Tenable.io Container Security vs Veracode comparison

Tenable.io Container Security

Read 202 Veracode reviews

21,023 Views
2,733 Comparison Views

89% willing to recommend

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 16, 2024

Veracode and Tenable.io Container Security compete in the application security domain, where Tenable.io Container Security seems to have the upper hand due to its advanced features and specialized container security capabilities.

Features: Veracode users value its comprehensive code analysis, security flaw detection, and in-depth code scanning. Tenable.io Container Security offers thorough container vulnerability assessments, integrations with CI/CD pipelines, and specialized container security features.

Room for Improvement: Veracode users suggest enhancements in reporting, better integrations with development tools, and improved scan speed. Tenable.io Container Security users want improvements in performance, a more streamlined setup process, and enhanced user interface.

Ease of Deployment and Customer Service: Veracode is praised for its straightforward deployment and robust customer support. Tenable.io Container Security receives mixed reviews on deployment, with some users finding it complex, but it is noted for responsive customer service.

Pricing and ROI: Veracode is noted for its competitive pricing and solid ROI, making it a cost-effective option for many users. Tenable.io Container Security, despite higher costs, is seen as offering good ROI due to its comprehensive container security features.

To learn more, read our detailed Tenable.io Container Security vs. Veracode Report (Updated: July 2025).

Tenable.io Container Security vs. Veracode

July 2025

Download the complete report

Helped 862,624 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Tenable.io Container Security

Ranking in Container Security

24th

Average Rating

8.0

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

No ranking in other categories

Veracode

Ranking in Container Security

8th

Average Rating

8.0

Reviews Sentiment

7.0

Number of Reviews

202

Ranking in other categories

Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)

Mindshare comparison

As of July 2025, in the Container Security category, the mindshare of Tenable.io Container Security is 1.1%, down from 1.5% compared to the previous year. The mindshare of Veracode is 2.4%, down from 2.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Container Security

Featured Reviews

Jahanzeb Feroze Khan

Assistant Manager Network Security at Institute of Business Administration, Karachi

Improves organizational security with features like scanning, reporting, and troubleshooting

Tenable.io Container Security has improved our security. The tool's most valuable feature is scanning, reporting, and troubleshooting. Tenable.io Container Security should improve integration modules. It should also improve stability. I have been working with the product for two years. I…

Read full review

Sajal Sharma

Test Analyst - Security at Net solutions India Pvt.

Offers shift-left security strategy and helps us with the latest security configurations, OWASP standards, and SAST standards

It's robustness is the main benefit to the organization. As it gets upgraded with time, it also improves the coverage – security configuration coverages and vulnerability coverages. It also updates itself with the latest known vulnerabilities that are uploaded to the NVD, OWASP, or other databases. So it gets upgraded itself with that. And so with each upgrade, it gets better and better. The solution offers the ability to prevent vulnerable code from going into production. It provides us with a report containing multiple remediations and mitigations for each vulnerability. For example, if it finds a cross-site scripting vulnerability, it will also include references like CWE and CVE records, instructions on how to fix it, and the specific line of code or module where the vulnerability is present. This helps us fix the issues accordingly. I'm a penetration tester and DevSecOps engineer. I evaluate the findings, mark false positives, and manually exploit vulnerabilities if they exist. If we need further clarification, we raise a ticket with the Veracode team and get consultancy from them. We are a software development team. If we find a vulnerability, I exploit it and come back with the best possible mitigation, and the dev team fixes it. If we use Veracode Fix, it might use third-party implementations or make changes we aren't aware of. We need to be very aware of what our application is using internally. It should be known to us. As per my experience, the solution's policy reporting ensures compliance with industry standards. It comes with multiple features. I get the most out of it, and it's good. The solution provides visibility into application status at every phase of development. Like static analysis, dynamic analysis, software composition, and manual penetration tests - throughout the SDLC We have a pipeline that I maintain. I use the Veracode API account and have integrated it with AWS and our Jenkins pipeline. We use Snyk for SCA and Veracode for SAST scanning. At the earliest stage of the build, the SAST scan runs along with the JS and PHP files. It provides us with reports, which are then handed over to the other tools we depend on. If I validate the report or check the Veracode dashboard and find vulnerabilities, I mark them as false positives or existing issues. We work on multiple projects, but the one I'm handling these days only uses Veracode for SAST. It's been about one and a half years since I've been working with Veracode and this project. It is quite impressive. There are some things Veracode cannot find, like code obfuscations inside the code and some insecure randoms. Sometimes, it misses those flaws. But overall, if I compare it with other tools, it is better. I will definitely recommend others to use this tool. We run the scan before each deployment. If the dev team builds a new module or something, we scan it along with all the files. If we find anything, we get it fixed. That's how it works. Veracode is quite important to the organization's shift-left security strategy because we make a scan for each deployment. Sometimes, if I think we need to perform a shift-left, I just make a scan before deployment and check for any misconfiguration or vulnerability in the code.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Tenable.io detects misconfiguration when you deploy a Docker or Kubernetes container. It's much better to remedy these issues during deployment instead of waiting until the container is already in the production environment."

