Veracode and GitHub compete in the software development lifecycle space, focusing on security and collaboration. Veracode appears to have the upper hand in security features, while GitHub shines in collaboration and source code management.
Features: Veracode offers robust security analysis through static and dynamic analysis, code composition analysis, and supports various programming environments. Its integration into the development lifecycle aids in early vulnerability remediation and provides scalable scanning options with detailed reporting. GitHub excels in source code management and collaboration, offering an open-source platform with strong community support and extensive integration with DevOps tools, enhancing workflow efficiency.
Room for Improvement: Veracode faces challenges with false positives, necessitating improvements in API integration, dynamic scanning, and language support. GitHub requires enhanced security features, better integration with third-party tools, and UI/UX improvements for smoother user experiences.
Ease of Deployment and Customer Service: Veracode is effective in private, hybrid, and public clouds but may require dedicated support due to integration complexity, though its support is responsive. GitHub offers seamless global deployment and benefits from broad community support, although official support varies in responsiveness.
Pricing and ROI: Veracode's pricing is high, suitable for larger enterprises, offering ROI through security enhancements. Users justify the cost due to its comprehensive features. GitHub's pricing is more affordable, especially beneficial for smaller teams, offering value with its free version, though some find enterprise pricing less competitive.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
The technical support from GitHub is generally good, and they communicate effectively.
Some forums help you get answers faster since you just type in your concern and see resolutions from other engineers.
I have not used GitHub's technical support extensively because there are many resources and a robust knowledge base available due to the large user community.
Access to the engineering team is crucial for faster feedback on the product fix process.
They are very responsive and quick to help with queries within our scope.
They respond very quickly since security is something critical.
We have never had a problem with scalability, so I would rate it at least eight to nine.
GitHub is more scalable than on-prem solutions, allowing for cloud-based scaling which is beneficial for processing large workloads efficiently.
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
If a skilled developer uses it, it is ten out of ten for stability.
It provides a reliable environment for code management.
GitHub is mostly stable, but there can be occasional hiccups.
If the Veracode server is down, we experience many issues during the scan.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
One area for improvement in GitHub could be integration with other tools, such as test management or project management tools.
I would like to see some AI functionality included in GitHub, similar to the features seen in GitLab, to enhance productivity.
When solving merge conflicts, it would be helpful to have tooltips within the actions to know what changes could happen next when resolving a conflict.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
Normally, GitHub is not expensive, but it would be welcome if it reduces costs for developing countries.
The pricing of GitHub is reasonable, with the cost being around seven dollars per user per month for private repositories.
The pricing of GitHub depends on the choice of solutions, such as building one's own GitHub Runners to save money or using GitHub's Runners with extra costs.
It's not the most expensive solution.
If there's a security gap, you'll never know the cost or effect.
Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode.
The pull request facility for code review.
GitHub Actions allow for creating multiple jobs that run in different stages such as build, test, and deploy, which enable better visibility and control over the deployment pipeline.
For branching, it works well, especially in an agile environment.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.
What are the key features of Veracode?
What benefits should users consider in Veracode reviews?
Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.
Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
