We performed a comparison between GitHub and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product's initial setup phase is easy but it is always good to connect with GitHub's team that manages APIs."
"The deployment is fast since we just have to run the script, and once it's done, it takes a few minutes."
"There are no issues. It's simple, easy, and fully compatible from my perspective with Git."
"The versioning of the code and the tracking of changes are definitely some of my top features."
"This solution is just easy to use."
"The Projects Tab, which shows you the todo list and the progress for projects, is very helpful."
"The learning curve is small."
"GitHub is convenient and easy to use."
"The solution is a specialist in SAST that you can rely on. Code scanning is fast with current, updated algorithms."
"I can have quick results by just uploading compiled components."
"Informs me of code security vulnerabilities. Bamboo build automation with Veracode API calls are used."
"The static analysis gives you deep insights into problems."
"The product provides guidance to develop secure software."
"The best feature is definitely the detailed reports. It provides code-related queries in the order of high, medium, and low depending on what we need to do. Veracode is user-friendly as well."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
"Tech support is outstanding. Best in class. Absolutely. They bend over backwards to help us. We'll come up with questions and within minutes, we'll get answers. It's amazing. It's truly amazing."
"There is room for improvement in terms of interface."
"The development team pushes the code into a repository, and the CI/CD pipeline will perform the build. We need open-source libraries to perform the builds. It would be helpful to have the ability to link to open-source libraries like npm libraries. I don't know if GitHub Actions provides this. I would like to see that in GitHub Actions if they don't."
"I would want to see some form of code security scanning implemented."
"GitHub uses basic configuration, but messaging is not clear."
"GitHub could add more security features. I am not sure how secure it is. If they provide more security features, then it can be used in more official applications."
"There can be conflict issues when two developers work on the same file or line of code, and it would be great to see that improved, possibly with an AI solution."
"While using the solution when merging two code branches the code becomes a bit messy. This should be improved in the future."
"The initial setup requires heavy documentation which can be challenging for new developers."
"The reporting was detailed, but there were some things that were missing. It showed us on which line an error was found, but it could have been more detailed."
"Veracode's ease of use could be improved. I would also like to see more online videos and tutorials that could help us understand the product better. It would also be helpful if Veracode created a certification program for DevSecOps staff to learn about their product and get certified. This kind of training would raise the company's profile within the industry."
"I do expect large applications with millions of lines of code to take a while, but it would be nice if there was a possibility to be able to have a baseline initial scan. I know that Veracode touts that there are Pipeline Scans that are supposed to take 90 seconds or less, and we've tried to do that ourselves with our ERP application. However, it actually times out after two hours of scanning. If the static scan itself or another option to run a lower tier scan can be integrated earlier on into our SDLC, it would be great. Right now, it takes so long that we usually leave it till a bit later in the cycle, whereas if it ran faster, we could push it to the time when a developer will be checking in code. That would make us feel a lot more confident that we'd be able to catch things almost instantaneously."
"If the dynamic scan is improved, then the speed might go up. That is somehow not happening. We have raised this concern. It might also help if they could time limit scans to 24 hours instead of letting them go for three days. Then, whatever results could be shared, even if the scan is not complete, that would definitely help us."
"The UI is not user-friendly and can be improved."
"I've found that Veracode is not particularly suitable for Dynamic Application Security Testing."
"Another thing I need is continued support for the new languages today that are popular. Most of them are scripting languages more so than real, fourth-generation, commercial grade stuff; we're evolving. Most applications are using so much open-source that, quite frankly, it would be great to see Veracode, or anybody else, extend their platform to where they are able to help secure open-source platforms or repositories."
"We are testing Veracode's software composition analysis, but we're having trouble integrating it with SVN. It works out of the box when you use Git but doesn't work as well with other tools like SVN. It's more geared toward Git"
GitHub is ranked 9th in Application Security Tools with 74 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub is most compared with Snyk, AWS CodeCommit, Fortify on Demand, Bitbucket and Atlassian SourceTree, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our GitHub vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.