Red Hat Advanced Cluster Security for Kubernetes vs Veracode comparison

Red Hat Advanced Cluster Se...

Read 200 Veracode reviews

2,835 Views
219 Comparison Views

90% willing to recommend

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 16, 2024

Veracode and Red Hat Advanced Cluster Security for Kubernetes offer security solutions competing in the cybersecurity domain. Veracode appears to have the upper hand in pricing and customer support, while Red Hat Advanced Cluster Security is favored for its extensive features and overall value.

Features: Veracode is recognized for its comprehensive scanning capabilities, integration with various development tools, and competitive pricing. Red Hat Advanced Cluster Security for Kubernetes is distinguished by its robust container security features, deep integration with Kubernetes ecosystems, and an extensive feature set preferred for Kubernetes environments.

Room for Improvement: Users of Veracode desire better reporting capabilities, more customizable dashboards, and enhanced user experience. For Red Hat Advanced Cluster Security, improved documentation, a more intuitive setup process, and addressing complex deployment issues are sought after improvements.

Ease of Deployment and Customer Service: Veracode is highlighted for its straightforward deployment process and responsive customer service. Red Hat Advanced Cluster Security provides excellent support during and after deployment, though it is considered more complex to deploy due to its advanced features.

Pricing and ROI: Veracode is noted for its competitive pricing and clear ROI, making it attractive for cost-conscious businesses. Red Hat Advanced Cluster Security, with a higher initial cost, delivers greater value over time through its advanced feature set, justifying the investment for many users.

To learn more, read our detailed Red Hat Advanced Cluster Security for Kubernetes vs. Veracode Report (Updated: June 2025).

Red Hat Advanced Cluster Security for Kubernetes vs. Veracode

June 2025

Download the complete report

Helped 859,129 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Red Hat Advanced Cluster Se...

Ranking in Container Security

14th

Average Rating

8.2

Reviews Sentiment

7.5

Number of Reviews

Ranking in other categories

No ranking in other categories

Veracode

Ranking in Container Security

8th

Average Rating

8.2

Reviews Sentiment

7.0

Number of Reviews

200

Ranking in other categories

Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)

Mindshare comparison

As of June 2025, in the Container Security category, the mindshare of Red Hat Advanced Cluster Security for Kubernetes is 2.4%, down from 3.0% compared to the previous year. The mindshare of Veracode is 2.5%, down from 2.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Container Security

Featured Reviews

Daniel Stevens

Software Engineer at Galley

Offers easy management and container connection with HTTPS, but the support needs to improve

I have experience with the solution's setup in Rio de Janeiro, Brazil and our company has assisted in the development of a cluster in a research department, but we didn't start from scratch because we have IT professionals who have installed Kubernetes across 12 nodes of a cluster and a new environment can be created for a new platform. I also had another setup experience of Red Hat Advanced Cluster Security for Kubernetes in Portugal where I had to implement the solution in a cluster of 22 computer servers, which was completed with assistance from the IT department of the company. The initial setup process of the solution can be considered as difficult. The setup process involves using the permissions, subnets and range of IPs, which makes it complex. Deploying Red Hat Advanced Cluster Security for Kubernetes takes around eight to ten hours for new clusters. The solution's deployment can be divided into three parts. The first part involves OpenStack, where the cluster's resources need to be identified. The second part involves virtualizing assets and identifying other physical assets, for which OpenStack, Kubernetes, or OpenShift are used. The third part of the deployment involves dividing the networks into subnetworks and implementing automation to deploy the microservices using Helm. The number of professionals required for the solution's deployment depends upon the presence of automated scripts. Ideally, two or three professionals are required to set up Red Hat Advanced Cluster Security for Kubernetes.

Read full review

David-Robertson

Director Enterprise Architecture at Exeter Finance Corp.

Static scanning and software composition analysis are very helpful, but the usability needs improvement

Static scanning and software composition analysis are very helpful. My colleagues and I don't need to be experts on all of those ancillary things, so we can focus more on the business deliverables. They have a pretty good tool that allows me to run scans of my local integrated development environment. I can find a lot of those flaws a lot sooner than I would if I had to wait for these cloud-based scans. They've come out with some sort of automated fix feature. I haven't used it, but they gave us a demo of it, and that one looks promising. I don't know if it's ready for prime time yet.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most beneficial security feature of the product revolves around the areas of vulnerability and configuration."

"The technical support is good."

"I like virtualization and all those tools that come with OpenShift. I also like Advanced Cluster Management and the built-in security."

"Offers easy management with authentication and authorization features"

"It is easy to install and manage."

"One of the most valuable features I found was the ability of this solution to map the network and show you the communication between your containers and your different nodes."

"Segmentation is the most powerful feature."

"The benefit of working with the solution is the fact that it's very straightforward...It is a perfectly stable product since the details are very accurate."

