We performed a comparison between GitHub and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has a lot of features from the code development perspective. You get a lot of features such as repo, commit, merge, and branch. You can play around and do things on the fly. It is easy and simple to deploy. It is also easier to use when working from home."
"I find the most valuable collaboration between our peers to be a seamless collaboration between our peers. We can connect and change our code, allowing us to be agile in our projects. Since we're talking about DevOps, we're using Jenkins in our pipeline. It helps speed up the process by automating the DevOps workflow."
"Any complex banking can be handled very easily in GitHub. It allows us to integrate with tools like Grid, where we can merge and resolve conflicts without any hassle."
"The most valuable feature is help offered by the community for open-source projects."
"The code sharing and updated history are valuable features."
"The most important feature of GitHub is the maintainability of the versions of the code."
"The product has a very user-friendly interface and user-friendly security."
"We are finding GitHub is very stable."
"The most valuable feature is the security and vulnerability parts of the solution. It shows medium to high vulnerabilities so we can find them, then upgrade our model before it is too late. It is useful because it automates security. Also, it makes things more efficient. So, there is no need for the security team to scan every time. The application team can update it whenever possible in development."
"It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security."
"Informs me of code security vulnerabilities. Bamboo build automation with Veracode API calls are used."
"The static scan and the detailed reports, which include issue information and permissions, are the most valuable features."
"Good static analysis and dynamic analysis."
"The visibility into application status helps reduce risk exposure for our software. Today, any findings provided by the DAST are reviewed by the developers and we have internal processes in place to correct those findings before there can be a release. So it absolutely does prevent us from releasing weak code."
"It's comprehensive from a feature standpoint."
"It has the ability to scale, and the fact that it doesn't produce a lot of false positives."
"The solution needs some more controls for deleting code."
"There is a bit of a learning curve."
"The support team needs to have a well-defined SLA model since it is an area where the tool currently has some shortcomings."
"There is room for improvement in terms of interface."
"The onboarding process could be simplified."
"The ticketing system is not working."
"There could be more integration into Azure."
"The user interface on GitLab is better."
"The documentation is poor and the technical support isn't helpful."
"I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results."
"One of the most important areas that need improvement for Veracode is its DaaS. Veracode's DAST engines are primitive."
"The technical support service has room for improvement."
"It can take time to find options if you don’t use the interface a lot. At some point, a bit of interface restyling may help."
"Veracode's container scanning could be improved. We containerize all the platforms we use inside a Docker image. For example, we create a Microsoft Docker image that we build our application on top of. I would like Veracode to implement IT scans before we commit the code."
"There should be more control for administrative users so that we can add and delete any functionality or module within the platform. We should not have to reach out to Veracode's customer support every time. We should be able to customize our modules."
"Veracode should provide more flexibility in its pricing and licensing modules so that it could be more affordable for all types of projects and not only for very active mission-critical projects."
GitHub is ranked 12th in Application Security Tools with 74 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub is most compared with Snyk, AWS CodeCommit, Bitbucket, Fortify on Demand and Contrast Security Assess, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our GitHub vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
