We performed a comparison between GitHub and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We can make a private repository."
"We've found the technical support to be very helpful."
"It has a lot of features from the code development perspective. You get a lot of features such as repo, commit, merge, and branch. You can play around and do things on the fly. It is easy and simple to deploy. It is also easier to use when working from home."
"The Projects Tab, which shows you the todo list and the progress for projects, is very helpful."
"The most valuable feature is the fact that it's cloud-based, and we don't have to manage an on-premises server to use it."
"I'm able to access any repository that I like, whether it's public or private."
"The flexibility of this solution has been most valuable. It operates on a pay per use basis where you can ramp up or decrease usage."
"Has great integration with third-party tools."
"All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing)."
"I don't have to have a team of developers behind me that keep up with all the latest threats because the subscription service they provide for me does that."
"The coverage of backdoors attacks on security that's the most valuable for my clients."
"We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle."
"This is a great tool for learning about potential vulnerabilities in code."
"Scanning of .war and .jar is key for us."
"It has improved the quality of code being delivered for test and its vulnerability resolutions timeline has improved."
"It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that."
"GitHub could have better integration or capability with other solutions."
"I would like to see integration with Slack such that all of the changes made in GitHub are reflected there."
"We are not able to access GitHub from our VPN."
"I would want to see some form of code security scanning implemented."
"The initial setup requires heavy documentation which can be challenging for new developers."
"Scalability is an area with a shortcoming, because of which it has room for improvement."
"GitHub could improve by being more user-friendly."
"The development team pushes the code into a repository, and the CI/CD pipeline will perform the build. We need open-source libraries to perform the builds. It would be helpful to have the ability to link to open-source libraries like npm libraries. I don't know if GitHub Actions provides this. I would like to see that in GitHub Actions if they don't."
"There is room for improvement in documentation."
"The scans were sometimes not accurate in version 2022. There were some false positives in the vulnerability reports. We used to get false positives, and we were responsible for checking all of the alerts and determining whether they were true positives or false positives. They might have already improved it. If they have not, they can look into how to mitigate false positives."
"The Greenlight product that integrates into the IDE is not available for PHP, which is our primary language."
"There were some additional manual steps or work involved that we should not have needed to do."
"Because our application is large, it takes a long time to upload and scan."
"There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long."
"I would like Veracode to add more language support."
"Reporting. Some of the reporting features of Veracode do need improvement. They do not have the most robust access to data. That would be a bit more beneficial to a lot of our clients as well as our actual in-house staff. I've been talking to our program management at Veracode about that, and that is actually on their radar to have that improved, I think actually this year."
GitHub is ranked 10th in Application Security Tools with 64 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub is most compared with Snyk, AWS CodeCommit, Atlassian SourceTree and Bitbucket, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our GitHub vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.