Acunetix vs GitHub Code Scanning comparison

Invicti and GitHub are both solutions in the Static Application Security Testing (SAST) category. Invicti is ranked #5 with an average rating of 7.9, while GitHub is ranked #17 with an average rating of 8.0. Invicti holds a 2.7% mindshare in SAST, compared to GitHub’s 1.3% mindshare. Additionally, 89% of Invicti users are willing to recommend the solution, compared to 100% of GitHub users who would recommend it.

Acunetix

Read 38 Acunetix reviews

10,102 Views
5,657 Comparison Views

89% willing to recommend

GitHub Code Scanning

Read 6 GitHub Code Scanning reviews

2,177 Views
2,090 Comparison Views

100% willing to recommend

Acunetix

GitHub Code Scanning

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Acunetix and GitHub Code Scanning are key players in security and code testing. GitHub Code Scanning generally holds an advantage for its ease of use and seamless integration into development workflows.

Features: Acunetix provides comprehensive vulnerability detection, robust scanning, and extensive reporting for deep security analysis. GitHub Code Scanning offers seamless integration with CI/CD pipelines, a streamlined interface, and effective collaboration tools within the GitHub ecosystem.

Room for Improvement: Acunetix could benefit from enhanced integration, improved performance speed, and simplified user navigation. GitHub Code Scanning needs more comprehensive vulnerability detection, expanded language support, and enhanced reporting capabilities.

Ease of Deployment and Customer Service: Acunetix requires a complex setup but has satisfactory customer service. GitHub Code Scanning offers simple deployment with integrated support from the GitHub ecosystem, leading to higher user satisfaction.

Pricing and ROI: Acunetix comes with a higher upfront cost but offers significant long-term value through its exhaustive security features. GitHub Code Scanning provides cost-effective solutions via GitHub plans, achieving ROI through efficient workflow integration.

To learn more, read our detailed Acunetix vs. GitHub Code Scanning Report (Updated: June 2026).

Buyer's Guide

Acunetix vs. GitHub Code Scanning

June 2026

Download the complete report

Helped 900,747 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Acunetix

Ranking in Static Application Security Testing (SAST)

5th

Average Rating

7.8

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

Application Security Tools (8th), Vulnerability Management (21st), DevSecOps (5th)

GitHub Code Scanning

Ranking in Static Application Security Testing (SAST)

17th

Average Rating

8.6

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of June 2026, in the Static Application Security Testing (SAST) category, the mindshare of Acunetix is 2.7%, down from 3.8% compared to the previous year. The mindshare of GitHub Code Scanning is 1.3%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST) Mindshare Distribution
Product	Mindshare (%)
Acunetix	2.7%
GitHub Code Scanning	1.3%
Other	96.0%

Static Application Security Testing (SAST)

Featured Reviews

Rahul Kumar

Senior Engineer - Penetration Tester at a government with 10,001+ employees

Identifies vulnerabilities across bulk web applications but needs better support and cleaner reports

The best feature Acunetix offers is the centralized dashboard and the quality of reports it generates, which includes various options for selecting reports and developer options for directly sharing the reports with developers. The centralized dashboard of Acunetix gives visibility into the security aspects of mass applications; for instance, with more than 200 applications, it provides a valuable overview of findings and necessary fixes, along with a high-level summary that helps us achieve compliance through monthly and sometimes weekly scanning. In terms of reporting, Acunetix is excellent because it can generate different types of reports, such as an executive summary report, detailed reports, and developer reports that can be shared directly with developers. Acunetix positively impacts my organization by helping identify outdated libraries and applications, including legacy applications vulnerable to old attacks based on OWASP Top 10, thus aiding in compliance checks for PCI DSS and OWASP. Acunetix provides a centralized report with compliance-related aspects and a vulnerability timeline, effectively helping reduce vulnerabilities and save time.

