We performed a comparison between GitHub Advanced Security and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable is the developer experience and the extensibility of the overall ecosystem."
"The product's most valuable features are security scan, dependency scan, and cost-effectiveness."
"GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need."
"Dependency scanning is a valuable feature."
"It ensures user passwords or sensitive information are not accidentally exposed in code or reports."
"It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part."
"We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing."
"The most important features, I would say, are the scanning abilities and the remediation abilities within the product. Scanning because, obviously, we want to make sure that our application code is flaw-free. And the remediation tools are helpful to the developers to help them track and manage their flaws."
"I contacted the solution's technical support during the automation part, and it went well, after which I never faced any issues."
"One thing that I like about Veracode is that it is quite a good tool for dynamic application testing."
"Veracode enables us to build a strong data security layer in our platforms. We can increase customer confidence in data security. Some PCI/HIPAA compliance issues were impossible to resolve without Veracode."
"Developer Sandboxes help move scanning earlier within the SDLC."
"Wide range of platforms and technology assessments."
"Code scanning is the most valuable feature."
"The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective."
"The report limitations are the main issue."
"There could be DST features included in the product."
"There could be a centralized dashboard to view reports of all the projects on one platform."
"The customizations are a little bit difficult."
"A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial."
"Some features could be improved in terms of user-friendliness."
"False positives are a problem. Sometimes the flow paths are not accurate and don't represent real attack vectors, but this happens with every application that performs static analysis of the code. But it's under control. The number of false positives is not so high that it is unmanageable on our side."
"It should include more informational, low level, vulnerability summaries and groupings. Large related groups of low level vulnerabilities may amount to a design flaw or another avenue for attack."
"A high number of false positives are reported and this should be reduced."
"I would like Veracode to add more language support."
"The reports on offer are too verbose."
"Scanning progress is highly dependent on the speed of the Internet."
"The GUI requires significant simplification, as its current complexity creates a steep learning curve for new users."
GitHub Advanced Security is ranked 16th in Application Security Tools with 6 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub Advanced Security is rated 9.0, while Veracode is rated 8.2. The top reviewer of GitHub Advanced Security writes "A tool that provides ease of integration with the set of existing codes in an infrastructure". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub Advanced Security is most compared with SonarQube, Snyk, Fortify on Demand, Checkmarx One and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and HCL AppScan. See our GitHub Advanced Security vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.