We compared Veracode and GitLab across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Initial Setup: Veracode's initial setup is straightforward for some users, while others found it more challenging. Veracode is a cloud-based solution that requires periodic maintenance. The reviews for GitLab suggest that the timeframes for deployment, setup, and implementation can vary greatly among users. Some users spent three months on deployment and an additional week on setup, while others completed both in a week.
Valuable Features: Veracode's valuable features include comprehensive security testing, accurate vulnerability detection, and reliable reporting. GitLab offers seamless integration with other tools, robust version control capabilities, and efficient collaboration and project management functionalities.
Setup Cost: Veracode's setup cost varies depending on the size and specific needs of the organization. Some reviewers find it expensive, while others believe it provides value for the cost. On the other hand, GitLab offers competitive pricing options with reasonable setup costs and straightforward licensing terms.
ROI: Veracode's ROI is difficult to quantify but offers benefits such as security assurance, certifications, and improved code base. GitLab's ROI is positive, with users praising its efficiency, collaboration features, and streamlined workflows.
Customer Service: Veracode's customer service has received mixed reviews, with some customers praising their responsiveness and knowledge, while others have experienced slow response times and delays. In contrast, GitLab's customer service has been highly praised for its promptness, effectiveness, and dedication to ensuring a positive experience.
Based on user reviews, GitLab is the preferred product over Veracode. Users highly praise GitLab's seamless integration with other tools, robust version control capabilities, efficient collaboration and project management functionalities, and comprehensive CI/CD pipeline automation. Additionally, GitLab's customer service and support have been highly praised for their promptness, effectiveness, and dedication. The user feedback also indicates that GitLab offers competitive pricing options with flexible licensing and provides a positive return on investment by optimizing development processes and facilitating efficient collaboration.
"As a developer, this solution is useful as a repository holder because most of the POC projects that we have are on GitLab."
"It is scalable."
"The most valuable feature of GitLab is the ability to upload scripts and make changes when needed and then reupload them. Additionally, the solution is user-friendly."
"I like that you can use GitLab as a double-sided solution for both DevOps and version management. It's a good product for working in these two areas, and the user interface makes it easy to understand."
"The scalability is good."
"The most valuable features of GitLab are ease of use and highly intuitive UI and performance."
"The user interface is really good so that helps with huge teams who need to collaborate."
"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"It scans for the OWASP top-10 security flaws at the dynamic level and, at the static level, it scans for all the warnings so that developers can fix the code before we go to UAT or the next phase."
"It's hard to say that any single feature is the most essential. There are many errors and vulnerabilities in software today in the standard libraries for different vendors because. We don't need to reinvent the wheel every time because we're using standard libraries, and it's important to know that your security isn't compromised because you are using libraries with vulnerabilities."
"I don't have to have a team of developers behind me that keep up with all the latest threats because the subscription service they provide for me does that."
"The developers' awareness of the security weaknesses within their code has improved. They aren't just mitigating these issues, they are realizing these are, in fact, issues that have to be dealt with."
"I like the way the flaws are reported in the system."
"The static scan is the most valuable feature."
"The most valuable features of Veracode Static Analysis are its ability to work with GitLab and GitHub so that you can do the reviews and force the code."
"With the pipeline scanner, it's easier for developers to scan their products, as they don't have to export anything from their computers. They can do everything with the command line on their computer."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
"GitLab could consider introducing a code-scanning tool. Purchasing such tools from external markets can incur charges, which might not be favorable. Integrating these features into GitLab would streamline the pipeline and make it more convenient for users."
"GitLab can improve by integrating with more tools, such as servers with Docker."
"I would like to see better integration with project management tools such as Jira."
"I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository. Resolving that issue would make the product better. My team quickly fixed it by writing a small script, then double-clicking or enabling the script to take care of the issue. However, that quick fix was from my team and not the GitLab team, so in the next release, if an automatic deployment feature would be available in GitLab, then that would be good because, in Visual Studio, you can do that with just one click of a button."
"The solution could be faster."
"GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package."
"Merge conflicts and repository maintenance could improve. If there is someone new to the system they would not know if there is a conflict."
"I've found that Veracode is not particularly suitable for Dynamic Application Security Testing."
"A high number of false positives are reported and this should be reduced."
"The feature that allows me to read which mitigation answer was submitted, and to approve it, requires me to use do so in different screens. That makes it a little bit more complicated because I have to read and then I have to go back and make sure it falls under the same number ID number. That part is a little bit complicated from my perspective, because that's what I use the most."
"There should be more control for administrative users so that we can add and delete any functionality or module within the platform. We should not have to reach out to Veracode's customer support every time. We should be able to customize our modules."
"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."
"We are testing Veracode's software composition analysis, but we're having trouble integrating it with SVN. It works out of the box when you use Git but doesn't work as well with other tools like SVN. It's more geared toward Git"
"It takes a lot of time to scan the applications. They can make them faster and provide an option to scan a specific portion of the app. Such a feature would be very helpful."
"The technical support service has room for improvement."
GitLab is ranked 7th in Application Security Tools with 70 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitLab is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, SonarQube and Sonatype Lifecycle, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and GitHub Advanced Security. See our GitLab vs. Veracode report.
See our list of best Application Security Tools vendors, best Application Security Testing (AST) vendors, and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
