We performed a comparison between GitHub and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution can scale."
"This product is very good for storing and versioning code."
"The solution has been stable for us."
"The control is the most valuable feature as developers can work on a single code."
"I like the CI/CD features."
"I have found GitHub stable."
"GitHub provides the SFH key to protect our passwords and connection."
"The versioning of the code and the tracking of changes are definitely some of my top features."
"This is a great tool for learning about potential vulnerabilities in code."
"The source composition analysis component is great because it gives our developers some comfort in using new libraries."
"Vericode's policy reporting for ensuring compliance with industry standards and regulations is great. I"
"Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers."
"It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that."
"It has improved the quality of code being delivered for test and its vulnerability resolutions timeline has improved."
"Provides the capability to track remediation and the handling of identified vulnerabilities."
"With the tools that Veracode provides, our developers are actually able to comprehend what the vulnerability was and then resolve it. So a lot of knowledge has been grown as a result, around security, with our developers."
"The storage for this solution could be improved."
"GitHub could add some more security features."
"I think it would be valuable to have more security. Some of the data is very open to everyone."
"The solution should have less integration with the AI part, but it needs to add features with other automation tools so that it can be easily integrated."
"While using the solution when merging two code branches the code becomes a bit messy. This should be improved in the future."
"Scalability is an area with a shortcoming, because of which it has room for improvement."
"The user interface on GitLab is better."
"The ticketing system is not working."
"Raw file scans and dynamic scans would be an improvement, instead of dealing with code binaries."
"I would also like to see some improvement in the speed. That is really the only complaint, but in all reality we have a massive Java application that needs to be scanned. Our developers are saying, "It takes 72 hours to scan it." That is probably the nature of the beast, and I'm actually pretty accepting of that time frame, but since it's a complaint that I get, faster is always better. I don't necessarily think that the speed is bad as it is, just that faster would be better."
"The negative that I found is that it has a subscription-based model."
"Veracode should make it easier to navigate between the solutions that they offer, i.e. between dynamic, static, and the source code analysis."
"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."
"The zip file scanning has room for improvement."
"Calypso (our application) is large and the results take up to two months. Further, we also have to package Calypso in a special manner to meet size guidelines."
"If Veracode was more diversified, as far as the number of platforms and the number of applications it could do in our favor, we would be using it even more. But there are a number of platforms it doesn't support. For example, I know they support C+, .NET, and Java, but there are certain platforms they don't support and that was disappointing."
GitHub is ranked 9th in Application Security Tools with 74 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub is most compared with Snyk, AWS CodeCommit, Fortify on Demand, Bitbucket and Atlassian SourceTree, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our GitHub vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
