We compared Veracode and GitLab across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Initial Setup: Veracode's initial setup is straightforward for some users, while others found it more challenging. Veracode is a cloud-based solution that requires periodic maintenance. The reviews for GitLab suggest that the timeframes for deployment, setup, and implementation can vary greatly among users. Some users spent three months on deployment and an additional week on setup, while others completed both in a week.
Valuable Features: Veracode's valuable features include comprehensive security testing, accurate vulnerability detection, and reliable reporting. GitLab offers seamless integration with other tools, robust version control capabilities, and efficient collaboration and project management functionalities.
Setup Cost: Veracode's setup cost varies depending on the size and specific needs of the organization. Some reviewers find it expensive, while others believe it provides value for the cost. On the other hand, GitLab offers competitive pricing options with reasonable setup costs and straightforward licensing terms.
ROI: Veracode's ROI is difficult to quantify but offers benefits such as security assurance, certifications, and improved code base. GitLab's ROI is positive, with users praising its efficiency, collaboration features, and streamlined workflows.
Customer Service: Veracode's customer service has received mixed reviews, with some customers praising their responsiveness and knowledge, while others have experienced slow response times and delays. In contrast, GitLab's customer service has been highly praised for its promptness, effectiveness, and dedication to ensuring a positive experience.
Based on user reviews, GitLab is the preferred product over Veracode. Users highly praise GitLab's seamless integration with other tools, robust version control capabilities, efficient collaboration and project management functionalities, and comprehensive CI/CD pipeline automation. Additionally, GitLab's customer service and support have been highly praised for their promptness, effectiveness, and dedication. The user feedback also indicates that GitLab offers competitive pricing options with flexible licensing and provides a positive return on investment by optimizing development processes and facilitating efficient collaboration.
"The tool helps to integrate CI/CD pipeline deployments. It is very easy to learn. Its security model is good."
"It's a great toolbox where the CI/CD pipeline is the fundamental component, but there are so many other features that you can pull from, which makes it a very powerful tool. My current client is using AWS, and they can, of course, use AWS CodePipeline, but GitLab is much more mature than that, and it also gives you the freedom to decide to go to another platform or have a multi-cloud strategy and things like that. That freedom for me is also very valuable."
"It speeds up our development, it's faster, safer, and more convenient."
"The user interface is really good so that helps with huge teams who need to collaborate."
"GitLab's best features are maintenance, branch integration, and development infrastructure."
"The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI."
"CI/CD is very good. The version control system is also good. These are the two features that we use."
"It is scalable."
"There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place."
"It has an easy-to-use interface."
"One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable."
"I like Veracode's static scanning and SCA. We use three static scans, software composition analysis, and dynamic scans. We haven't used dynamic scanning as much, but we're trying to integrate that into our environment more."
"I like the static scanning, and Veracode's interface is excellent. The dashboard is easy to navigate."
"It's hard to say that any single feature is the most essential. There are many errors and vulnerabilities in software today in the standard libraries for different vendors because. We don't need to reinvent the wheel every time because we're using standard libraries, and it's important to know that your security isn't compromised because you are using libraries with vulnerabilities."
"Provides consistent evaluation and results without huge fluctuations in false positives or negatives."
"I like the way the flaws are reported in the system."
"Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes."
"We would like to have easier tutorials. Their tutorials are too technical for a user to understand. They should be more detailed but less technical."
"GitLab can improve by integrating with more tools, such as servers with Docker."
"We would like to generate document pages from the sources."
"Atlassian offers more products than GitLab. GitLab offers source control management, version control and collaboration between developers. Atlassian offers features on top of this as well as more integration points for developers."
"The price of GitLab could improve, it is high."
"For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better."
"As a partner, sometimes it's difficult to get support. They have a really complicated procedure for their support."
"I would like Veracode to add more language support."
"It can be a bit complex because it takes a lot of time to have it complete the task."
"I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity."
"The only notable problem we have had is that when new versions of Swift have come out, we have found Veracode tends to be a bit behind in updates to support the new language changes."
"There are times when certain modules cannot be scanned automatically, requiring us to manually select these modules and initiate the scanning process on our side."
"The reports on offer are too verbose."
"I haven't heard about any problems so far. However, it would be great if Veracode automatically packaged stuff up for you."
"A high number of false positives are reported and this should be reduced."
GitLab is ranked 7th in Application Security Tools with 70 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitLab is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Fortify Static Code Analyzer, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and GitHub Advanced Security. See our GitLab vs. Veracode report.
See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.