Try our new research platform with insights from 80,000+ expert users

Sysdig Secure vs Veracode comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Container Security
3rd
Average Rating
8.8
Reviews Sentiment
7.9
Number of Reviews
107
Ranking in other categories
Vulnerability Management (6th), Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (2nd)
Sysdig Secure
Ranking in Container Security
20th
Average Rating
8.2
Reviews Sentiment
7.5
Number of Reviews
10
Ranking in other categories
Cloud Security Posture Management (CSPM) (18th), Cloud-Native Application Protection Platforms (CNAPP) (13th), Cloud Detection and Response (CDR) (4th)
Veracode
Ranking in Container Security
5th
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
194
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Software Composition Analysis (SCA) (2nd), Penetration Testing Services (4th), Static Code Analysis (1st), Application Security Posture Management (ASPM) (1st)
 

Mindshare comparison

As of April 2025, in the Container Security category, the mindshare of SentinelOne Singularity Cloud Security is 2.1%, up from 1.0% compared to the previous year. The mindshare of Sysdig Secure is 2.5%, up from 2.4% compared to the previous year. The mindshare of Veracode is 2.6%, up from 2.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Peter Du - PeerSpot reviewer
Gives real-time visibility and helps to articulate constantly-changing landscape
The main benefit for me personally is being able to articulate the ever-growing, dynamic, and constantly changing landscape. Just today, in a management leadership call, I was able to demonstrate that although we are solving a lot of these vulnerabilities, we are picking up new vulnerabilities each and every day. It allows me to articulate the importance of information security with actual real-time data. Sysdig's runtime insights help us detect and respond to threats that are happening in real-time. We can look at Sysdig dashboards or run reports to see precisely what happens in our runtime environment. A good use case of this was that when zero-day vulnerabilities came out, we could scan our environment to see if the vulnerabilities apply to any of our production workloads. Sysdig Secure helps us prioritize issues and distribute work. We are a small company, so we do not have multiple security or dev teams. We have two or three guys on my team. Having the ability to focus on critical vulnerabilities is crucial. It does not make sense to prioritize low-level threats when we have limited time. We do not use live threat investigation features as much as we would like because of different priorities, but it is something that we do use. Over time, it shows us whether we are putting the right effort into resolving issues. For example, when we look at the dashboard scene over a 30-day period, we can see whether the critical vulnerabilities are increasing or decreasing. It lets us know whether we are on the right track. We are currently using agentless scanning. Deploying it onto our cluster has enabled us to get full visibility into what is running on our cluster. Sysdig provides us with the contextual awareness we need to create an immediate incident response strategy. It provides links to the threat and explains the threat and the resolution possible. It equips us with the right information to make a decision on whether to address the threat immediately or take a risk in terms of deploying remediation. Sysdig has not enabled us to reduce the number of security tools we use. We were not using anything before Sysdig, and after choosing Sysdig, we did not have a need to look at anything else. Sysdig has not helped reduce external SOC costs. We are a very small business, so we do not have the budget for an external SOC. However, it has definitely alleviated the pressure to look for one and to source an external SOC. We have a project history to look at a virtual SOC and leverage tools that we do have, and Sysdig is a part of that. There is definitely a saving there because we have not had the need to go out and look for an external SOC. Sysdig has helped reduce the percentage of workloads that have security exposures that put the organization at risk. It has reduced the workload, mainly from an understanding of where we can assign work to cover the most ground in terms of resolving vulnerabilities.
AkashKhurana - PeerSpot reviewer
Easy to configure, stable, and good vulnerability detection
Veracode's ability to prevent vulnerable code from being deployed into production is crucial. Typically, if a dependency we use has security issues or concerns, Veracode suggests upgrading to a more secure version. For example, if we're using a PayPal dependency with version 1.3 and it has a security bug, Veracode suggests upgrading to version 1.4 which fixes the issue. We usually make our project compatible with version 1.4, but sometimes Veracode recommends removing the dependent code altogether and adding the updated dependency from another repository. Veracode provides suggestions for resolving security issues and we implement them in our code after resolving any conflicts. We run the Veracode scan again and if it fails, we do not deploy the code to production. This is critical as it ensures that security issues such as bugs and fixes are addressed. Veracode consistently assists us in identifying security issues in third-party dependencies, while also ensuring the maintenance of code quality. Preventing security bugs and threats in our code improves the overall code quality of our company, which is essential given the significant concerns surrounding security today. Veracode's policy reporting is helpful for ensuring compliance with industry standards and regulations. Veracode's solution plays a major role in achieving compliance, including HIPAA compliance. Without Veracode scans, identifying security threats and third-party dependencies would be a tedious task for DevOps professionals. Veracode provides visibility into the status of our application during every phase of development, including continuous integration and continuous development CI/CD pipeline stages. This includes builds, package creation for deployment, and various enrollment stages such as develop, queue, stage, above, and production enrollment. Prior to each stage, a Veracode scan is run. This can be accessed through Jenkins or the CI/CD pipeline by clicking on the Veracode scan option, which provides a detailed report highlighting any security issues and concerns. Veracode performs statistical analysis, dynamic analysis, software composition analysis, and manual penetration tests throughout our software development life cycle. Veracode scans not only for third-party security issues but also for possible issues in our own code. This occurs in every phase of development, including the SDLC. For example, if we use an encryption algorithm with a private or public key that is easy to decode, Veracode will identify this as an error or warning in the report and suggest using multiple layers of encryption for the keys. The entire CI/CD process is part of DevOps. Therefore, the responsibility of configuring the Veracode tool usually falls on the DevOps professional. It is essential to integrate Veracode with the CI/CD pipeline within the project to ensure it is always incorporated. Whenever there is a priority or mandatory check required before deployment, Veracode should run beforehand. This