We compared Veracode and GitLab across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Initial Setup: Veracode's initial setup is straightforward for some users, while others found it more challenging. Veracode is a cloud-based solution that requires periodic maintenance. The reviews for GitLab suggest that the timeframes for deployment, setup, and implementation can vary greatly among users. Some users spent three months on deployment and an additional week on setup, while others completed both in a week.
Valuable Features: Veracode's valuable features include comprehensive security testing, accurate vulnerability detection, and reliable reporting. GitLab offers seamless integration with other tools, robust version control capabilities, and efficient collaboration and project management functionalities.
Setup Cost: Veracode's setup cost varies depending on the size and specific needs of the organization. Some reviewers find it expensive, while others believe it provides value for the cost. On the other hand, GitLab offers competitive pricing options with reasonable setup costs and straightforward licensing terms.
ROI: Veracode's ROI is difficult to quantify but offers benefits such as security assurance, certifications, and improved code base. GitLab's ROI is positive, with users praising its efficiency, collaboration features, and streamlined workflows.
Customer Service: Veracode's customer service has received mixed reviews, with some customers praising their responsiveness and knowledge, while others have experienced slow response times and delays. In contrast, GitLab's customer service has been highly praised for its promptness, effectiveness, and dedication to ensuring a positive experience.
Based on user reviews, GitLab is the preferred product over Veracode. Users highly praise GitLab's seamless integration with other tools, robust version control capabilities, efficient collaboration and project management functionalities, and comprehensive CI/CD pipeline automation. Additionally, GitLab's customer service and support have been highly praised for their promptness, effectiveness, and dedication. The user feedback also indicates that GitLab offers competitive pricing options with flexible licensing and provides a positive return on investment by optimizing development processes and facilitating efficient collaboration.
"This product is always evolving, and they listen to the customers."
"The important feature is the entire process of versioning source code maintenance and easy deployment. It is a necessity for the CI/CD pipeline."
"GitLab's best feature is Actions."
"It is scalable."
"It speeds up our development, it's faster, safer, and more convenient."
"The SaaS setup is impressive, and it has DAST solutioning."
"The most valuable functionality of GitLab, for me, is the DevOps. Besides the normal source control based on Git, I find the Auto DevOps features most important in the solution."
"The dashboard and interface make it easy to use."
"The most valuable feature of Veracode Static Analysis is the scanning."
"It eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code bundle over to Veracode, which automatically kicks off the static analysis. It sends an email when it's done, and we look at the report."
"The most valuable feature is the SAST capability and its integration into the Veracode pipelines."
"I can have quick results by just uploading compiled components."
"It has an easy-to-use interface."
"I have found the user interface extremely helpful in prioritizing issues."
"In pipeline scanning, there is a configuration that can be set with respect to the security level of the flaw. If there is a high or a critical issue, there's a way the build can be failed and blocked before going into production."
"The most valuable feature is the dynamic application security testing."
"Even if I say I want some improvement, they will say it is already planned in the first quarter, second quarter, or third quarter. That said, most everything is quite improved already, and they're improving even further still."
"I would like to see security increased in the future. A secure environment is very important."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
"Expand features to match other tools such as a static code analysis tool so third-party integrations are not required."
"As a partner, sometimes it's difficult to get support. They have a really complicated procedure for their support."
"GitLab would be improved with the addition of templates for deployment on local PCs."
"The integration and storage capabilities could be better."
"I would like to have some features to support peer review."
"They cover a lot of languages already and it doesn't make sense for them to cover legacy languages but I know there is a need for covering legacy languages."
"We use Ruby on Rails and we still don't have any support for that from Veracode."
"Veracode scans provide a higher number of false positives."
"It would be ideal if it was able to demonstrate higher levels of cybersecurity certifications like becoming FedRAMP compliant or working in those areas."
"The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved."
"I haven't heard about any problems so far. However, it would be great if Veracode automatically packaged stuff up for you."
"There is much to be desired of UI and user experience. The UI is very slow. With every click, it just takes a lot of time for the pages to load. We have seen this consistently since getting this solution. The UI and UX are very disjointed."
"In the last month or so, I had a problem with the APIs when doing some implementations. The Veracode support team could be more specific and give me more examples. They shouldn't just copy the URL for a doc and send it to me."
GitLab is ranked 7th in Application Security Tools with 70 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitLab is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Fortify Static Code Analyzer, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and GitHub Advanced Security. See our GitLab vs. Veracode report.
See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