More Red Hat Advanced Cluster Security for Kubernetes pros

"The solution is a specialist in SAST that you can rely on. Code scanning is fast with current, updated algorithms."

"The most valuable feature is the seamless automation of Veracode via the pipeline, in comparison to other solutions like Fortify SSC, which are complex to integrate through the pipeline."

"One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable."

"Static code scanning is the most valuable feature."

"Veracode provides visibility into application status at every phase of development through static analysis."

"Veracode Fix is a new feature that functions similarly to auto-remediation for low or medium flaw codes."

"The best feature of Veracode is that we can do static and dynamic scans."

"Using an automated tool brings cost reduction and more security."

More Veracode pros

Cons

"The documentation about Red Hat Advanced Cluster Security available online is very limited... So it's very limited to the documentation."

"The solution lacks features when compared to some of the competitors such as Prisma Cloud by Palo Alto Networks and has room for improvement."

"They're trying to convert it to the platform as a source. They are moving in the direction of Cloud Foundry so it can be easier for a developer to deploy it."

"I do see that some features associated with the IAST part are not included in the tool, making it an area where improvements are required."

"The deprecation of APIs is a concern since the deprecation of APIs will cause issues for us every time we upgrade."

"The tool's command line and configuration are hard for us to understand and make deployment complex. It should also include zero trust, access control features and database connectivity."

"The solution's visibility and vulnerability prevention should be improved."

"Red Hat is somewhat expensive."

More Red Hat Advanced Cluster Security for Kubernetes cons

"Calypso (our application) is large and the results take up to two months. Further, we also have to package Calypso in a special manner to meet size guidelines."

"The user interface can sometimes be a little challenging to work with, and they seem to be changing their algorithm on what is an issue. I understand why they do it, but it sometimes causes more work on our end."

"The scanning process for records could be faster and there is room for improvement in Veracode's performance."

"I do expect large applications with millions of lines of code to take a while, but it would be nice if there was a possibility to be able to have a baseline initial scan. I know that Veracode touts that there are Pipeline Scans that are supposed to take 90 seconds or less, and we've tried to do that ourselves with our ERP application. However, it actually times out after two hours of scanning. If the static scan itself or another option to run a lower tier scan can be integrated earlier on into our SDLC, it would be great. Right now, it takes so long that we usually leave it till a bit later in the cycle, whereas if it ran faster, we could push it to the time when a developer will be checking in code. That would make us feel a lot more confident that we'd be able to catch things almost instantaneously."

"From the usability perspective, it is not up to date with the latest trends. It looks very old. Tools such as Datadog, New Relic, or infrastructure security tools, such as AWS Cloud, seem very user-friendly. They are completely web-based, and you can navigate through them pretty quickly, whereas Veracode is very rigid. It is like an old-school enterprise application. It does the job, but they need to invest a little more on the usability front."

"We would like a way to mark entire modules as "safe." The lack of this feature hasn't stopped us previously, it just makes our task more tedious at times. That kind of feature would save us time."

"In the last month or so, I had a problem with the APIs when doing some implementations. The Veracode support team could be more specific and give me more examples. They shouldn't just copy the URL for a doc and send it to me."

"It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount."

More Veracode cons

Pricing and Cost Advice

"We purchase a yearly basis license for the solution."

"The price of Red Hat Advanced Cluster Security for Kubernetes is better than Palo Alto Prisma."

"It's a costly solution"

"The pricing model is moderate, meaning it is not very expensive."

"Red Hat offers two pricing options for their solution: a separate price, and a bundled price under the OpenShift Platform Plus."

"The licensing cost for Veracode is fair."

"Compared to the typical software composition analysis solutions, Veracode is not so costly, although the static analysis part of it is a little costlier."

"The price of Veracode Static Analysis is on the higher side."

"The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."

"Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."

"Veracode is costly. They have different license models for different customers. What we had was based on the amount of code that has been analyzed. The license that we had was capped to a certain amount, for example, 5 Gig. There would be an extra charge for anything above 5 Gig."

"I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good."

"The price of Veracode Static Analysis is expensive. There is an annual fee to use the solution and the company is upfront with the pricing model and fees."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Container Security solutions are best for your needs.

See recommendations

859,129 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

25%

Computer Software Company

12%

Government

10%

Manufacturing Company

Computer Software Company

17%

Financial Services Firm

16%

Manufacturing Company

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Red Hat Advanced Cluster Security for Kubernetes?

I like virtualization and all those tools that come with OpenShift. I also like Advanced Cluster Management and the built-in security.

What needs improvement with Red Hat Advanced Cluster Security for Kubernetes?

From an improvement perspective, I would like to create new policies in the tool, especially if it is deployed for the prevention part, but currently, we need to do it manually. I hear that Palo Al...

