We performed a comparison between GitHub and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The flexibility of this solution has been most valuable. It operates on a pay per use basis where you can ramp up or decrease usage."
"If you want to share documents, you can create articles and diagrams with GitHub and share."
"GitHub's version control is valuable."
"Has great integration with third-party tools."
"The most important feature of GitHub is the maintainability of the versions of the code."
"The control is the most valuable feature as developers can work on a single code."
"The code sharing and updated history are valuable features."
"There are no issues. It's simple, easy, and fully compatible from my perspective with Git."
"Provides consistent evaluation and results without huge fluctuations in false positives or negatives."
"The integration with DevOps pipelines is seamless."
"Veracode has a nice API that they provide to allow for custom things to be built, or automation. We actually have integrated Veracode into our software development cycle using their API. We actually are able to automatically, every time a new build of a software is completed, submit that application, kick off a scan, and we get results in a much more automated fashion."
"The most important feature is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client... Dynamic scanning actually hits our Web applications, to try to detect any well known Web application vulnerabilities as well."
"This is a great tool for learning about potential vulnerabilities in code."
"It's straightforward, and it does not require a lot of time. It's a straightforward platform that you can use for performing scans or mitigating issues. It has a very good user interface. FAQs are also helpful in case you are not familiar with it."
"We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle."
"The coding standards in our development group have improved. From scanning our code we've learned the patterns and techniques to make our code more secure. An example would be SQL injection. We have mitigated all the SQL injection in our applications."
"While using the solution when merging two code branches the code becomes a bit messy. This should be improved in the future."
"The product must document the CI/CD process more."
"Could be more user friendly."
"This solution could be improved if migration was fully automated to make it easy, for example, to migrate repositories into GitHub."
"I would want to see some form of code security scanning implemented."
"Scalability is an area with a shortcoming, because of which it has room for improvement."
"GitHub could add more security features. I am not sure how secure it is. If they provide more security features, then it can be used in more official applications."
"I think it would be valuable to have more security. Some of the data is very open to everyone."
"There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long."
"The zip file scanning has room for improvement."
"We would like a way to mark entire modules as "safe." The lack of this feature hasn't stopped us previously, it just makes our task more tedious at times. That kind of feature would save us time."
"Security can always be improved."
"Third-party library scanning would be very useful to have. When I was researching this a year ago, there was not a third-party library scan available. This would be a nice feature to have because we are now running through some assessments and finding out which tool can do it since this information needs to be captured. Since Veracode is a security solution, this should be related."
"The pricing for qualified startups such as Neo4j could be improved."
"The scanning could be improved, because some scans take a bit of time."
"The runtime code analysis could be improved so that we can see every element in one place."
GitHub is ranked 12th in Application Security Tools with 69 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub is most compared with Snyk, AWS CodeCommit, Bitbucket, Fortify on Demand and Mend.io, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our GitHub vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
