We performed a comparison between GitHub and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best feature is the ability to track the history of all code changes, and it's easy to use. Additionally, as it's open source, anyone can use that feature resulting in distributed development. This opens the door to collaboration with different code and developer, feature, and master branches of development."
"The most valuable aspects of GitHub are version control and parallel development. I also appreciate the forking part, which allows us to release a specific set of features to the environment."
"I find the most valuable collaboration between our peers to be a seamless collaboration between our peers. We can connect and change our code, allowing us to be agile in our projects. Since we're talking about DevOps, we're using Jenkins in our pipeline. It helps speed up the process by automating the DevOps workflow."
"The version control functionality for this solution has been most valuable, especially when managing projects with multiple versions."
"The product's initial setup phase is easy but it is always good to connect with GitHub's team that manages APIs."
"I have found GitHub stable."
"GitHub is pure or open-source; you can access it anywhere. You can have a lot of collateral information. You can make the changes and do the reviews from one place."
"GitHub allows us the option to push files from a non-UA method or directly upload files from the UA. You can integrate GitHub with Jenkins to do CI/CD."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"It works with many different products."
"The vulnerability management feature is a strong one. And also the patch management feature."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"They're improving the work items to track the progress of the team, but in my experience, Azure DevOps is better in this functionality. GitHub needs to improve the form to track the progress of the work done by a team."
"This solution could be improved by offering crowd sourced support where we could ask questions to other users."
"The onboarding process could be simplified."
"The UI is a little outdated, so that could be improved."
"Though I haven't done much research, GitHub lacks in providing more functions like GitLab."
"The initial setup and implementation could be easier, I had some difficulties with it at first but I don't have a development background."
"It would be beneficial if GitHub provided some security scanning for new libraries to ensure that there are no viruses in it."
"The storage for this solution could be improved."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The software’s pricing could be improved."
"The product should allow users to upload their payloads."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"They should try to include business logic vulnerabilities in the scanner testing."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
More Qualys Web Application Scanning Pricing and Cost Advice →
GitHub is ranked 12th in Application Security Tools with 74 reviews while Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews. GitHub is rated 8.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". GitHub is most compared with Snyk, AWS CodeCommit, Bitbucket, Fortify on Demand and Surround SCM, whereas Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, Veracode, PortSwigger Burp Suite Professional and Fortify WebInspect. See our GitHub vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.