No more typing reviews! Try our Samantha, our new voice AI agent.

SUSE NeuVector vs Veracode comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (8th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
SUSE NeuVector
Ranking in Container Security
17th
Average Rating
7.8
Reviews Sentiment
7.3
Number of Reviews
8
Ranking in other categories
Cloud Workload Protection Platforms (CWPP) (21st)
Veracode
Ranking in Container Security
12th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
208
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Software Composition Analysis (SCA) (2nd), Static Code Analysis (1st), Dynamic Application Security Testing (DAST) (1st), Application Security Posture Management (ASPM) (1st)
 

Mindshare comparison

As of June 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.4%, up from 0.9% compared to the previous year. The mindshare of SUSE NeuVector is 1.7%, down from 2.3% compared to the previous year. The mindshare of Veracode is 2.6%, down from 3.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.4%
Veracode2.6%
SUSE NeuVector1.7%
Other94.3%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Danie Joubert - PeerSpot reviewer
Managing Director at ProQuanta
Good value for money; great for policy management
Our model of deployment for this solution is on-premises. For people looking into this solution and trying to use it for the first time, I'd say make your life easier by using the SUSE product as well on top of your community scale stack. That makes your integration points a lot easier and smoother. I would also say during your initial setup, make sure that your clusters are already in terms of the capabilities with the version required. I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best. The reason for this rating is that what they offer is solid, but they could expand their service and add more features just to make more things integrated into an enterprise itself.
reviewer2753535 - PeerSpot reviewer
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
Integrates security into the development process and improves team collaboration
Veracode helps organizations develop software by reducing the risk of security vulnerabilities through developer enablement and applications focused on governance. You can utilize different levels of processes to achieve better performance or a more scalable service. Since I started working with it in 2022, I’ve found it to be cost-effective as well. Overall, Veracode is a user-friendly security tool. It includes features such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). During the development phase, we can identify vulnerabilities in the application. This process occurs in the staging environment during development. When we're ready to go to production, we conduct a final check. Essentially, this tool helps identify vulnerabilities during the code development stage, including both high-level vulnerabilities and those related to open-source software composition. We utilize specific methodologies for this purpose. Additionally, it offers a feature that allows us to set up policies based on client requirements. This means we can customize the tool to meet the specific needs of our clients, ensuring that they receive the appropriate level of security in their applications. Veracode is user-friendly as well. Compared to other tools, their scans take 15 minutes or under. If you have a large scale of libraries or data, it might take longer, but based on my personal experience, the scan usually runs within fifteen minutes. For my case study using the Veracode tool, I worked on an internal project following industry standards. We used Veracode to improve our security posture and speed up the time to market by streamlining the development process. This enhanced collaboration between developers, operations, and security teams. The automated scanning process helped identify and fix vulnerabilities earlier in the development process. We maintained compliance with regulatory requirements, avoided fines, and built customer trust by integrating security into the development process. When we conduct this scan, we receive data on a list of vulnerabilities. This information improved our communication and increased transparency, which leads to better reports about the efforts being put in. This results in a more effective and efficient collaboration process, making it user-friendly for all involved. When considering costs, if we resort to manual processes, it can be time-consuming. Therefore, we utilize automated scans to identify and fix security issues. This allows us to address vulnerabilities early in the development process, as we discussed previously. This applies both to our in-house code and third-party libraries, using Software Composition Analysis (SCA) agent-based scans. In the future, we will also implement SCA agent-based scans as a separate feature within Veracode, which can help organizations avoid the expensive and time-consuming consequences of security issues. Furthermore, we have seen an increase in compliance, helping to maintain adherence to regulatory requirements and industry standards, thereby avoiding fines and reputational damage associated with noncompliance. Additionally, by integrating security into the development process, we enhance customer trust in our organization and its products.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I would definitely recommend Qualys TotalCloud to other customers."
"I highly recommend Qualys TotalCloud to other users."
"Qualys TotalCloud provides unified vulnerability and threat assessment for IaaS and SaaS and a single prioritized view of risk, which helps reduce my workload by not having to combine multiple sources."
"Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes."
"By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."
"One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us."
"The most valuable feature is the consolidated information that it provides from various platforms."
"The dashboards are particularly valuable as they offer a comprehensive view of the environment, highlighting any misconfigurations."
"The initial setup is quite good, it's straightforward."
"The features of image scanning and anti-malware are really valuable."
"The most valuable feature of SUSE NeuVector is the performance, deployment, and cost."
"When it comes to the price, we got a really good deal from the vendor instantly."
"The most valuable feature of SUSE NeuVector is its run-time security."
"The tool's deployment is simple. Also, I am impressed with its risk capabilities."
"The solution includes many features, not only for container and client security but also for scanning nodes, networks, and vulnerabilities."
"The UI has a lot of features."
"It has also helped to increase our fix rate by almost 100 percent."
"The product provides guidance to develop secure software."
"Veracode has helped immensely with developer security training and in building developer security skills."
"The most valuable feature is the security and vulnerability parts of the solution. It shows medium to high vulnerabilities so we can find them, then upgrade our model before it is too late. It is useful because it automates security. Also, it makes things more efficient. So, there is no need for the security team to scan every time. The application team can update it whenever possible in development."
"I like the sandbox, the ability to upload compiled code, and how easy it is."
"Veracode is a valuable tool in our secure SDLC process."
"It makes it very easy to track and monitor activity."
"The product helped improve our organization by helping us to identify potential problems in applications and fix them before they were used in a way that they should not be, and in essence, it helped enhance our security."
 

