Veracode and GitLab are leading tools in the security and DevOps categories, respectively. Veracode stands out in security-focused applications due to its in-depth analysis and vulnerability management, while GitLab is prominent in collaborative development with superior version control and CI/CD capabilities.
Features: Veracode provides thorough static and dynamic analyses, seamless integration into development processes, and extensive language support, beneficial for catching vulnerabilities early. GitLab offers efficient CI/CD pipeline management, repository hosting, and integration with various development tools, making it ideal for maintaining code integrity throughout the development cycle.
Room for Improvement: Veracode users suggest enhancements in false-positive management, expanding language support, and reducing scan times for large applications. GitLab could benefit from stronger integration with third-party apps, more advanced security features, and streamlined CI/CD pipeline integrations for improved project management.
Ease of Deployment and Customer Service: Veracode offers versatile deployment options, including hybrid and public clouds, but faces criticism for customer support response times. GitLab supports both on-premises and cloud deployments, receiving positive feedback for its agile and proactive customer service, which is crucial for continuous development environments.
Pricing and ROI: Veracode is positioned as a premium service with substantial ROI through enhanced security and compliance, suitable for organizations with heavy security investments. GitLab provides flexible pricing, including a free version, and its open-source nature offers cost-saving opportunities for smaller teams and organizations seeking robust DevOps solutions.
Migrating to GitLab is bringing time-saving benefits, and everything is easier to automate.
We have saved time significantly, reducing deployment time from four hours to five minutes per deployment.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
We have rarely needed to escalate issues to technical support since GitLab usually runs seamlessly.
I have interacted with architects for some advice during the implementation, and they were prompt in their response.
I have had meetings where they taught me, explained things, and provided guidance for starting from scratch.
They are very responsive and quick to help with queries within our scope.
They respond very quickly since security is something critical.
The responsiveness and quality of documentation from Veracode are notable compared to other tools we are currently using.
It has all the features required for our coding and deployment needs, which makes it scalable to our changing requirements.
We're transitioning to OpenShift for future scalability with increased user numbers.
For scaling, other deployment options from GitLab's side need to be adopted.
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
I have not encountered any performance or stability issues with GitLab so far.
The updates are frequent and demanding, happening at least once a week due to security reasons.
If the Veracode server is down, we experience many issues during the scan.
It would be beneficial to have a user-friendly interface for setting up these configurations, instead of just writing YAML files.
It is essential to conduct proper testing, such as unit tests and code coverage, within the SDLC pipelines.
GitLab can improve its user interface to make conflict resolution more user-friendly.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
Even when working in other small organizations, we opted for GitLab as it was cost-efficient.
The pricing of GitLab is reasonable, aligning with what I consider to be average compared to competitors.
The price is high, and it limits user accessibility.
It's not the most expensive solution.
If there's a security gap, you'll never know the cost or effect.
Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode.
As we implement automated testing and DevSecOps, it speeds up the process by forty to sixty percent.
The Ultimate version offers enhanced features for security scanning through DAST and SAST analysis, which have greatly benefitted our project workflow.
By integrating GitLab as a DevOps platform, we have enhanced agility, improved our time to market, and different teams can work collaboratively on various projects.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster.
It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring.
With GitLab, teams can streamline their workflows, automate processes, and improve productivity.
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.
What are the key features of Veracode?
What benefits should users consider in Veracode reviews?
Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.
Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
