GitGuardian Public Monitoring vs Veracode comparison

GitGuardian Public Monitoring

Read 201 Veracode reviews

14,613 Views
9,530 Comparison Views

90% willing to recommend

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Veracode and GitGuardian compete in the security solutions category. Veracode has an advantage in support and customer satisfaction, while GitGuardian leads with superior features despite higher costs.

Features: Veracode is recognized for its comprehensive application security functionalities, support structure, and user satisfaction. GitGuardian is noted for its real-time detection capabilities, comprehensive monitoring, and advanced threat intelligence.

Room for Improvement: Veracode could improve its integration with more platforms, enhance its user interface, and streamline its scanning process. GitGuardian would benefit from better alert management customization, a more intuitive user dashboard, and enhanced automation features.

Ease of Deployment and Customer Service: Veracode is praised for its easy deployment process and efficient support, contributing to positive customer service ratings. GitGuardian has a more complex deployment but offers responsive support that users find valuable.

Pricing and ROI: Veracode provides better initial pricing options, making it accessible for budget-conscious buyers. GitGuardian, with a higher price point, offers stronger ROI due to its advanced feature set, attracting tech buyers seeking comprehensive solutions.

To learn more, read our detailed GitGuardian Public Monitoring vs. Veracode Report (Updated: June 2025).

GitGuardian Public Monitoring vs. Veracode

June 2025

Download the complete report

Helped 857,028 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

GitGuardian Public Monitoring

Ranking in Application Security Tools

22nd

Ranking in Static Application Security Testing (SAST)

19th

Average Rating

9.0

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Data Loss Prevention (DLP) (23rd), Threat Intelligence Platforms (18th)

Veracode

Ranking in Application Security Tools

2nd

Ranking in Static Application Security Testing (SAST)

2nd

Average Rating

8.2

Reviews Sentiment

7.0

Number of Reviews

201

Ranking in other categories

Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)

Mindshare comparison

As of June 2025, in the Application Security Tools category, the mindshare of GitGuardian Public Monitoring is 0.2%, up from 0.1% compared to the previous year. The mindshare of Veracode is 9.2%, down from 10.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Featured Reviews

Theo Cusnir

Application Security Engineer at PayFit

Detects and alerts us about leaks quickly, and enables us to filter and prioritize occurrences

One thing I really like about it is the fact that we can add search words or specific payloads inside the tool, and GitGuardian will look into GitHub and alert us if any of these words is found in a repository. For example, if I put "Payfit" in the tool, I will be alerted every time someone is committing with that word in the code. It's really useful for internal domain names, to detect if someone is leaking internal code. With this capability in the tool, we have good surveillance over our potential blind spots. It can detect a leak in 10 minutes. We had an experience with one of our engineers who had leaked a secret, and 10 minutes afterward we had a warning from GitGuardian about the leak. It's very effective. We looked at the commit date and the current date with hours and minutes and we could see that the commit had been made 10 minutes ago. As a result, we are sure it is pretty fast. Another feature, one that helps prioritize remediation, is that you can filter the findings by criticality. That definitely helps us to prioritize which secrets we should rotate and delete.

Read full review

David-Robertson

Director Enterprise Architecture at Exeter Finance Corp.

Static scanning and software composition analysis are very helpful, but the usability needs improvement

Static scanning and software composition analysis are very helpful. My colleagues and I don't need to be experts on all of those ancillary things, so we can focus more on the business deliverables. They have a pretty good tool that allows me to run scans of my local integrated development environment. I can find a lot of those flaws a lot sooner than I would if I had to wait for these cloud-based scans. They've come out with some sort of automated fix feature. I haven't used it, but they gave us a demo of it, and that one looks promising. I don't know if it's ready for prime time yet.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The Explore function is valuable for finding specific things I'm looking for."

"One thing I really like about it is the fact that we can add search words or specific payloads inside the tool, and GitGuardian will look into GitHub and alert us if any of these words is found in a repository... With this capability in the tool, we have good surveillance over our potential blind spots."

"We use Veracode static analysis during development to eliminate vulnerability issues"

"Veracode impacts the overall security posture by maintaining data integrity, ensuring we are not exposed to threats from third-party libraries with known vulnerabilities."

"Tech support is outstanding. Best in class. Absolutely. They bend over backwards to help us. We'll come up with questions and within minutes, we'll get answers. It's amazing. It's truly amazing."

"The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use."

"The solution is a specialist in SAST that you can rely on. Code scanning is fast with current, updated algorithms."