integration is carried out by our DevSecOps team. Veracode's false positive rate is good, as it helps us identify possible security concerns in our code. In my opinion, it is advisable to run a Veracode scan on all codes. I have worked in the IT industry for five years, and I have observed that Veracode has been implemented in every project I have worked on. If a tool is improving our code quality and providing us with insights into potential security issues, it is always beneficial to use it. The false positive rate boosts our developers' confidence in Veracode when addressing vulnerabilities. Veracode also provides suggestions when there is a security issue with a dependency in version 1.7, prompting us to consider using version 1.8, which does not have security issues. This process involves the developers, and it leaves a positive impression on our managers and clients, demonstrating our commitment to security. We can show them that we were previously using version 1.7 but updated to version 1.8 after identifying the security issue with Veracode's help. Unfortunately, there is no centralized platform to check for network issues or problems with dependencies and versions. Veracode provides a centralized solution where we can scan our project and receive results. Veracode has helped our organization address flaws in our software and automation processes. Its positive impact has been reflected in our ROI, which increased when we started using Veracode. Without Veracode, we would be susceptible to security issues and potential hacking. However, after implementing Veracode scans, we have not encountered any such problems. It is critical for us to use Veracode because we capture sensitive data such as pharmacy information for real-time users, including patient prescriptions and refill schedules. This sensitive data could pose a significant problem if our code or software has security vulnerabilities. Fortunately, Veracode scans allow us to prevent such issues. Veracode has helped our developers save time by providing a solution that eliminates the need to manually check for dependencies or search the internet for information on which dependencies have issues. Instead, Veracode provides a detailed report that identifies the issues and recommends the appropriate version to use. Using Veracode ensures the quality of our code and also saves time for our developers. In my career of five years, Veracode has helped me resolve code issues eight times. Veracode has reduced our SecOps costs by identifying security vulnerabilities in our code. Without Veracode, if we were to go live with these issues, it could result in a breach of our encrypted data, potentially causing significant harm to our organization. This would require significant time and cost to resolve the issue and restore the data. Veracode has improved the quality of our code and reduced the risk of such incidents occurring, thereby minimizing their impact on our organization.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"SentinelOne Singularity Cloud Security offers valuable features like runtime notifications. These alerts come to my account, ensuring that if any port or component within my infrastructure is opened or compromised, I am informed immediately. It highlights issues within minutes or even seconds."
"I like CSPM the most. It captures a lot of alerts within a short period of time. When an alert gets triggered on the cloud, it throws an alert within half an hour, which is very reasonable. It is a plus point for us."
"SentinelOne Singularity Cloud Security has significantly improved our risk posture."
"It is scalable, stable, and can detect any threat on a machine. It uses artificial intelligence and can lock down any virus."
"For Singularity, the task capability is easy to use and it has a very intuitive dashboard, which streamlines the processes."
"Cloud Native Security's most valuable features include cloud misconfiguration detection and remediation, compliance monitoring, a robust authentication security engine, and cloud threat detection and response capabilities."
"It used to guide me about an alert. There is something called an alert guide. I used to click on the alert guide, and I could read everything. I could read about the alert and how to resolve it. I used to love that feature."
"There's real-time threat detection. It can show threats and find issues based on their severity and helps us with real-time monitoring."
"The log monitor is the most valuable feature."
"The most valuable feature is the level of support that we get. Our solutions or customer success representative is very valuable. I see them as an extension of our security team."
"I have not seen any stability issues so far."
"I see Sysdig as the most comprehensive solution in comparison to its competitors."
"The tool has the capability to conduct scans initially. It can perform scans on your virtual machines, physical machines, containers, and container images. A standout feature is its ability to scan offline container images stored in your container registry. Additionally, it can scan runtime images in your cluster or on your host machine. This allows for the detection of vulnerabilities in running containers, including loaded libraries. Notably, the tool can identify which library vulnerabilities are already present in your system. An added advantage is its capacity to take action beyond threat detection. It has the ability to block access and respond to encountered threats."
"Sysdig Secure has many strong foundational features like compliance and benchmark, security, network access management, and vulnerability management."
"We appreciate this feature, especially when combined with CD monitoring. The implementation of requested features has been remarkable, such as scanning for compliance in CRM processes for the US government. We heavily rely on this feature to assess compliance with federal requirements."
"The proactiveness of the support has been fantastic. Every time we mention something in a meeting that we're trying to do, he proactively takes that as an investigation topic and looks into it. He'll provide the solution even though we might not have asked him to investigate it."
"The main feature, and one of the most important, is the static code analysis. We are able to complete an analysis of the security flaws with this platform. It's very good at helping us find and fix flaws."
"One of the valuable features is that it gives us the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important."
"Stable and scalable, with good reporting features. Helps in detecting and managing vulnerabilities and risks."
"The CSCA vulnerability scanning is useful."
"Considering that in my project, we are mostly using Software Composition Analysis as a part of Static Code Analysis, for me, the main part is reporting and highlighting necessary vulnerabilities. Veracode platform has a rather good database of different vulnerabilities in different libraries and different sources. So, finding vulnerabilities in third-party libraries is the main feature of Software Composition Analysis that we use. It is the most important feature for us."
"Code scanning is the most valuable feature."
"I like Veracode's API. You can put it into a simple bash script and run your own security testing from your MacBook in less than 15 minutes."
"Our development team use this solution for static code analysis and pen testing."
 