What is your primary use case for Red Hat Advanced Cluster Security for Kubernetes?

I use the solution in my company for vulnerability management, configuration management, compliance, safety handling, and everything else.

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

What do you like most about Veracode?

The SAST and DAST modules are great.

What is your experience regarding pricing and costs for Veracode?

The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.

Prisma Cloud by Palo Alto Networks vs Red Hat Advanced Cluster Security for Kubernetes

Comparisons

Compared 22% of the time

SUSE NeuVector vs Red Hat Advanced Cluster Security for Kubernetes

Compared 12% of the time

Aqua Cloud Security Platform vs Red Hat Advanced Cluster Security for Kubernetes

Compared 9% of the time

CrowdStrike Falcon Cloud Security vs Red Hat Advanced Cluster Security for Kubernetes

Compared 8% of the time

Sysdig Secure vs Red Hat Advanced Cluster Security for Kubernetes

Compared 6% of the time

More Red Hat Advanced Cluster Security for Kubernetes Competitors

SonarQube Server (formerly SonarQube) vs Veracode

Compared 18% of the time

Checkmarx One vs Veracode

Compared 10% of the time

GitHub Advanced Security vs Veracode

Compared 7% of the time

OpenText Core Application Security vs Veracode

Compared 5% of the time

Snyk vs Veracode

Compared 4% of the time

More Veracode Competitors

Product Reports

Red Hat Advanced Cluster Security for Kubernetes

June 2025

Red Hat Advanced Cluster Security for Kubernetes report

Download Red Hat Advanced Cluster Security for Kubernetes product report

Download Veracode product report

May 2025

Also Known As

StackRox

Crashtest Security , Veracode Detect

Overview

Red Hat Advanced Cluster Security for Kubernetes is a Kubernetes-native container security solution that enables your organization to more securely build, deploy, and run cloud-native applications from anywhere. With its built-in security across the entire software development life cycle, you can lower your operational costs, reduce operational risk, and increase developer productivity while improving your security posture immediately. In addition, Red Hat Advanced Cluster Security integrates with security tools and DevOps in an effort to help you mitigate threats and enforce security policies that minimize operational risk to your applications. It also enables you to provide developers with actionable, context-rich guidelines integrated into existing workflows, along with tooling to support developer productivity. The solution is suitable for small, medium, and large-sized companies.

Red Hat Advanced Cluster Security for Kubernetes Features

Red Hat Advanced Cluster Security for Kubernetes has many valuable key features. Some of the most useful ones include:

Vulnerability management: With the Red Hat Advanced Cluster Security for Kubernetes solution, you gain full visibility into your entire cloud-native landscape. The solution makes it possible for your organization to identify and remediate vulnerabilities in Kubernetes configurations and container images, as well as running applications. It also enables you to provide developers with clear and prioritized guidance on fixable vulnerabilities.

Configuration management: The solution makes configuration management easy. To identify missed best practices, you can understand how images, containers, and deployments are configured prior to running. It also allows you to leverage Kubernetes-native capabilities - like admission controllers - to prevent misconfigured workloads from deploying or running.

Compliance: Using Red Hat Advanced Cluster Security for Kubernetes helps you manage compliance with standard-specific checks across CIS Benchmarks, NIST, PCI, and HIPAA, with more than 300 controls and continuous compliance assessments and one-click audit reporting.

Network segmentation: The solution enables you to enforce network policies by using the native capabilities in Kubernetes. You can simulate new policies, visualize existing ones, generate updated YAML files, and apply them directly to Kubernetes.

Multifactor risk profiling: With Red Hat Advanced Cluster Security for Kubernetes, you can use risk rankings by combining vulnerability (CVE) details with rich Kubernetes context and artifact data. This allows you to assess and prioritize risk across your entire environment. In turn, you can accelerate remediation times and productivity.

Threat detection and incident response: By combining custom policies, process allow lists, application and network baselines, and behavioral modeling to identify anomalous behavior, the solution enables you to protect your applications at runtime. You can then leverage Kubernetes-native enforcement capabilities to respond.

Red Hat Advanced Cluster Security for Kubernetes Benefits

There are many benefits to implementing Red Hat Advanced Cluster Security for Kubernetes. Some of the biggest advantages the solution offers include:

Increases protection, scalability, and portability.
Eliminates blind spots.
Reduces time and costs.
Reduces the effort needed to implement security.
Streamlines security analysis, investigation, and remediation by using the rich context Kubernetes provides.
Provides scalability and resiliency native to Kubernetes

Reviews from Real Users

PeerSpot user Igor K., Owner/Full Stack Software Engineer at Maraphonic, Inc., says, “The solution allows teams to create their own virtual spaces and share resources. The most valuable feature is the ability to share resources.”

Red Hat

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Sample Customers

City National Bank, U.S. Department of Homeland Security

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.