• Home
  • GitHub vs. Veracode

GitHub vs Veracode comparison

Cancel
You must select at least 2 products to compare!
GitHub Logo
GitHub
Read 75 GitHub reviews
2,341 views|966 comparisons
100% willing to recommend
Veracode Logo
Veracode
Read 194 Veracode reviews
24,547 views|16,538 comparisons
90% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
GitHub vs. Veracode
May 2024
Executive Summary

We performed a comparison between GitHub and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed GitHub vs. Veracode Report (Updated: May 2024).
Download the complete report
787,033 professionals have used our research since 2012.
Featured Review
Adalberto Barbosa Da Costa Lobato
Highly stable and scalable solution
We stopped the development code on our machines, and we moved everything to GitHub. So, everyone is working on the latest code no matter what we do.
ShubhamSharma5
A very good tool for dynamic application testing, but its price is a little high
We have had challenges with security because developers come from different organizations and different backgrounds. They have different ways of... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"GitHub provides good time reduction and this is what I value the most.""This product allows us to easily collaborate on development tasks with our subcontractors, and control the workflow as the project progresses.""Our code is secure.""The most valuable feature of the solution is the version control field.""The features that I have found most valuable are that it can support you for most of the road map and it can automate some tasks which works really well with collaboration with the teams. They are really interested in how they organize the history of the code itself which is good.""The initial setup was easy.""This solution is very easy to use which I like about it. The capacity to own artifacts and share them with others is another good feature. You don't have to write all your code from scratch, you can use available templates and alter the code according to your needs.""Has great integration with third-party tools."

More GitHub Pros →

"The CI/CD integration is the most valuable feature of Veracode.""I don't have to have a team of developers behind me that keep up with all the latest threats because the subscription service they provide for me does that.""The platform itself has a lot of AppSec best practices information, especially in the mitigation recommendation process.""It helps me to detect vulnerabilities.""Code scanning is the most valuable feature.""I like Veracode's static scanning and SCA. We use three static scans, software composition analysis, and dynamic scans. We haven't used dynamic scanning as much, but we're trying to integrate that into our environment more.""The solution's ability to prevent vulnerable code from going into production is perfectly fine. It delivers, at least for the reports that we have been checking on Java and JavaScript. It has reported things that were helpful.""They also have what's called a Software Composition Analysis that can point out errors and fixes for third-party software frameworks, which is very nice."

More Veracode Pros →

Cons
"Lacks sufficient support in terms of professional services that could be provided.""Could be more user friendly.""The GitHub repository needs an upgraded user interface and overall UI improvements.""I think it would be valuable to have more security. Some of the data is very open to everyone.""The GUI design is poor, so I exclusively use the CLI, which is much easier to use and understand. It would be great to see the GUI updated to be more user-friendly.""The solution should have less integration with the AI part, but it needs to add features with other automation tools so that it can be easily integrated.""I would like to see more security where a plugin was available for us to update in relation to security.""There could be more integration into Azure."

More GitHub Cons →

"The false positive rates were quite high in our case.""The user interface could be more sleek. Some scanning requirements aren't flexible. Some features take some time for new users to understand (like what exactly "modules" are).""The documentation is poor and the technical support isn't helpful.""We get some false positives with JavaScript languages like React, TypeScript, and Angular. The problem is rooted in the build process of JavaScript, not the code we are using. This is something we spend lots of time trying to resolve. When we point to a specific library and review that on the code, we can see it is a part of the build that isn't going into production. It's only a part of the build because JavaScript has a different build process.""Sometimes Veracode gives us results about small glitches in the necessary packages. For example, we recently found issues with Veracode's native libraries for .NET 6 that were fixed in the next versions of those libraries. But sometimes you do not know which version of the library particular components are using. The downside of that is that one day, the solution found some issues in that library for the necessary package we spent. Another day, it found the same issues with another library. It will clearly state that this is the same stuff you've already analyzed. This creates some additional work, but it isn't significant. However, sometimes you see the same issue for two or three days in a row.""The only notable problem we have had is that when new versions of Swift have come out, we have found Veracode tends to be a bit behind in updates to support the new language changes.""It could have better integration with our pipeline. If we could have better integration with our application pipeline, e.g., Jira, Bamboo, or Azure DevOps, then that will be very helpful. Right now, it is quite hard to integrate the solution into our existing pipeline.""One feature I would like would be more selectivity in email alerts. While I like getting these, I would like to be able to be more granular in which ones I receive."