Cons

"In version 2, a lot of rules have been deployed for Kubernetes security and CDR, which makes a lot of issues of critical severity, whereas they are not critical or of high severity. There is a mismatch of severities. They need to work on severity management."
"Sometimes the Storyline ID is a bit wacky."
"Crafting customized policies can be tricky."
"When we request any changes, they must be reflected in the next update."
"SentinelOne Singularity Cloud Security has limited legacy system support and may not fully support older operating systems or legacy environments."
"I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes."
"In addition to our telecom and Slack channels, it would be helpful to receive Cloud Native Security security notifications in Microsoft Teams."
"A two-month grace period for extended searches would be a valuable improvement."
"The dashboard could be more simple and show the more important issues that are detected first. We'd like to be able to set it up so more important issues show up more prominently in the dashboard."
"Sysdig Secure needs to scale more for complete cloud-native coverage."
"The solution needs to improve overall from a CSPM standpoint since they can't compete with Wiz or Orca."
"Sysdig's biggest weakness is dashboarding and reporting. You have access to the data and can get everything you need, but we need the ability to summarize the information quickly in a format that senior leaders can understand. We report to the executive level and global board. I need to roll all that in-depth information into a quick summary, and their maturity level isn't there. I'm seeing that on the future road map, but it isn't there now."
"Reporting can definitely be better. Live dashboards should be configurable for a longer period of time rather than 30 days. Being able to go back in time to compare six months ago to today would be valuable."
"Banks and financial institutions cannot use Sysdig Secure because it doesn't sell SaaS-hosted versions for under two hundred working nodes."
"Perhaps, it could support more custom implementations, as our company utilizes custom implementations rather than standard ones. Configuring it requires a deep understanding and adjustment to our specific needs, which took some time. Other than that, I'm unsure about potential improvements. We were considering the possibility of compartmentalizing their tools. Currently, in Sysdig Secure, they bundle multiple features, and we are unable to use them individually. For instance, if we only need compliance scanning, we have to deploy the entire secure package. This is because of the way their agent functions, but I can't delve into more details."
"They should make it specific with a couple of features only."
"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."
"I would like to see improvement on the analytics side, and in integrations with different tools. Also, the dynamic scanning takes time."
"Veracode's container scanning could be improved. We containerize all the platforms we use inside a Docker image. For example, we create a Microsoft Docker image that we build our application on top of. I would like Veracode to implement IT scans before we commit the code."
"It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount."
"We are testing Veracode's software composition analysis, but we're having trouble integrating it with SVN. It works out of the box when you use Git but doesn't work as well with other tools like SVN. It's more geared toward Git"
"When we scan binary, when we perform binary analysis, it could go faster. That has a lot to do with the essence of scanning binary code, it takes a little bit longer. Certain aspects, depending on what type of code it is, take a little long, especially legacy code."
"The scanning could be improved, because some scans take a bit of time."
"Veracode's SAST, DAST, and SCA are pretty good with respect to industry standards, but with regard to container security, they are in either beta or alpha testing. They need to get that particular feature up and running so that they take care of the container security part."
 