Read full review

AbhishekKumar20

Software Development Manager at Amazon

Code scanning identifies vulnerabilities quickly and improves team response with minimal setup

I have been using Git for approximately 13-14 years. I have used GitHub Code Scanning for about three to four years. The primary purpose is to identify any vulnerability in the code itself. The system logs vulnerabilities that we can immediately examine to see all the error-prone areas. The AI functionalities include predefined agents that scan through and immediately provide responses regarding the best nomenclature or code coverage percentage. It's actually a one-time setup, and the team benefits as long as they push code and changes in the repository itself. Every time we push something, we immediately check the total deviation, whether our code coverage has improved, or if any vulnerability has been identified. There is always a metrics dashboard that we can see and identify. Primarily, GitHub is used for doing the versioning itself in the repository. With vulnerability functionality being provided and AI agents available, it makes a complete package. As soon as we publish our code, we immediately get to know the test code coverage. This immediately informs us about all the vulnerable areas which are not being fully tested. If we address those areas, most vulnerabilities are resolved. Even after tests are added, if by any chance the test is not treated cleanly or corner cases are missed, GitHub Code Scanning immediately flags those corners. It's always beneficial to have because it's not humanly possible to check all corner case scenarios, but as a system where they diagnose each line item, that's very helpful.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We use the solution for the scanning of vulnerabilities like SQL injections."

"The most valuable feature of Acunetix is the UI and the scan results are simple."

"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."

"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."

"I haven't seen reporting of that level in any other tool."

"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."

"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."

"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."

More Acunetix pros

"We use GitHub Code Scanning mostly for source code management."

"The solution helps identify vulnerabilities by understanding how ports communicate with applications running on a system. Ports are like house numbers; to visit someone's house, you must know their number. Similarly, ports are used to communicate with applications. For example, if you want to use an HTTP web server, you must use port 80. It is the port on which the web application or your server listens for incoming requests."

"It's very scalable, very easy to handle, and very intuitive."

"The static code analysis capability in GitHub Code Scanning is a very powerful feature, providing the ability to identify vulnerabilities and ensure code quality."

"GitHub Code Spaces brings significant value with its simplicity and ease of use."

"GitHub Code Scanning has positively impacted my organization as it helps us recognize errors and avoid many later issues which may arise."

Cons

"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."

"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."

"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."

"The Acunetix licensing and pricing model is somewhat complicated. If we calculated all of our domains and sub-domains, the sum would be huge; that's why we thought of leaving Acunetix."

"Acunetix could be improved with more advanced integration, enhanced report customization, and a more intuitive user interface, as well as better prioritization of vulnerabilities and deeper guidance for remediation."

"Our experience with Acunetix has not been good, so we are in the process of switching solutions."

"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."

"The time to fix issues is not too quick, so in the case of time-restricted projects for some customers, this might become a problem."

More Acunetix cons

"GitHub Code Scanning should add more templates."

"When running code scans, GitHub Code Scanning provides recommendations for probable fixes. However, integrating a feature where developers receive real-time highlights of vulnerabilities when checking in or merging a PR would be beneficial."

"One area for improvement could be the ability to have an AI system digest the reports generated from code scanning and provide a summary. Currently, the reports can be extensive, and users may overlook details, such as outdated libraries, which could be highlighted for attention."

"At times it becomes very annoying as it highlights certain things which are intuitive. They require code coverage for those aspects as an extra overhead."

Pricing and Cost Advice

"The solution is expensive."

"It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two years at 7,000 per year for only five applications. You cannot change the applications in the license. So, you are stuck with the same license for the five applications for one full year."

"Acunetix was around the same price as all the other vendors we looked at, nothing special."

"The costs aren't very expensive. It costs around $3000 or $4000."

"The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable."

"Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."

"When we looked at all other vendors and what they were asking for, to provide a third of what Acunetix was capable of doing, it was an easy decision... But now that it's coming to a cost where it's line with market value, it becomes more of a competition... Acunetix is raising the cost of licensing. It's 3.5 times what we were initially quoted."

"The cost is based on two types of licenses, ConsultLite, and ConsultPlus, as well as the number of domains that are scanned."

More Acunetix pricing and cost advice

"The minimum pricing for the tool is five dollars a month."

"GitHub Code Scanning is a moderately priced solution."

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

900,747 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

12%

Manufacturing Company

10%

Computer Software Company

Comms Service Provider

Financial Services Firm

11%

Manufacturing Company

10%

Computer Software Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	18
Midsize Enterprise	7
Large Enterprise	19

No data available

Questions from the Community

What is your primary use case for Acunetix Vulnerability Scanner?