More Veracode Cons →

Pricing and Cost Advice
  • "The private repositories are free, which is very good."
  • "It is open-source. There is no license for GitHub."
  • "The price of this solution is reasonable."
  • "If there are only 10 people using a particular repository, then GitHub is free. But if we increase the number of users, we need to pay the normal charge for GitHub."
  • "We have an enterprise licensing agreement, and I am not part of the finance department so I can't say how much it costs."
  • "I haven't had to pay anything for GitHub, I use the free version."
  • "The licensing model for GitHub is user-based. Whenever the new developer joins we have to get a new license and register their ID. The overall price of the solution is reasonable."
  • "The licensing model from GitHub is very clear."

    • More GitHub Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    787,033 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about GitHub?
    Top Answer: The control is the most valuable feature as developers can work on a single code.
    Read all 35 answers   →
    What is your experience regarding pricing and costs for GitHub?
    Top Answer:We pay a subscription-based yearly licensing fee for the solution. If you buy extra support, you pay an additional cost.
    Read all 26 answers   →
    What needs improvement with GitHub?
    Top Answer:The solution's cost is high and should be reduced. Our company has a bundle product. Sometimes, people from outside our organization also need to collaborate with our code, and we need to integrate… more »
    Read all 40 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    9th
    out of 75 in Application Security Tools
    Views
    2,341
    Comparisons
    966
    Reviews
    56
    Average Words per Review
    359
    Rating
    8.6
    2nd
    out of 75 in Application Security Tools
    Views
    24,547
    Comparisons
    16,538
    Reviews
    94
    Average Words per Review
    989
    Rating
    8.1
    Comparisons
    Snyk logo
    Snyk vs. GitHub
    Compared 28% of the time.
    AWS CodeCommit logo
    AWS CodeCommit vs. GitHub
    Compared 12% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. GitHub
    Compared 12% of the time.
    Bitbucket logo
    Bitbucket vs. GitHub
    Compared 11% of the time.
    Atlassian SourceTree logo
    Atlassian SourceTree vs. GitHub
    Compared 10% of the time.
    More GitHub Competitors   →
    SonarQube logo
    SonarQube vs. Veracode
    Compared 26% of the time.
    Checkmarx One logo
    Checkmarx One vs. Veracode
    Compared 14% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Veracode
    Compared 7% of the time.
    Snyk logo
    Snyk vs. Veracode
    Compared 6% of the time.
    More Veracode Competitors   →
    Also Known As
    Crashtest Security , Veracode Detect
    Learn More
    GitHub
    Veracode
    Overview
    GitHub is a web-based Git repository hosting service. It offers all of the distributed revision control and source code management (SCM) functionality of Git as well as adding its own features. Unlike Git, which is strictly a command-line tool, GitHub provides a Web-based graphical interface and desktop as well as mobile integration. It also provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project.

    Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

    Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

    Sample Customers
    Dominion Enterprises, NASA, Braintree, SAP, CyberAgent
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    REVIEWERS
    Computer Software Company20%
    Financial Services Firm18%
    Government9%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Computer Software Company13%
    Manufacturing Company11%
    Financial Services Firm11%
    Government7%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    REVIEWERS
    Small Business43%
    Midsize Enterprise9%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise13%
    Large Enterprise65%
    REVIEWERS
    Small Business31%
    Midsize Enterprise19%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise14%
    Large Enterprise69%
    Buyer's Guide
    GitHub vs. Veracode
    May 2024
    Free Report: GitHub vs. Veracode
    Find out what your peers are saying about GitHub vs. Veracode and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    787,033 professionals have used our research since 2012.

    GitHub is ranked 9th in Application Security Tools with 75 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub is most compared with Snyk, AWS CodeCommit, Fortify on Demand, Bitbucket and Atlassian SourceTree, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our GitHub vs. Veracode report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.