We performed a comparison between Threat Stack Cloud Security Platform and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Container Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Technical support is very helpful."
"We're using it on container to see when activity involving executables happens, and that's great."
"It has been quite helpful to have the daily alerts coming to my email, as well as the Sev 1 Alerts... We just went through a SOX audit and those were pivotal."
"The number-one feature is the monitoring of interactive sessions on our Linux machines. We run an immutable environment, so that nothing is allowed to be changed in production... We're constantly monitoring to make sure that no one is violating that. Threat Stack is what allows us to do that."
"Every other security tool we've looked is good at containers, or at Kubernetes, is good at AWS, or at instance monitoring. But nobody is good at tying all of those things together, and that's really where Threat Stack shines."
"There has been a measurable decrease in the meantime to remediation... because we have so many different tech verticals already collated in one place, our ability to respond is drastically different than it used to be."
"We like the ability of the host security module to monitor the processes running on our servers to help us monitor activity."
"Threat Stack has connectivity."
"It has provided what we were looking for in such an application, meaning static application security testing functionality. That was what we were interested in."
"It gives feedback to developers on the effectiveness of their secure coding practices."
"It is SaaS hosted. That makes it very convenient to use. There is no initial time needed to set up an application. Scanning is a matter of minutes. You just log in, create an application profile, associate a security configuration, and that's about it. It takes 10 minutes to start. The lack of initial lead time or initial overhead to get going is the primary advantage."
"Veracode offers various security features."
"In terms of application security best practices and guidance to our teams, their engineering staff is really excellent. They provide our developers with suggestions and they take those to heart. They've learned from the recommended remediation strategies provided by the Veracode security engineers. That makes all of their future code better."
"What I found most valuable in Veracode Static Analysis is that it categorizes security vulnerabilities."
"One of the valuable features is that it gives us the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important."
"The dashboards and the threat insights it provides are very good. The dashboards are intuitive and pretty straightforward, but also pretty detailed."
"The compliance and governance need improvement."
"Some features do not work as expected."
"The user interface can be a little bit clunky at times... There's a lot of information that needs to be waded through, and the UI just isn't great."
"It shoots back a lot of alerts."
"I would like further support of Windows endpoint agents or the introduction of support for Windows endpoint agents."
"The solution’s ability to consume alerts and data in third-party tools (via APIs and export into S3 buckets) is moderate. They have some work to do in that area... The API does not mimic the features of the UI as far as reporting and pulling data out go. There's a big discrepancy there."
"The one thing that we know they're working on, but we don't have through the tool, is the application layer. As we move to a serverless environment, with AWS Fargate or direct Lambda, that's where Threat Stack does not have the capacity to provide feed. Those are areas that it's blind to now..."
"The API - which has grown quite a bit, so we're still learning it and I can't say whether it still needs improvement - was an area that had been needing it."
"The only notable problem we have had is that when new versions of Swift have come out, we have found Veracode tends to be a bit behind in updates to support the new language changes."
"I would like Veracode to add more language support."
"Veracode should include the feature to run multiple scales at a time."
"The overall reporting structure is complicated, and it's difficult to understand the report."
"Calypso (our application) is large and the results take up to two months. Further, we also have to package Calypso in a special manner to meet size guidelines."
"We tried to create an automatic scanning process for Veracode and integrate it into our billing process, but it was easier to adopt it to repositories based on GIT. Until now, our source control repository was Azure DevOps Server (Microsoft TFS) to managing our resources. This was not something that they supported. It took us some sessions together before we successfully implemented it."
"Veracode's false positives have room for improvement."
"The solution could improve the Dynamic Analysis Security Testing(DAST)."
More Threat Stack Cloud Security Platform Pricing and Cost Advice →
Threat Stack Cloud Security Platform is ranked 30th in Container Security while Veracode is ranked 4th in Container Security with 194 reviews. Threat Stack Cloud Security Platform is rated 8.2, while Veracode is rated 8.2. The top reviewer of Threat Stack Cloud Security Platform writes "SecOps program for us, as a smaller company, is amazing; they know what to look for". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Threat Stack Cloud Security Platform is most compared with Darktrace, AWS GuardDuty, Palo Alto Networks URL Filtering with PAN-DB, Qualys VMDR and Prisma Cloud by Palo Alto Networks, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Threat Stack Cloud Security Platform vs. Veracode report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.