Cons

"To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution."
"Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures."
"Regarding technical support from Qualys, they respond, but the response time can be too long. Sometimes we need to wait weeks for solutions to simple questions."
"Their customer support needs improvement."
"The price is very expensive, actually."
"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."
"Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."
"The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources."
"The tool should offer seamless integration of other security tools while in a hybrid environment."
"SUSE NeuVector should provide more security protection rules and better container image scanning."
"SUSE NeuVector could improve by increasing its visibility into other elements of the DevSecOps pipeline. Additionally, scanning around infrastructure would be helpful."
"However, I found that the support in Egypt was not very qualified, and there was a need to upgrade to a higher support layer to solve my issues."
"I would say that this solution should improve monitoring and reporting. I would also like to see more integrations so that we could essentially make it a part of a developing pipeline."
"The documentation needs to improve a bit."
"Using a node port instead of a cluster IP is less ideal when implementing federation features between two clusters and could be improved."
"The image-scanning features need improvement."
"It could be improved with support for more programming languages, like SQL."
"One feature I would like would be more selectivity in email alerts. While I like getting these, I would like to be able to be more granular in which ones I receive."
"The JIRA integration automation aspect of it could be improved significantly."
"It needs better controls to include or exclude specific sections when creating a report that can be shared externally with customers and prospects."
"There are certain shortcomings in Veracode's static analysis engine. I would improve Veracode's static analysis engine to make it capable of identifying vulnerabilities with low false positives."
"The scanning process for records could be faster and there is room for improvement in Veracode's performance."
"Their technical support is less than stellar."
"Sometimes, the scans halt or drop for some reason, and we need to get help from Veracode to fix it."
 

Pricing and Cost Advice

"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Qualys TotalCloud is expensive."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"Licensing fees are paid yearly."
"The solution's pricing could be better. The cost of a subscription is calculated on the basis of work."
"The price of SUSE NeuVector is low. There is an additional cost for support."
"SUSE NeuVector is an open-source solution."
"Compared to the typical software composition analysis solutions, Veracode is not so costly, although the static analysis part of it is a little costlier."
"I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good."
"The licensing cost for Veracode is fair."
"There is a fee to scale up the solution which I consider expensive."
"The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."
"The price of Veracode Static Analysis is expensive. There is an annual fee to use the solution and the company is upfront with the pricing model and fees."
"It's worth the value"
"Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
900,747 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
18%
Financial Services Firm
14%
Construction Company
7%
Comms Service Provider
7%
Financial Services Firm
18%
Computer Software Company
12%
Manufacturing Company
10%
Government
8%
Financial Services Firm
16%
Manufacturing Company
11%
Computer Software Company
9%
Construction Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise3
Large Enterprise29
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise1
Large Enterprise2
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise46
Large Enterprise114
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What needs improvement with NeuVector?
One area for improvement is NeuVector's ability to import CVEs from different sources. Additionally, using a node por...
What is your primary use case for NeuVector?
In my company, I am looking to deploy a container security runtime solution.
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. Son...
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed Ap...
What is your experience regarding pricing and costs for Veracode Static Analysis?
My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.
 

Also Known As

Qualys TotalCloud with FlexScan
NeuVector
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

Information Not Available
Figo, Clear Review, Arvato Bertelsmann, Experian, Chime
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about SUSE NeuVector vs. Veracode and other solutions. Updated: June 2026.
900,747 professionals have used our research since 2012.