Pricing and Cost Advice

"It's a fair price for what you get. We are happy with the price as it stands."
"PingSafe falls within the typical price range for cloud security platforms."
"It is not that expensive. There are some tools that are double the cost of PingSafe. It is good on the pricing side."
"We have an enterprise license. It is affordable. I'm not sure, but I think we pay 150,000 rupees per month."
"It is cost-effective compared to other solutions in the market."
"We found it to be fine for us. Its price was competitive. It was something we were happy with. We are not a Fortune 500 company, so I do not know how pricing scales at the top end, but for our cloud environment, it works very well."
"PingSafe's primary advantage is its ability to consolidate multiple tools into a single user interface, but, beyond this convenience, it may not offer significant additional benefits to justify its price."
"It was reasonable pricing for me."
"Sysdig is competitive. The quality matches the pricing. Obviously, everyone wants things to be cheaper, but if you're realistic, you acknowledge that quality service comes with a price. Sysdig is the gold standard for Kubernetes, and I wouldn't choose anything else. We live in Kubernetes. Everything is containerized, so that means a lot to us, and we're willing to make an investment."
"In comparison to other cloud solutions, it's reasonably priced. However, when compared to in-house built open-source projects, it might be considered somewhat costly. The cost depends on whether someone sees the support provided by Sysdig as an advantage or if it's deemed unnecessary. Personally, I find the support to be excellent and consider it a good value."
"It is quite costly compared to other tools."
"I am always going to say that it could be a little bit cheaper. I do feel that it is a little bit on the expensive side."
"The solution's pricing depends on the agents...In short, the price depends on the environment of its user."
"We pay based on the number of developers working on a particular project."
"When I looked at the pricing, it was definitely a value. In terms of the service and what it's checking, the cost was very reasonable, particularly because we could have multiple code bases as part of a project."
"We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily."
"For the value we get out of it, coupled with the live defect review sessions, we find it an effective value for the money. We are a larger organization."
"No issues, the pricing seems reasonable."
"The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."
"It's worth the value"
"Costs are reasonable. No special infrastructure is required and the license model is good."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
845,406 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
9%
Government
5%
Financial Services Firm
22%
Computer Software Company
16%
Manufacturing Company
9%
Comms Service Provider
6%
Computer Software Company
17%
Financial Services Firm
17%
Manufacturing Company
8%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
It is cost-effective compared to other solutions in the market.
What needs improvement with PingSafe?
In version 2, a lot of rules have been deployed for Kubernetes security and CDR, which makes a lot of issues of criti...
What do you like most about Sysdig Secure?
The proactiveness of the support has been fantastic. Every time we mention something in a meeting that we're trying t...
What needs improvement with Sysdig Secure?
Reporting can definitely be better. Live dashboards should be configurable for a longer period of time rather than 30...
What is your primary use case for Sysdig Secure?
We use Sysdig Secure to gain visibility into our runtime workloads. We use a whole bunch of security tools to scan ou...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. Son...
What do you like most about Veracode?
The SAST and DAST modules are great.
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and da...
 

Also Known As

PingSafe
No data available
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

Information Not Available
SAP Concur, Goldman Sachs, Worldpay, Experian, BigCommerce, Arkose Labs, Calendly, Noteable, Bloomreach. More here: https://sysdig.com/customers/
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about Sysdig Secure vs. Veracode and other solutions. Updated: March 2025.
845,406 professionals have used our research since 2012.