In a typical enterprise environment, Acunetix is mainly used for visibility, detection, and investigation across network traffic. The main use cases usually fall into a few core areas, with primary...

See all answers

What advice do you have for others considering Acunetix Vulnerability Scanner?

I advise that Acunetix is the best option. Invest time in proper initial configuration and scope definitions. The tool is powerful, but its effectiveness depends heavily on how the authenticated ar...

See all answers

What is your experience regarding pricing and costs for Acunetix?

Everything is perfect and good, including the pricing and all related aspects.

See all answers

What is your experience regarding pricing and costs for GitHub Code Scanning?

The organization pays for the license of GitHub Code Scanning, but specific price details are unknown.

See all answers

What needs improvement with GitHub Code Scanning?

In my opinion, areas of GitHub Code Scanning that could be improved include that a few things are not visible to us, such as where it stores data and which path. There is a separate team for that w...

See all answers

What advice do you have for others considering GitHub Code Scanning?

I am an end user only here with GitHub Code Scanning. I currently might be using the latest version of GitHub Code Scanning, but I don't remember the specific version. I have not utilized the real-...

See all answers

Comparisons

PortSwigger Burp Suite Professional vs Acunetix

Compared 8% of the time

OWASP Zap vs Acunetix

Compared 7% of the time

HCL AppScan vs Acunetix

Compared 4% of the time

Invicti vs Acunetix

Compared 4% of the time

OpenText Dynamic Application Security Testing vs Acunetix

Compared 4% of the time

More Acunetix Competitors

SonarQube vs GitHub Code Scanning

Compared 16% of the time

Coverity Static vs GitHub Code Scanning

Compared 10% of the time

Aikido Security vs GitHub Code Scanning

Compared 6% of the time

HCL AppScan vs GitHub Code Scanning

Compared 6% of the time

OWASP Zap vs GitHub Code Scanning

Compared 5% of the time

More GitHub Code Scanning Competitors

Product Reports

Buyer's Guide

Acunetix

June 2026

Download Acunetix product report

Buyer's Guide

GitHub Code Scanning

June 2026

Download GitHub Code Scanning product report

Also Known As

AcuSensor

No data available

Overview

Acunetix is a dynamic application security tool used globally for web application vulnerability scanning, focusing on SQL injection and cross-site scripting.

Acunetix provides a comprehensive web vulnerability assessment platform designed for identifying and remediating security threats. Users benefit from its ability to schedule scans, boasting a fast detection rate for common vulnerabilities. The tool's centralized dashboard helps organizations with compliance monitoring and features such as crawling and login sequence enhancements, contributing depth to its security assessments. Despite high praise for its integration capabilities and automated scanning that saves time, pricing and false positives present challenges. Organizations often use Acunetix to maintain internal security and evaluate pre-release environments.

What are Acunetix's main features?

Comprehensive Reporting: Detailed reports assist in security analysis and compliance audits.
User-Friendly Interface: Simple navigation enhances user experience.
Scheduled Scans: Automation of scans allows for continuous monitoring.
Fast Detection: Quickly identifies vulnerabilities like SQL injection and cross-site scripting.
Integration Capabilities: Scalable solutions with compatibility across applications.
Crawling & Login Sequence: Improves depth in security analysis.

What benefits should businesses look for in reviews?

Low False Positive Rate: Accurate vulnerability detection saves time in analysis.
Time Efficiency: Automated scans reduce manual workload, improving team productivity.
Scalability: Integration features help accommodate growth and complexity.
Compliance Support: Centralized dashboard supports regulatory compliance checks.

In industries like finance, healthcare, and technology, Acunetix assists in protecting sensitive data through robust scanning and reporting capabilities. Its ability to perform dynamic assessments makes it a chosen tool in regulatory environments and development settings, offering both internal security inspections and pre-release evaluations.

Invicti

Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.

GitHub

Sample Customers

Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand

Information Not Available

Buyer's Guide

Acunetix vs. GitHub Code Scanning

June 2026

Free Report: Acunetix vs. GitHub Code Scanning

Find out what your peers are saying about Acunetix vs. GitHub Code Scanning and other solutions. Updated: June 2026.

DOWNLOAD NOW

900,747 professionals have used our research since 2012.

See our Acunetix vs. GitHub Code Scanning report.

See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.