GitHub vs HCL AppScan comparison

GitHub and HCLSoftware are both solutions in the Application Security Tools category. GitHub is ranked #6 with an average rating of 8.9, while HCLSoftware is ranked #14 with an average rating of 7.9. GitHub holds a 0.8% mindshare in AS, compared to HCLSoftware ’s 2.6% mindshare. Additionally, 100% of GitHub users are willing to recommend the solution, compared to 83% of HCLSoftware users who would recommend it.

GitHub

Read 93 GitHub reviews

2,518 Views
1,112 Comparison Views

100% willing to recommend

HCL AppScan

Read 43 HCL AppScan reviews

3,792 Views
2,867 Comparison Views

83% willing to recommend

GitHub

HCL AppScan

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 5, 2025

HCL AppScan and GitHub are prominent players in the software development and security domain. While HCL AppScan specializes in dynamic scanning and security, GitHub excels in source code management and collaboration, making it the stronger option for development teams due to its seamless tool integration and user-friendly features.

Features: HCL AppScan is known for its dynamic scanning capabilities, ease of use, and scalability, making it a good fit for rigorous security checks. GitHub shines in source code management and collaboration features, offering robust integration with tools like Jenkins and Azure, providing advanced security measures and ease of version control.

Room for Improvement: HCL AppScan users often cite integration difficulties, outdated design, and performance issues such as false positives. GitHub could improve its handling of large file operations and enhance its integration with project management tools, with a modernized UI and added functionalities for security scanning also desirable.

Ease of Deployment and Customer Service: HCL AppScan is traditionally suited for on-premises deployment with slower cloud adaptation, as opposed to GitHub which supports flexible deployment in public and hybrid cloud settings. GitHub generally receives positive reviews for its customer support and community resources, whereas HCL AppScan has mixed reviews for its support.

Pricing and ROI: HCL AppScan is often seen as costly, justified by its comprehensive features, but price remains a barrier for some. GitHub, on the other hand, offers a cost-effective model with free options, especially for public repositories, making it more accessible, though HCL's expense is justifiable with substantial investment returns in security.

To learn more, read our detailed GitHub vs. HCL AppScan Report (Updated: March 2025).

Buyer's Guide

GitHub vs. HCL AppScan

March 2025

Download the complete report

Helped 845,406 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

GitHub

Ranking in Application Security Tools

6th

Average Rating

8.8

Reviews Sentiment

7.5

Number of Reviews

Ranking in other categories

Version Control (3rd)

HCL AppScan

Ranking in Application Security Tools

14th

Average Rating

7.8

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (10th), Dynamic Application Security Testing (DAST) (1st)

Mindshare comparison

As of April 2025, in the Application Security Tools category, the mindshare of GitHub is 0.8%, down from 1.1% compared to the previous year. The mindshare of HCL AppScan is 2.6%, down from 2.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Featured Reviews

Pervez Roy

Solutions Architect at Small Systems LTD

Very good for collaboration on software projects

We use GitHub for code repository alongside Bitbucket GitHub is very good for collaboration on software projects. We prefer Bitbucket for commercial use, while GitHub is used for open source. You can get the differences, history of changes, and version control for various pull requests. You can…

Read full review

Rishi Anupam

Senior Manager at Airtel

A stable and scalable scanning solution with good reporting feature

The solution is used for the vulnerabilities scan on the network side The reporting part is the most valuable feature. The penetration testing feature should be included. I have been using the solution for four years. It is a stable solution. I rate it seven out of ten. It is a scalable…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"You can write the code with AI. But when it comes to implementation, you must upgrade the bits of code that will support this and generate solutions based on that architecture. Then, you need comparable code bits. Therefore, AI can propose how much a specific function can be better optimized. So, AI can help stakeholders reach tasks quicker."

"I find GitHub's pull request strategies and GitHub Actions to be very valuable."

"The code versioning is excellent, and having a detailed log, including every change made to the code by every developer, is invaluable. It makes it so that if there is a bug or problem in the product channel, we can find exactly where it happened and how to fix it."

"GitHub is a fundamental tool in the software industry."

"The solution provides good customization and support."

"The flexibility of this solution has been most valuable. It operates on a pay per use basis where you can ramp up or decrease usage."

"I like the CI/CD features."

"The control is the most valuable feature as developers can work on a single code."

More GitHub pros

"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."

"It provides a better integration for our ecosystem."

"There's extensive functionality with custom rules and a custom knowledge base."

"Technical support is helpful."

"The reporting part is the most valuable feature."

"This solution saves us time due to the low number of false positives detected."

"We use it as a security testing application."

"AppScan is stable."

