• Home
  • GitHub vs. Veracode

GitHub vs Veracode comparison

Cancel
You must select at least 2 products to compare!
GitHub Logo

GitHub

Read 64 GitHub reviews
2,116 views|910 comparisons
100% willing to recommend
Veracode Logo

Veracode

Read 194 Veracode reviews
26,359 views|17,613 comparisons
89% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
GitHub vs. Veracode
March 2024
Executive Summary

We performed a comparison between GitHub and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed GitHub vs. Veracode Report (Updated: March 2024).
Download the complete report
768,886 professionals have used our research since 2012.
Featured Review
RiteshKapse
Beneficial version control and continuous integration, but guides would be helpful
In my case, I prefer to keep my repositories public, especially for small-scale organizations that don't require a high level of privacy. I find it... Read more →
Evan Gertis
Enables us to provide a certificate showing stakeholders and potential customers the proof that we take security...
My case is different from other individuals. I worked for a startup, so we had to find a way to capitalize on all the resources in Veracode. Larger... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We can make a private repository.""We've found the technical support to be very helpful.""It has a lot of features from the code development perspective. You get a lot of features such as repo, commit, merge, and branch. You can play around and do things on the fly. It is easy and simple to deploy. It is also easier to use when working from home.""The Projects Tab, which shows you the todo list and the progress for projects, is very helpful.""The most valuable feature is the fact that it's cloud-based, and we don't have to manage an on-premises server to use it.""I'm able to access any repository that I like, whether it's public or private.""The flexibility of this solution has been most valuable. It operates on a pay per use basis where you can ramp up or decrease usage.""Has great integration with third-party tools."

More GitHub Pros →

"All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing).""I don't have to have a team of developers behind me that keep up with all the latest threats because the subscription service they provide for me does that.""The coverage of backdoors attacks on security that's the most valuable for my clients.""We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle.""This is a great tool for learning about potential vulnerabilities in code.""Scanning of .war and .jar is key for us.""It has improved the quality of code being delivered for test and its vulnerability resolutions timeline has improved.""It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that."

More Veracode Pros →

Cons
"GitHub could have better integration or capability with other solutions.""I would like to see integration with Slack such that all of the changes made in GitHub are reflected there.""We are not able to access GitHub from our VPN.""I would want to see some form of code security scanning implemented.""The initial setup requires heavy documentation which can be challenging for new developers.""Scalability is an area with a shortcoming, because of which it has room for improvement.""GitHub could improve by being more user-friendly.""The development team pushes the code into a repository, and the CI/CD pipeline will perform the build. We need open-source libraries to perform the builds. It would be helpful to have the ability to link to open-source libraries like npm libraries. I don't know if GitHub Actions provides this. I would like to see that in GitHub Actions if they don't."

More GitHub Cons →

"There is room for improvement in documentation.""The scans were sometimes not accurate in version 2022. There were some false positives in the vulnerability reports. We used to get false positives, and we were responsible for checking all of the alerts and determining whether they were true positives or false positives. They might have already improved it. If they have not, they can look into how to mitigate false positives.""The Greenlight product that integrates into the IDE is not available for PHP, which is our primary language.""There were some additional manual steps or work involved that we should not have needed to do.""Because our application is large, it takes a long time to upload and scan.""There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long.""I would like Veracode to add more language support.""Reporting. Some of the reporting features of Veracode do need improvement. They do not have the most robust access to data. That would be a bit more beneficial to a lot of our clients as well as our actual in-house staff. I've been talking to our program management at Veracode about that, and that is actually on their radar to have that improved, I think actually this year."

More Veracode Cons →

Pricing and Cost Advice
  • "The private repositories are free, which is very good."
  • "It is open-source. There is no license for GitHub."
  • "The price of this solution is reasonable."
  • "If there are only 10 people using a particular repository, then GitHub is free. But if we increase the number of users, we need to pay the normal charge for GitHub."
  • "We have an enterprise licensing agreement, and I am not part of the finance department so I can't say how much it costs."
  • "I haven't had to pay anything for GitHub, I use the free version."
  • "The licensing model for GitHub is user-based. Whenever the new developer joins we have to get a new license and register their ID. The overall price of the solution is reasonable."
  • "The licensing model from GitHub is very clear."

    • More GitHub Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    768,886 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about GitHub?
    Top Answer: The control is the most valuable feature as developers can work on a single code.
    Read all 35 answers   →
    What is your experience regarding pricing and costs for GitHub?
    Top Answer:You don't have to pay for a license if you are using the free version. It gives you all the possible features it has.
    Read all 22 answers   →
    What needs improvement with GitHub?
    Top Answer:The initial setup requires heavy documentation which can be challenging for new developers.
    Read all 35 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    10th
    out of 74 in Application Security Tools
    Views
    2,116
    Comparisons
    910
    Reviews
    51
    Average Words per Review
    330
    Rating
    8.6
    2nd
    out of 74 in Application Security Tools
    Views
    26,359
    Comparisons
    17,613
    Reviews
    99
    Average Words per Review
    970
    Rating
    8.1
    Comparisons
    Snyk logo
    Snyk vs. GitHub
    Compared 26% of the time.
    AWS CodeCommit logo
    AWS CodeCommit vs. GitHub
    Compared 13% of the time.
    Atlassian SourceTree logo
    Atlassian SourceTree vs. GitHub
    Compared 12% of the time.
    Bitbucket logo
    Bitbucket vs. GitHub
    Compared 12% of the time.
    More GitHub Competitors   →
    SonarQube logo
    SonarQube vs. Veracode
    Compared 27% of the time.
    Checkmarx One logo
    Checkmarx One vs. Veracode
    Compared 14% of the time.
    Snyk logo
    Snyk vs. Veracode
    Compared 6% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Veracode
    Compared 6% of the time.
    OWASP Zap logo
    OWASP Zap vs. Veracode
    Compared 4% of the time.
    More Veracode Competitors   →
    Also Known As
    Crashtest Security , Veracode Detect
    Learn More
    GitHub
    Veracode
    Overview
    GitHub is a web-based Git repository hosting service. It offers all of the distributed revision control and source code management (SCM) functionality of Git as well as adding its own features. Unlike Git, which is strictly a command-line tool, GitHub provides a Web-based graphical interface and desktop as well as mobile integration. It also provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project.

    Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

    Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

    Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

    Here are some of the benefits of using Veracode:

    • Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
    • Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application. 
    • Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.
    Sample Customers
    Dominion Enterprises, NASA, Braintree, SAP, CyberAgent
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    REVIEWERS
    Computer Software Company22%
    Financial Services Firm14%
    Government11%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company13%
    Manufacturing Company11%
    Financial Services Firm11%
    Government8%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise9%
    Large Enterprise53%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise66%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    GitHub vs. Veracode
    March 2024
    Free Report: GitHub vs. Veracode
    Find out what your peers are saying about GitHub vs. Veracode and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,886 professionals have used our research since 2012.

    GitHub is ranked 10th in Application Security Tools with 64 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub is most compared with Snyk, AWS CodeCommit, Atlassian SourceTree and Bitbucket, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our GitHub vs. Veracode report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.