"The strong security provided by the product in the container environment is its most valuable feature."

"Nessus scanner is very effective for internal penetration testing."

"It is a scalable solution. Scalability-wise, it is a good solution."

"Currently, I haven't implemented the solution due to its deprecation by the site. However, I can highlight some benefits of Tenable Cloud Security, a cybersecurity solution with various features for scanning vulnerabilities in both cloud environments and on-premises container security."

"The tool's most valuable feature is scanning, reporting, and troubleshooting."

"It helps us secure our applications from the build phase and identify the weaknesses from scratch."

"The solution shows you the exploitable vulnerabilities and helps you prioritize."

"With the pipeline scanner, it's easier for developers to scan their products, as they don't have to export anything from their computers. They can do everything with the command line on their computer."

"The most important feature is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client... Dynamic scanning actually hits our Web applications, to try to detect any well known Web application vulnerabilities as well."

"We use Veracode static analysis during development to eliminate vulnerability issues"

"The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities."

"In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application."

"Veracode is a valuable tool in our secure SDLC process."

"The static analysis gives you deep insights into problems."

"The integration capabilities with our existing development tools are very good."

More Veracode pros

Cons

"I feel that in certain areas this product has false positives which the company should work on. They should also try to include business logic vulnerabilities in the scanner testing. Finally, the vulnerability assessment feature should be increased to other hardware devices, apart from firewalls."

"They need to work on auto-remediation so it's easier for the security team to act quickly when certain assets or resources are deployed. The latest version has a CIS benchmark that you need to meet for containers in the cloud, but more automation is needed."

"Tenable.io Container Security should improve integration modules. It should also improve stability."

"The initial setup is highly complex."

"The support is tricky to reach, so we would like better-oriented technical support enabled."

"The stability and setup phase of the product are areas with shortcomings where improvements are needed."

"The solution’s pricing could be improved."

"I believe integration plays a crucial role for Tenable, particularly in terms of connecting with other products and various container solutions like Docker or Kubernetes. It seems that in future updates, enhanced integration is something I would appreciate. Currently, there is integration with Docker, but when it comes to Kubernetes or other container solutions, it appears to be a challenge, especially with on-prem scanners."

"There is room for improvement in documentation."

"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."

"I would like Veracode to add more language support."

"It can be a bit complex because it takes a lot of time to have it complete the task."

"The scanning on the UI portion of our applications is straightforward, but folks were having challenges with scans that involved microservices. They had to rope in an expert to have it sorted."

"If Veracode was more diversified, as far as the number of platforms and the number of applications it could do in our favor, we would be using it even more. But there are a number of platforms it doesn't support. For example, I know they support C+, .NET, and Java, but there are certain platforms they don't support and that was disappointing."

"Raw file scans and dynamic scans would be an improvement, instead of dealing with code binaries."

"I would like Veracode to also have the ability to fix these flaws in a future release."

More Veracode cons

Pricing and Cost Advice

"It's best to be an institutional buyer and directly contact the sales team as they can provide over-the-top discounts for bulk orders."

"The solution's pricing is neither cheap nor very expensive."

"The product does not operate on a pay-per-license model."

"I rate the tool's pricing a three out of ten."

"I rate the product’s pricing a six out of ten."

"The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."

"The product’s price is a bit higher compared to other solutions."

"It is expensive. It depends on the use case, but it is very hard to find a pricing page on their website. Instead, they need to analyze your use case, but without knowing the entire project and how you're going to be using Veracode, how many scans you're going to do, if yours is a small business, it is very expensive and it affects ROI."

"The pricing is really fair compared to a lot of other tools on the market."

"The cost of scanning code is cheaper. It's typically $0.50 per line of code. However, it's expensive to run a high-level process that would normally require a human security expert. For example, penetration testing costs about $1,000 per application for penetration testing. The cost of these features may be too high for smaller organizations. On the other hand, Veracode's interactive application security testing is fast and cheaper compared to other software."

"Get a license at the beginning of a project. Don't wait until the end, because you want to use the product throughout the entire software development lifecycle, not just at the end. You could be surprised, and not in a positive way, with all the vulnerabilities there are in your code."

