We performed a comparison between GitHub and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitHub is pure or open-source; you can access it anywhere. You can have a lot of collateral information. You can make the changes and do the reviews from one place."
"The best feature is the ability to track the history of all code changes, and it's easy to use. Additionally, as it's open source, anyone can use that feature resulting in distributed development. This opens the door to collaboration with different code and developer, feature, and master branches of development."
"The learning curve is small."
"The most valuable feature of the solution is the version control field."
"GitHub's source code management is top-notch. It's easy to inspect changes and visualize code and differences. Their action system is comprehensive in terms of making changes and automation."
"GitHub provides the SFH key to protect our passwords and connection."
"The control is the most valuable feature as developers can work on a single code."
"All the features are valuable, but the most important feature is that GitHub has advanced security. The second important feature is the capability to create custom GitHub actions and the capability to deploy in different types of architectural infrastructures, such as hybrid, private, or public."
"When those scans kick, Veracode integrates back into our JIRA and actually open tickets with the appropriate development teams. We can use that as a measurement of vulnerabilities opened, closed; we can tie them to releases. So, we get a whole lot more statistical information about security in our software products."
"The security team can track the remediation and risk acceptance statistics."
"The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up."
"This static analysis helps ensure a secure application rollout across all environments."
"One of the best things they offer is the scalability. The fact that you can work with it through the cloud means that if you have unintegrated business units, you don't have to worry about having a solution on-prem and having the network connection; you don't have to worry about giving up source code, you are just sending your binary files for most of the applications. So it scales much faster."
"The user interface is excellent, the code review process is quick and provides great analytics to understand our code better, and the SAST scan is high-speed."
"In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application."
"What I found most valuable in Veracode Static Analysis is that it categorizes security vulnerabilities."
"GitHub could improve by being more user-friendly."
"GitHub could add more security features. I am not sure how secure it is. If they provide more security features, then it can be used in more official applications."
"It would be useful to have tutorial videos within the GitHub dashboard."
"The ticketing system is not working."
"The product must document the CI/CD process more."
"In complex cases, we have to use the terminal for conflict resolution. If those conflicts could be resolved visually in the editor, that would be much better."
"Lacks sufficient support in terms of professional services that could be provided."
"We are not able to access GitHub from our VPN."
"I would like to see more technical support for some of the connectors, some more detailed diagrams or run-books on how to install some of stuff; more hand-holding in the sense of understanding our environment."
"The only notable problem we have had is that when new versions of Swift have come out, we have found Veracode tends to be a bit behind in updates to support the new language changes."
"It's very expensive for a small organization."
"In the last month or so, I had a problem with the APIs when doing some implementations. The Veracode support team could be more specific and give me more examples. They shouldn't just copy the URL for a doc and send it to me."
"I'd like to see an improved component of it work in a DevOps world, where the scanning speed does not impede progress along the AppSec pipeline."
"There were some additional manual steps or work involved that we should not have needed to do."
"The scanning is a little slow, but other than that it's fine. It's usually when the binaries get up into the multi-hundred megabyte size."
"There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long."
GitHub is ranked 12th in Application Security Tools with 74 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub is most compared with Snyk, AWS CodeCommit, Fortify on Demand, Bitbucket and Atlassian SourceTree, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our GitHub vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.