More HCL AppScan pros

Cons

"It would be useful to have tutorial videos within the GitHub dashboard."

"The development team pushes the code into a repository, and the CI/CD pipeline will perform the build. We need open-source libraries to perform the builds. It would be helpful to have the ability to link to open-source libraries like npm libraries. I don't know if GitHub Actions provides this. I would like to see that in GitHub Actions if they don't."

"GitHub storage is one of the main requirements and it could improve."

"It would be beneficial if GitHub provided some security scanning for new libraries to ensure that there are no viruses in it."

"There is a bit of a learning curve."

"One area for improvement in GitHub could be integration with other tools, such as test management or project management tools."

"There is room for improvement in terms of interface."

"The GitHub repository needs an upgraded user interface and overall UI improvements."

More GitHub cons

"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."

"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."

"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."

"We would like to integrate with some of the other reporting tools that we're planning to use in the future."

"There are so many lines of code with so many different categories that I am likely to get lost. "

"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."

"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."

"Scans become slow on large websites."

More HCL AppScan cons

Pricing and Cost Advice

"Regarding pricing, I'd rate it eight out of ten. It's decent and not too expensive, and small businesses can also afford it. With AWS taking CodeCommit out of the market, I don't see many competitors for small companies in terms of GitHub."

"I use the free version of GitHub."

"GitHub is an open-source product, but when using the free-to-use version, anyone can see the code we're working on."

"The tool offers a free program. As you go, you can upgrade from the community version to the professional one. I believe it costs about ten dollars per person, per month."

"We pay a subscription-based yearly licensing fee for the solution."

"There are no licensing fees for the features that we use."

"GitHub is a cost-effective solution."

"GitHub is an open-source application. It's free to use."

More GitHub pricing and cost advice

"The product has premium pricing and could be more competitive."

"The product is moderately priced, though it's an investment due to extensive code analysis needs."

"The solution is cheap."

"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."

"HCL AppScan is expensive."

"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."

"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."

"Our clients are willing to pay the extra money. It is expensive."

More HCL AppScan pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

845,406 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

13%

Manufacturing Company

12%

Computer Software Company

11%

University

Computer Software Company

19%

Financial Services Firm

14%

Government

11%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about GitHub?

The control is the most valuable feature as developers can work on a single code.

See all answers

What is your experience regarding pricing and costs for GitHub?

The pricing of GitHub depends on the choice of solutions, such as building one's own GitHub Runners to save money or using GitHub's Runners with extra costs. The pricing is considered reasonable an...

See all answers

What needs improvement with GitHub?

There are still areas for improvement with GitHub Actions and their deployment workflows, as they have made significant progress but are not yet polished. Occasionally, stability can be an issue, t...

See all answers

What do you like most about HCL AppScan?

The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.

See all answers

What needs improvement with HCL AppScan?

AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...

See all answers

What is your primary use case for HCL AppScan?

The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...

See all answers

Comparisons

Bitbucket vs GitHub

Compared 17% of the time

Fortify on Demand vs GitHub

Compared 15% of the time

Snyk vs GitHub

Compared 12% of the time

AWS CodeCommit vs GitHub

Compared 11% of the time

Checkmarx One vs GitHub

Compared 9% of the time

More GitHub Competitors

Acunetix vs HCL AppScan

Compared 15% of the time

SonarQube Server (formerly SonarQube) vs HCL AppScan

Compared 12% of the time

Veracode vs HCL AppScan

Compared 10% of the time

Fortify on Demand vs HCL AppScan

Compared 8% of the time

OWASP Zap vs HCL AppScan

Compared 8% of the time

More HCL AppScan Competitors

Product Reports

Buyer's Guide

GitHub

March 2025

Download GitHub product report

Buyer's Guide

HCL AppScan

March 2025

Download HCL AppScan product report

Also Known As

No data available

IBM Security AppScan, Rational AppScan, AppScan

Overview

GitHub is a web-based Git repository hosting service. It offers all of the distributed revision control and source code management (SCM) functionality of Git as well as adding its own features. Unlike Git, which is strictly a command-line tool, GitHub provides a Web-based graphical interface and desktop as well as mobile integration. It also provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project.

GitHub

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

HCLSoftware

Sample Customers

Dominion Enterprises, NASA, Braintree, SAP, CyberAgent

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT

Buyer's Guide

GitHub vs. HCL AppScan

March 2025

Free Report: GitHub vs. HCL AppScan

Find out what your peers are saying about GitHub vs. HCL AppScan and other solutions. Updated: March 2025.

DOWNLOAD NOW

845,406 professionals have used our research since 2012.

See our GitHub vs. HCL AppScan report.

See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.