Veracode and Wiz have both received positive feedback on customer service and support. Wiz users have consistently praised data security and exposure prevention capabilities. Veracode users have found the pricing to be a key consideration, while Wiz users have focused on the ROI achieved. Both platforms have areas for improvement highlighted by users, with Veracode users mentioning the need for customizable reporting features, and Wiz users suggesting enhancements to advanced analytics tools.
The summary above is based on 190 interviews we conducted recently with Veracode and Wiz users. To access the review's full transcripts, download our report.
"PingSafe offers comprehensive security posture management."
"The cloud misconfiguration is the most valuable feature."
"We noted immediate benefits from using the solution."
"We like PingSafe's vulnerability assessment and management features, and its vulnerability databases."
"PingSafe can integrate all your cloud accounts and resources you create in the AWS account, We have set it up to scan the AWS transfer services, EC2, security groups, and GitHub."
"It's positively affected the communication between cloud security, application developers, and AppSec teams."
"It is pretty easy to integrate with this platform. When properly integrated, it monitors end-to-end."
"When creating cloud infrastructure, Cloud Native Security evaluates the cloud security parameters and how they will impact the organization's risk. It lets us know whether our security parameter conforms to international industry standards. It alerts us about anything that increases our risk, so we can address those vulnerabilities and prevent attacks."
"The feature I like most in Veracode is that it clearly specifies the line in the entire file where a vulnerability is found."
"It has almost completely eliminated the presence of SQLi vulnerabilities."
"Ours is a Java-based application and Veracode can detect vulnerabilities in both Angular, which is used for the UI, and also in the backend code, which includes APIs and microservices."
"Static Scanning is the most valuable feature of Veracode."
"The source composition analysis had very good reporting."
"Veracode's most valuable aspect is continuous integration. It helps us integrate with other applications so that it can monitor the security process."
"It has an easy-to-use interface."
"It is SaaS hosted. That makes it very convenient to use. There is no initial time needed to set up an application. Scanning is a matter of minutes. You just log in, create an application profile, associate a security configuration, and that's about it. It takes 10 minutes to start. The lack of initial lead time or initial overhead to get going is the primary advantage."
"With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment."
"The security baseline and vulnerability assessments is the valuable feature."
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"The first thing that stood out was the ease of installation and the quick value we got out of the solution."
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."
"Customized queries should be made easier to improve PingSafe."
"I would like PingSafe to add real-time detection of vulnerabilities and cloud misconfigurations."
"The categorization of the results from the vulnerability assessment could be improved."
"I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes."
"There is room for improvement in the current active licensing model for PingSafe."
"We use PingSafe and also SentinelOne. If PingSafe integrated some of the endpoint security features of SentinelOne, it would be the perfect one-stop solution for everything. We wouldn't need to switch between the products. At my organization, I am responsible for endpoint security and vulnerability management. Integrating both functions into one application would be ideal because I could see all the alerts, heat maps, and reports in one console."
"The recommended actions aren't always specific, so it might suggest recommendations that don't apply to the particular infrastructure code I'm reviewing."
"We had a glitch in PingSafe where it fed us false positives in the past."
"The number of false positives could be reduced a lot. For each good result, we are getting somewhere around 15 to 20 false positives."
"If the dynamic scan is improved, then the speed might go up. That is somehow not happening. We have raised this concern. It might also help if they could time limit scans to 24 hours instead of letting them go for three days. Then, whatever results could be shared, even if the scan is not complete, that would definitely help us."
"The scanning is a little slow, but other than that it's fine. It's usually when the binaries get up into the multi-hundred megabyte size."
"An area for improvement I found in Veracode is the connectivity because currently, my company uses a plugin for the dev-ops cloud-based connectivity. A pretty helpful feature would be if Veracode gives a direct code for connecting to the Oracle server directly and authenticating it via a unique server."
"I've found that Veracode is not particularly suitable for Dynamic Application Security Testing."
"It can take time to find options if you don’t use the interface a lot. At some point, a bit of interface restyling may help."
"The security labs integration has room for improvement."
"The user interface can sometimes be a little challenging to work with, and they seem to be changing their algorithm on what is an issue. I understand why they do it, but it sometimes causes more work on our end."
"The solution's container security could be improved."
"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
"Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes."
"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."
"One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging."
"The only thing that needs to be improved is the number of scans per day."
"The remediation workflow within the Wiz could be improved."
"Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
Veracode is ranked 4th in Container Security with 194 reviews while Wiz is ranked 2nd in Container Security with 12 reviews. Veracode is rated 8.2, while Wiz is rated 9.2. The top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". On the other hand, the top reviewer of Wiz writes "Multiple features help us prioritize remediation, and agentless implementation reduces overhead". Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer, whereas Wiz is most compared with Prisma Cloud by Palo Alto Networks, Orca Security, Microsoft Defender for Cloud, AWS Security Hub and Lacework. See our Veracode vs. Wiz report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.