I prefer Wiz over Veracode for its user-friendly interface, robust security features, seamless integration, and excellent customer support. Wiz also offers more customization options, clearer instructions for new users, and faster response times, enhancing the overall user experience.
Based on user reviews, Veracode is preferred over GitLab for its comprehensive security testing capabilities, accurate vulnerability detection, and reliable reporting. Users appreciate Veracode's prompt and knowledgeable customer support, although there is room for improvement. The deployment process of Veracode is manageable, with varying experiences among users. The pricing of Veracode is considered reasonable by some, while others find it expensive. Veracode provides a valuable investment in security with a positive impact on organizations, contributing to increased sales and retention rates.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security.
I believe pricing is better compared to other commercial tools.
The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security.
I believe pricing is better compared to other commercial tools.
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price.
The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.
We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price.
The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.
OWASP Zap is a powerful tool used for security and vulnerability testing of applications. Its primary use case includes scanning pipelines, dynamic testing, penetration testing, and vulnerability scanning. OWASP Zap's most valuable functionality is its ability to scan and fix vulnerabilities, provide clear explanations in reports, and discover more vulnerabilities compared to other tools. It helps organizations by improving application security, reducing the need for external testers, and strengthening overall security.
It is highly recommended as it is an open source tool.
It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy.
It is highly recommended as it is an open source tool.
It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy.
Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.
We used the one-time application, Security Scan Dynamic. I believe the original fee was $8,000.
Buying a license would be feasible for regular use. For intermittent use, the cloud-based option can be used (Fortify on Demand).
We used the one-time application, Security Scan Dynamic. I believe the original fee was $8,000.
Buying a license would be feasible for regular use. For intermittent use, the cloud-based option can be used (Fortify on Demand).
Tech buyers may choose Veracode for its comprehensive security analysis and competitive pricing structure. In comparison, Sonatype Lifecycle offers detailed component intelligence and policy enforcement, making it ideal for those prioritizing rich features and detailed insights into open-source dependencies.
Trivy is used for scanning vulnerabilities in Docker images, Kubernetes clusters, and repositories, ensuring compliance and security standards. Users appreciate its efficiency, quick insights, and ease of integration with CI/CD pipelines. Many highlight its comprehensive scanning capabilities, speed, user-friendly command-line experience, and open-source nature with active community support.
Trivy is an open-source product.
Trivy is an open-source product.
Users utilize Semgrep for identifying security vulnerabilities, enforcing coding standards, and detecting bugs. Its customizable rules, seamless CI/CD integration, and quick scanning are appreciated. Although some find it slow with large codebases and complex patterns, its language-agnostic capabilities, lightweight performance, and comprehensive documentation stand out despite a steep learning curve.
Polaris Software Integrity Platform is an integrated, cloud-based application security testing solution optimized for the needs of development and DevSecOps teams.
Polaris brings our market-leading security analysis engines together in a unified platform, giving you the flexibility to run different tests at different times based on application, project, schedule, or SDLC events.
Cycode secures code throughout the development lifecycle by automating security standards and detecting misconfigurations in repositories. It addresses code scanning, fixes vulnerabilities, monitors insider threats, and secures CI/CD pipelines. Valued for robust security, efficient code scanning, integration with development tools, compliance checks, and detailed reports. Enhanced integration capabilities and clearer documentation needed.
