We performed a comparison between GitHub and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitHub provides good time reduction and this is what I value the most."
"This product allows us to easily collaborate on development tasks with our subcontractors, and control the workflow as the project progresses."
"Our code is secure."
"The most valuable feature of the solution is the version control field."
"The features that I have found most valuable are that it can support you for most of the road map and it can automate some tasks which works really well with collaboration with the teams. They are really interested in how they organize the history of the code itself which is good."
"The initial setup was easy."
"This solution is very easy to use which I like about it. The capacity to own artifacts and share them with others is another good feature. You don't have to write all your code from scratch, you can use available templates and alter the code according to your needs."
"Has great integration with third-party tools."
"The CI/CD integration is the most valuable feature of Veracode."
"I don't have to have a team of developers behind me that keep up with all the latest threats because the subscription service they provide for me does that."
"The platform itself has a lot of AppSec best practices information, especially in the mitigation recommendation process."
"It helps me to detect vulnerabilities."
"Code scanning is the most valuable feature."
"I like Veracode's static scanning and SCA. We use three static scans, software composition analysis, and dynamic scans. We haven't used dynamic scanning as much, but we're trying to integrate that into our environment more."
"The solution's ability to prevent vulnerable code from going into production is perfectly fine. It delivers, at least for the reports that we have been checking on Java and JavaScript. It has reported things that were helpful."
"They also have what's called a Software Composition Analysis that can point out errors and fixes for third-party software frameworks, which is very nice."
"Lacks sufficient support in terms of professional services that could be provided."
"Could be more user friendly."
"The GitHub repository needs an upgraded user interface and overall UI improvements."
"I think it would be valuable to have more security. Some of the data is very open to everyone."
"The GUI design is poor, so I exclusively use the CLI, which is much easier to use and understand. It would be great to see the GUI updated to be more user-friendly."
"The solution should have less integration with the AI part, but it needs to add features with other automation tools so that it can be easily integrated."
"I would like to see more security where a plugin was available for us to update in relation to security."
"There could be more integration into Azure."
"The false positive rates were quite high in our case."
"The user interface could be more sleek. Some scanning requirements aren't flexible. Some features take some time for new users to understand (like what exactly "modules" are)."
"The documentation is poor and the technical support isn't helpful."
"We get some false positives with JavaScript languages like React, TypeScript, and Angular. The problem is rooted in the build process of JavaScript, not the code we are using. This is something we spend lots of time trying to resolve. When we point to a specific library and review that on the code, we can see it is a part of the build that isn't going into production. It's only a part of the build because JavaScript has a different build process."
"Sometimes Veracode gives us results about small glitches in the necessary packages. For example, we recently found issues with Veracode's native libraries for .NET 6 that were fixed in the next versions of those libraries. But sometimes you do not know which version of the library particular components are using. The downside of that is that one day, the solution found some issues in that library for the necessary package we spent. Another day, it found the same issues with another library. It will clearly state that this is the same stuff you've already analyzed. This creates some additional work, but it isn't significant. However, sometimes you see the same issue for two or three days in a row."
"The only notable problem we have had is that when new versions of Swift have come out, we have found Veracode tends to be a bit behind in updates to support the new language changes."
"It could have better integration with our pipeline. If we could have better integration with our application pipeline, e.g., Jira, Bamboo, or Azure DevOps, then that will be very helpful. Right now, it is quite hard to integrate the solution into our existing pipeline."
"One feature I would like would be more selectivity in email alerts. While I like getting these, I would like to be able to be more granular in which ones I receive."
GitHub is ranked 9th in Application Security Tools with 75 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub is most compared with Snyk, AWS CodeCommit, Fortify on Demand, Bitbucket and Atlassian SourceTree, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our GitHub vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.