We performed a comparison between Tenable.io Container Security and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Container Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It helps us secure our applications from the build phase and identify the weaknesses from scratch."
"Tenable.io detects misconfiguration when you deploy a Docker or Kubernetes container. It's much better to remedy these issues during deployment instead of waiting until the container is already in the production environment."
"The strong security provided by the product in the container environment is its most valuable feature."
"Nessus scanner is very effective for internal penetration testing."
"The tool's most valuable feature is scanning, reporting, and troubleshooting."
"It is a scalable solution. Scalability-wise, it is a good solution."
"Currently, I haven't implemented the solution due to its deprecation by the site. However, I can highlight some benefits of Tenable Cloud Security, a cybersecurity solution with various features for scanning vulnerabilities in both cloud environments and on-premises container security."
"I like Veracode's ease of integration with various cloud platforms and tools."
"Good static analysis and dynamic analysis."
"The ability on static scans to be able to do sandbox scans which do not generate metrics."
"Vulnerability Management and mitigation recommendations help with resolution of issues found, prior to deployment to production."
"In terms of application security best practices and guidance to our teams, their engineering staff is really excellent. They provide our developers with suggestions and they take those to heart. They've learned from the recommended remediation strategies provided by the Veracode security engineers. That makes all of their future code better."
"The best feature of Veracode is that we can do static and dynamic scans."
"The CSCA vulnerability scanning is useful."
"The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA."
"Tenable.io Container Security should improve integration modules. It should also improve stability."
"The support is tricky to reach, so we would like better-oriented technical support enabled."
"They need to work on auto-remediation so it's easier for the security team to act quickly when certain assets or resources are deployed. The latest version has a CIS benchmark that you need to meet for containers in the cloud, but more automation is needed."
"The stability and setup phase of the product are areas with shortcomings where improvements are needed."
"The initial setup is highly complex."
"I feel that in certain areas this product has false positives which the company should work on. They should also try to include business logic vulnerabilities in the scanner testing. Finally, the vulnerability assessment feature should be increased to other hardware devices, apart from firewalls."
"I believe integration plays a crucial role for Tenable, particularly in terms of connecting with other products and various container solutions like Docker or Kubernetes. It seems that in future updates, enhanced integration is something I would appreciate. Currently, there is integration with Docker, but when it comes to Kubernetes or other container solutions, it appears to be a challenge, especially with on-prem scanners."
"We have some constraints interacting with Veracode self-support. I'm not talking about their technical support. I'm talking about self-support. We sometimes have a hard time communicating with them."
"All areas of the solution could use some improvement."
"Static scanning takes a long time, so you need to patiently wait for the scan to achieve. I also think the software could be more accurate. It isn't 100 percent, so you shouldn't completely rely on Veracode. You need to manually verify its findings."
"It can be a bit complex because it takes a lot of time to have it complete the task."
"Once your report has been generated, you need to review the report with consultation team, especially if it is too detailed on the development side or regarding the language. Then, you need some professional help from their end to help you understand whatever has been identified. Scheduling consultation takes a longer time. So, if you are running multiple reports at the same time, then you need to schedule a multiple consultation times with one of their developers. There are few developers on their end who work can work with your developers, and their schedules are very tight."
"Sometimes we get a lot of false positives even after configuring our policies, so that could be improved."
"The zip file scanning has room for improvement."
"If Veracode was more diversified, as far as the number of platforms and the number of applications it could do in our favor, we would be using it even more. But there are a number of platforms it doesn't support. For example, I know they support C+, .NET, and Java, but there are certain platforms they don't support and that was disappointing."
More Tenable.io Container Security Pricing and Cost Advice →
Tenable.io Container Security is ranked 21st in Container Security with 7 reviews while Veracode is ranked 4th in Container Security with 194 reviews. Tenable.io Container Security is rated 7.8, while Veracode is rated 8.2. The top reviewer of Tenable.io Container Security writes "It helps you catch misconfigurations before they go into a production environment where they're harder to deal with". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Tenable.io Container Security is most compared with Prisma Cloud by Palo Alto Networks, Aqua Cloud Security Platform, Wiz, Trivy and Red Hat Advanced Cluster Security for Kubernetes, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Tenable.io Container Security vs. Veracode report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.