We compared Veracode and GitLab across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Initial Setup: Veracode's initial setup is straightforward for some users, while others found it more challenging. Veracode is a cloud-based solution that requires periodic maintenance. The reviews for GitLab suggest that the timeframes for deployment, setup, and implementation can vary greatly among users. Some users spent three months on deployment and an additional week on setup, while others completed both in a week.
Valuable Features: Veracode's valuable features include comprehensive security testing, accurate vulnerability detection, and reliable reporting. GitLab offers seamless integration with other tools, robust version control capabilities, and efficient collaboration and project management functionalities.
Setup Cost: Veracode's setup cost varies depending on the size and specific needs of the organization. Some reviewers find it expensive, while others believe it provides value for the cost. On the other hand, GitLab offers competitive pricing options with reasonable setup costs and straightforward licensing terms.
ROI: Veracode's ROI is difficult to quantify but offers benefits such as security assurance, certifications, and improved code base. GitLab's ROI is positive, with users praising its efficiency, collaboration features, and streamlined workflows.
Customer Service: Veracode's customer service has received mixed reviews, with some customers praising their responsiveness and knowledge, while others have experienced slow response times and delays. In contrast, GitLab's customer service has been highly praised for its promptness, effectiveness, and dedication to ensuring a positive experience.
Based on user reviews, GitLab is the preferred product over Veracode. Users highly praise GitLab's seamless integration with other tools, robust version control capabilities, efficient collaboration and project management functionalities, and comprehensive CI/CD pipeline automation. Additionally, GitLab's customer service and support have been highly praised for their promptness, effectiveness, and dedication. The user feedback also indicates that GitLab offers competitive pricing options with flexible licensing and provides a positive return on investment by optimizing development processes and facilitating efficient collaboration.
"GitLab offers a good interface for doing code reviews between two colleagues."
"Of all available products, it was the easiest to use and easy to install."
"The solution is stable."
"Git hosting has an integration with ACD which is why we liked this solution in the first place."
"I like GitLab from the CI/CD perspective. It is much easier to set up CI/CD and then integrate with other tools."
"The most valuable features of GitLab are the CI/CD pipeline and code management."
"The code merging capability is something that we use very frequently."
"It is very flexible and easy because you can store data on cloud."
"There are quite a few features that are very reliable, like the newly launched Veracode Pipelines Scan, which is pretty awesome. It supports the synchronous pipeline pretty well. We been using it out of the Jira plugin, and that is fantastic."
"The most valuable feature is the dynamic application security testing."
"It has improved the quality of code being delivered for test and its vulnerability resolutions timeline has improved."
"The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities."
"The most valuable feature of Veracode is the binary scan feature for auditing, which allows us to audit the software without the source code."
"Veracode is very easy to use."
"Regarding Software Composition Analysis, an exceptional feature is that during a SAST scan, SCA is seamlessly conducted in the background."
"Veracode provides faster scans compared to other static analysis security testing tools."
"We would like to generate document pages from the sources."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
"We'd like to see better integration with the Atlassian ecosystem."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"The solution should be more cloud-native and have more cloud-native capabilities and features."
"GitLab's Windows version is yet not available and having this would be an improvement."
"GitLab would be improved with the addition of templates for deployment on local PCs."
"The only areas that I'm concerned with are some of the newer code libraries, things that we're starting to see people dabble with. They move quickly enough to get them into the Analysis Engine, so I wouldn't even say it is a complaint. It is probably the only thing I worry about: Occasionally hitting something that is built in some other obscure development model, where we either can't scan it or can't scan it very well."
"From the usability perspective, it is not up to date with the latest trends. It looks very old. Tools such as Datadog, New Relic, or infrastructure security tools, such as AWS Cloud, seem very user-friendly. They are completely web-based, and you can navigate through them pretty quickly, whereas Veracode is very rigid. It is like an old-school enterprise application. It does the job, but they need to invest a little more on the usability front."
"It's very expensive for a small organization."
"It can take time to find options if you don’t use the interface a lot. At some point, a bit of interface restyling may help."
"Their scanning engine is sometimes a little bit slow. They can improve the scan time."
"Veracode's ability to fix flaws is less sophisticated than that of its competitors."
"The technical support service has room for improvement."
"The dynamic scanning feature works, but it doesn't work properly for some of our applications. It doesn't allow us to skip. They claim that we can do this, but it doesn't work when we're scanning the applications in real-time."
GitLab is ranked 7th in Application Security Tools with 70 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitLab is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Fortify Static Code Analyzer, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and GitHub Advanced Security. See our GitLab vs. Veracode report.
See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.