We compared Veracode and GitLab across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Initial Setup: Veracode's initial setup is straightforward for some users, while others found it more challenging. Veracode is a cloud-based solution that requires periodic maintenance. The reviews for GitLab suggest that the timeframes for deployment, setup, and implementation can vary greatly among users. Some users spent three months on deployment and an additional week on setup, while others completed both in a week.
Valuable Features: Veracode's valuable features include comprehensive security testing, accurate vulnerability detection, and reliable reporting. GitLab offers seamless integration with other tools, robust version control capabilities, and efficient collaboration and project management functionalities.
Setup Cost: Veracode's setup cost varies depending on the size and specific needs of the organization. Some reviewers find it expensive, while others believe it provides value for the cost. On the other hand, GitLab offers competitive pricing options with reasonable setup costs and straightforward licensing terms.
ROI: Veracode's ROI is difficult to quantify but offers benefits such as security assurance, certifications, and improved code base. GitLab's ROI is positive, with users praising its efficiency, collaboration features, and streamlined workflows.
Customer Service: Veracode's customer service has received mixed reviews, with some customers praising their responsiveness and knowledge, while others have experienced slow response times and delays. In contrast, GitLab's customer service has been highly praised for its promptness, effectiveness, and dedication to ensuring a positive experience.
Based on user reviews, GitLab is the preferred product over Veracode. Users highly praise GitLab's seamless integration with other tools, robust version control capabilities, efficient collaboration and project management functionalities, and comprehensive CI/CD pipeline automation. Additionally, GitLab's customer service and support have been highly praised for their promptness, effectiveness, and dedication. The user feedback also indicates that GitLab offers competitive pricing options with flexible licensing and provides a positive return on investment by optimizing development processes and facilitating efficient collaboration.
"The merging feature makes it easy later on for the deployment."
"I have found the most valuable feature is security control. I also like the branching and cloning software."
"GitLab offers a good interface for doing code reviews between two colleagues."
"The user interface is really good so that helps with huge teams who need to collaborate."
"The tool helps to integrate CI/CD pipeline deployments. It is very easy to learn. Its security model is good."
"I like that you can use GitLab as a double-sided solution for both DevOps and version management. It's a good product for working in these two areas, and the user interface makes it easy to understand."
"For us, Gitlab's most valuable feature is the integration with Cypress. We're using Cypress as an automation tool, so we're using GitLab as a tool for running in parallel."
"GitLab is kind of an image of GitHub, so it gives us the flexibility to monitor our changes in the repos."
"The most valuable feature is the dynamic application security testing."
"What's important for me, from Veracode, is the all-in-one metrics location. I can see where everything is across the entire portfolio of applications I have in this program, and I can report out on it."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
"Vericode's policy reporting for ensuring compliance with industry standards and regulations is great. I"
"I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities."
"Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers."
"Because it is a SaaS offering, I do not have to support the infrastructure."
"The solution's ability to help create secure software is very valuable. We're a zero-trust networking company so we want to have the ability to say that we're practicing security seriously. Having something like Veracode allows us to have confidence when we're speaking to people about our product that we can back up what we're doing with a certification, with a reputable platform, and say, "This is what we're using to scan an application. Here's the number of vulnerabilities that are on an application. And here's the risk that we're accepting.""
"The price of GitLab could improve, it is high."
"GitLab could consider introducing a code-scanning tool. Purchasing such tools from external markets can incur charges, which might not be favorable. Integrating these features into GitLab would streamline the pipeline and make it more convenient for users."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"The user interface could be more user-friendly. We do most of our operations through the website interface but it could be better."
"For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better."
"There was a problem with the build environment when we were looking at developing iOS applications. iOS build require Mac machines and there are no Mac machines provided by GitLab in their cloud. So to build for mobile iOS application, we needed to use our own Mac machine within our own infrastructure. If GitLab were to provide a feature such that an iOS application could also be built through GitLab directly, that would be great."
"The integration and storage capabilities could be better."
"The tool should include a feature that helps to edit the code directly."
"The scanning could be a little faster. The process around three or four minutes, but it would help if it could be further reduced."
"It's very expensive for a small organization."
"The scanning process for records could be faster and there is room for improvement in Veracode's performance."
"The solution could improve the Dynamic Analysis Security Testing(DAST)."
"The JIRA integration automation aspect of it could be improved significantly. We want to have a way to create tickets that are going to allow people to work through those flaws that we're finding. We don't want people to feel like they're missing out on something or that they're not following directions in the right way."
"I would like Veracode to add more language support."
"Veracode has a few shortcomings in terms of how they handle certain components of the UI. For example, in the case of the false positive, it would be highly desirable if the false positive don't show up again on the UI, instead still showing up for any subsequent scan as a false positive. There is a little bit of cluttering that could be avoided."
"The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified."
GitLab is ranked 7th in Application Security Tools with 70 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitLab is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Fortify Static Code Analyzer, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and GitHub Advanced Security. See our GitLab vs. Veracode report.
See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.