We performed a comparison between GitHub Advanced Security and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part."
"GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need."
"The most valuable is the developer experience and the extensibility of the overall ecosystem."
"It ensures user passwords or sensitive information are not accidentally exposed in code or reports."
"Dependency scanning is a valuable feature."
"The product's most valuable features are security scan, dependency scan, and cost-effectiveness."
"I like the sandbox, the ability to upload compiled code, and how easy it is."
"The most valuable feature is Veracode SDP, which allows for something related to third-party vulnerabilities. When we build a product, we use a lot of third-party libraries instead of building everything from scratch. We just use a library which is already been built; we just use that component in our product. Sometimes, these libraries may have bugs or issues, and it's hard to keep track of them because we use thousands of them."
"I can have quick results by just uploading compiled components."
"I like the static scanning, and Veracode's interface is excellent. The dashboard is easy to navigate."
"The most valuable feature is the seamless automation of Veracode via the pipeline, in comparison to other solutions like Fortify SSC, which are complex to integrate through the pipeline."
"What I found most valuable in Veracode is that it gives me a part-by-part report of the entire EAR file and lets me set up the application for a limited time. Once that expires, Veracode allows you to automatically renew it, which is one of the features I find remarkable in Veracode."
"The product’s policy reporting for ensuring compliance with industry standards and regulations is great."
"The solution is a specialist in SAST that you can rely on. Code scanning is fast with current, updated algorithms."
"The report limitations are the main issue."
"There could be DST features included in the product."
"A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial."
"There could be a centralized dashboard to view reports of all the projects on one platform."
"The customizations are a little bit difficult."
"The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective."
"The area with the most room for improvement is the speed and responsiveness of the query, as it is usually very slow."
"There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long."
"We would like the consolidation of all the different modules. This would help, so then we would be able to see analytics and results on one screen, like a single pane of glass."
"While Veracode is way ahead of its competitors on Gartner Magic Quadrant, it's a bit more expensive than Fortify. It's a good solution for the cost, but if we had a high budget, we would go with Checkmarx, which is much better than Veracode."
"Once your report has been generated, you need to review the report with consultation team, especially if it is too detailed on the development side or regarding the language. Then, you need some professional help from their end to help you understand whatever has been identified. Scheduling consultation takes a longer time. So, if you are running multiple reports at the same time, then you need to schedule a multiple consultation times with one of their developers. There are few developers on their end who work can work with your developers, and their schedules are very tight."
"Static scanning takes a long time, so you need to patiently wait for the scan to achieve. I also think the software could be more accurate. It isn't 100 percent, so you shouldn't completely rely on Veracode. You need to manually verify its findings."
"There needs to be better API integration to the development team's pipeline, which is something that is missing and needs to be improved."
"The scanning is a little slow, but other than that it's fine. It's usually when the binaries get up into the multi-hundred megabyte size."
GitHub Advanced Security is ranked 14th in Application Security Tools with 6 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub Advanced Security is rated 9.0, while Veracode is rated 8.2. The top reviewer of GitHub Advanced Security writes "A tool that provides ease of integration with the set of existing codes in an infrastructure". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub Advanced Security is most compared with SonarQube, Snyk, Fortify on Demand, Checkmarx One and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Qualys Web Application Scanning. See our GitHub Advanced Security vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.