"Veracode's price is high. I would like them to better optimize their pricing."

"I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Container Security solutions are best for your needs.

See recommendations

862,624 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

16%

Government

11%

Manufacturing Company

11%

Computer Software Company

16%

Financial Services Firm

16%

Manufacturing Company

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Tenable.io Container Security?

The tool's most valuable feature is scanning, reporting, and troubleshooting.

What is your experience regarding pricing and costs for Tenable.io Container Security?

The solution's pricing is neither cheap nor very expensive.

What needs improvement with Tenable.io Container Security?

The solution’s pricing could be improved.

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

What do you like most about Veracode?

The SAST and DAST modules are great.

What is your experience regarding pricing and costs for Veracode?

The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.

Trivy vs Tenable.io Container Security

Comparisons

Compared 26% of the time

Red Hat Advanced Cluster Security for Kubernetes vs Tenable.io Container Security

Compared 12% of the time

Prisma Cloud by Palo Alto Networks vs Tenable.io Container Security

Compared 10% of the time

Azure Kubernetes Service (AKS) vs Tenable.io Container Security

Compared 10% of the time

Qualys VMDR vs Tenable.io Container Security

Compared 7% of the time

More Tenable.io Container Security Competitors

SonarQube Server (formerly SonarQube) vs Veracode

Compared 18% of the time

Checkmarx One vs Veracode

Compared 10% of the time

GitHub Advanced Security vs Veracode

Compared 7% of the time

OpenText Core Application Security vs Veracode

Compared 4% of the time

Snyk vs Veracode

Compared 4% of the time

More Veracode Competitors

Product Reports

Download Tenable.io Container Security product report

Container Security

June 2025

Download Veracode product report

June 2025

Also Known As

Tenable FlawCheck, FlawCheck

Crashtest Security , Veracode Detect

Overview

Tenable.io Container Security is a container security platform that delivers end-to-end visibility of Docker container images, providing vulnerability assessment, malware detection, and policy enforcement before and after deployment. It also integrates into your DevOps pipeline to eliminate security blind spots without slowing down software development. In addition, Tenable.io Container Security provides proactive visibility and security so your organization can solve the security challenges of containers at the speed of DevOps.

Tenable.io Container Security Features

Tenable.io Container Security has many valuable key features. Some of the most useful ones include:

Dashboard visibility: With Tenable.io Container Security, IT security managers gain at-a-glance visibility into container image inventory as well as security. Security teams can view vulnerability, malware, and other security data for all container images, and the distribution of vulnerabilities across images by CVSS score and risk level. The product also shows each image’s OS, OS version, and architecture.

Malware protection: The Tenable.io Container Security solution is unique because it is one of the only container security solutions that assesses container image source code for malware. It is designed with a custom-built malware detection engine to help ensure images are malware-free and to analyze container image source code.

Policy enforcement: If an image is created that exceeds the organization’s risk threshold, Tenable.io Container Security notifies developers immediately, with layer-specific information provided to help remediate issues rapidly. In addition, when using the solution, policy violations can trigger alerting or can optionally block specific images from being deployed. Policies can be applied globally or only to images in specific repositories.

Image syncing from third-party registries: The solution helps your organization gain instant insight into container security risks by synchronizing your existing registry images into Tenable.io Container Security. It integrates with Docker Registry, Docker Trusted Registry, JFrog Artifactory and Amazon EC2 Container Registry.

DevOps toolchain integration: In DevOps environments, Tenable.io Container Security can embed security testing into the software development tooling without blocking or disrupting existing software workflows or development processes.

Tenable.io Container Security Benefits

There are many benefits to implementing Tenable.io Container Security. Some of the biggest advantages the solution offers include:

Accurate, in-depth visibility: The platform helps you understand the individual layers of container images so you can gain an accurate view of cyber risk, reduce false positives, and provide detailed remediation guidance.

Securely accelerate DevOps: With Tenable.io Container Security, you can assess container images for vulnerabilities and malware as fast as 30 seconds from within the DevOps toolchain to avoid slowing down code velocity.

Enforce security policies: Tenable.io Container Security works to block new container builds that exceed your organizational risk thresholds to ensure containers are compliant with your security policies prior to deployment.

Decrease remediation costs: Tenable.io Container Security can help your organization dramatically reduce remediation costs by discovering and fixing software defects during development before application release.

Protect running containers: By implementing Tenable.io Container Security, you can gain visibility into running containers, which helps you to detect new vulnerabilities and security issues that may show up after deployment.

Tenable

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Sample Customers

ServiceMaster

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.