We performed a comparison between GitHub Advanced Security and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part."
"It ensures user passwords or sensitive information are not accidentally exposed in code or reports."
"Dependency scanning is a valuable feature."
"The most valuable is the developer experience and the extensibility of the overall ecosystem."
"GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need."
"The product's most valuable features are security scan, dependency scan, and cost-effectiveness."
"The developers' awareness of the security weaknesses within their code has improved. They aren't just mitigating these issues, they are realizing these are, in fact, issues that have to be dealt with."
"When we do have errors, Veracode is always available, their consultants, to help us either mitigate the error, or provide technical assistance on pointing exactly where the problem is and how we could probably fix it. I'm always amazed at how knowledgeable they are."
"We like the fact that all the issues are identified and that Veracode provides sufficient information on how to resolve them."
"It has given our management a view into issues with all of our product lines. We have three products and all of them were scanned. As a result, the project lead for each product has taken measures to improve things."
"In terms of application security best practices and guidance to our teams, their engineering staff is really excellent. They provide our developers with suggestions and they take those to heart. They've learned from the recommended remediation strategies provided by the Veracode security engineers. That makes all of their future code better."
"Wide range of platforms and technology assessments."
"Veracode Fix is a new feature that functions similarly to auto-remediation for low or medium flaw codes."
"The pricing is worth it."
"The customizations are a little bit difficult."
"The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective."
"A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial."
"The report limitations are the main issue."
"There could be DST features included in the product."
"There could be a centralized dashboard to view reports of all the projects on one platform."
"It needs better APIs, reporting that I can easily query through the APIs and, preferably, a license model that I can predict."
"One of the things that we have from a reporting point of view, is that we would love to see a graphical report. If you look through a report for something that has come back from Veracode, it takes a whole lot of time to just go through all the pages of the code to figure out exactly what it says. We know certain areas don’t have the greatest security features but those are usually minor and we don’t want to see those types of notifications."
"Scanning progress is highly dependent on the speed of the Internet."
"From the usability perspective, it is not up to date with the latest trends. It looks very old. Tools such as Datadog, New Relic, or infrastructure security tools, such as AWS Cloud, seem very user-friendly. They are completely web-based, and you can navigate through them pretty quickly, whereas Veracode is very rigid. It is like an old-school enterprise application. It does the job, but they need to invest a little more on the usability front."
"Veracode can be improved in terms of software composition analysis and related vulnerabilities."
"If you schedule two parallel scans under the same project, one of them will be a failure."
"We tried to create an automatic scanning process for Veracode and integrate it into our billing process, but it was easier to adopt it to repositories based on GIT. Until now, our source control repository was Azure DevOps Server (Microsoft TFS) to managing our resources. This was not something that they supported. It took us some sessions together before we successfully implemented it."
"The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified."
GitHub Advanced Security is ranked 16th in Application Security Tools with 6 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub Advanced Security is rated 9.0, while Veracode is rated 8.2. The top reviewer of GitHub Advanced Security writes "A tool that provides ease of integration with the set of existing codes in an infrastructure". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub Advanced Security is most compared with SonarQube, Snyk, Fortify on Demand, Checkmarx One and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and HCL AppScan. See our GitHub Advanced Security vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
