We performed a comparison between GitHub and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitHub is convenient and easy to use."
"GitHub is pure or open-source; you can access it anywhere. You can have a lot of collateral information. You can make the changes and do the reviews from one place."
"I use this solution to store my code in a repository so we can manage version control which is useful."
"This product is very good for storing and versioning code."
"GitHub's source code management is top-notch. It's easy to inspect changes and visualize code and differences. Their action system is comprehensive in terms of making changes and automation."
"The most valuable features of GitHub are the ease of integration into Microsoft Azure DevOps. The process that you need to deploy into Microsoft Azure becomes fairly simple and the templates are already available, a lot of the engineers find it easier to use."
"This solution is just easy to use."
"GitHub is the best tool for source repositories."
"The product prevents possible vulnerabilities in our network."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"The vulnerability management feature is a strong one. And also the patch management feature."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"This product is designed for easy scalability and can easily scale up without major challenges."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"We are not able to access GitHub from our VPN."
"This solution could be improved by offering crowd sourced support where we could ask questions to other users."
"I would like a more graphical, user-friendly UI, to avoid writing so much code on cmd."
"I think it would be valuable to have more security. Some of the data is very open to everyone."
"If something has to be moved into approvals, and if they don't approve it in a few hours, then they should move the approval request to some other user, or they should have a way to escalate it."
"They're improving the work items to track the progress of the team, but in my experience, Azure DevOps is better in this functionality. GitHub needs to improve the form to track the progress of the work done by a team."
"We want to incorporate management comments within GitHub, making it more like a product management tool. We haven't done that yet. Another change we're considering is migrating from GitHub to Azure DevOps, especially now that Microsoft has introduced it."
"GitHub uses basic configuration, but messaging is not clear."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"The product's pricing could be better."
"The pricing does not seem to be competitive."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"The software’s pricing could be improved."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
More Qualys Web Application Scanning Pricing and Cost Advice →
GitHub is ranked 9th in Application Security Tools with 74 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. GitHub is rated 8.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". GitHub is most compared with Snyk, AWS CodeCommit, Fortify on Demand, Bitbucket and Sonatype Repository Firewall, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our GitHub vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.