom Assessment and Remediation (CAR), Qualys TotalCloud and other Qualys and non-Qualys solutions to facilitate vulnerability detection and remediation across the entire enterprise.
With VMDR, users are empowered with actionable risk insights that translate vulnerabilities and exploits into optimized remediation actions based on business impact. Qualys customers can now aggregate and orchestrate data from the Qualys Threat Library, 25+ threat intelligence feeds, and third-party security and IT solutions, empowering organizations to measure, communicate, and eliminate risk across on-premises, hybrid, and cloud environments.
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.
What are the key features of Veracode?
What benefits should users consider in Veracode reviews?
Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.
Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