"Ours is a Java-based application and Veracode can detect vulnerabilities in both Angular, which is used for the UI, and also in the backend code, which includes APIs and microservices."

"The integration capabilities with our existing development tools are very good."

"The security team can track the remediation and risk acceptance statistics."

More Veracode pros

Cons

"I would like to see improvement in some of the user interface features... When one secret is leaked in multiple files or multiple repositories, it will appear on the dashboard. But when you click on that secret, all the occurrences will appear on the page. It would be better to have one secret per occurrence, directly, so that we don't have to click to get to the list of all the occurrences."

"I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems like a compelling approach to lure and identify attackers."

"Veracode has a few shortcomings in terms of how they handle certain components of the UI. For example, in the case of the false positive, it would be highly desirable if the false positive don't show up again on the UI, instead still showing up for any subsequent scan as a false positive. There is a little bit of cluttering that could be avoided."

"The current version of the application does not support testing for API."

"The scanning takes a lot of time to complete."

"It would help to have more training for developers to help them set it up."

"Its cost and the long scanning times for large applications are the areas for improvement."

"The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified."

"The scanning process for records could be faster and there is room for improvement in Veracode's performance."

"The security labs integration has room for improvement."

More Veracode cons

Pricing and Cost Advice

"It's a bit expensive, but it works well. You get what you pay for."

"We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily."

"Compared to other similar products, the licensing and pricing are definitely competitive. If you see Checkmarx as the market leader, then we are talking about Veracode being a fraction of the cost. You also have to consider your hidden costs: you need a team to maintain it, a server, and resources. From that point of view, Veracode is great because the cost is really a fraction of many competitors."

"Veracode's price is high. I would like them to better optimize their pricing."

"I think the pricing is in line with the rest of the tools. I think you get what you pay for. It is certainly not inexpensive, but the value proposition is there. There are certainly cheaper tools, but I don't think we'd be getting the support that we get with those, and that is what separates this product from the others."

"The product’s price is a bit higher compared to other solutions."

"Compared to the typical software composition analysis solutions, Veracode is not so costly, although the static analysis part of it is a little costlier."

"Veracode has been fair. We use their SaaS solution and it's just an annual subscription."

"Veracode is a very expensive product."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

857,028 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Government

21%

Computer Software Company

14%

Energy/Utilities Company

14%

Comms Service Provider

11%

Computer Software Company

17%

Financial Services Firm

16%

Manufacturing Company

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about GitGuardian Public Monitoring?

The Explore function is valuable for finding specific things I'm looking for.

What needs improvement with GitGuardian Public Monitoring?

I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems...

What is your primary use case for GitGuardian Public Monitoring?

We use GitGuardian Public Monitoring for code that is exposed in public.

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

What do you like most about Veracode?

The SAST and DAST modules are great.

What is your experience regarding pricing and costs for Veracode?

The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.

GitGuardian Platform vs GitGuardian Public Monitoring

Comparisons

Compared 75% of the time

SafeGuard Cyber Security vs GitGuardian Public Monitoring

Compared 25% of the time

More GitGuardian Public Monitoring Competitors

SonarQube Server (formerly SonarQube) vs Veracode

Compared 19% of the time

Checkmarx One vs Veracode

Compared 10% of the time

GitHub Advanced Security vs Veracode

Compared 7% of the time

Fortify on Demand vs Veracode

Compared 4% of the time

Snyk vs Veracode

Compared 4% of the time

More Veracode Competitors

Product Reports

Application Security Tools

June 2025

Download GitGuardian Public Monitoring product report

Download Veracode product report

May 2025

Also Known As

No data available

Crashtest Security , Veracode Detect

Overview

GitGuardian Public Monitoring allows real-time GitHub scanning and alerting to uncover sensitive company information hiding in online repositories. It monitors both organization repositories and developers' personal repositories. The solution gives visibility to developers and security teams on this very critical blindspot that are the organization developers' personal repositories on GitHub (80% of leaked corporate secrets on public GitHub come from developers’ personal repositories).

GitGuardian Public Monitoring is particularly interesting for companies with large development teams (above 200 developers) and modern development practices.

GitGuardian Public Monitoring cover 350+ API providers, database connection strings, private keys, certificates, usernames and passwords and intellectual property. It uses sophisticated pattern matching techniques to detect credentials that cannot be strictly defined with a distinctive pattern (like unprefixed credentials). The algorithm has a high precision (91% “true positive” feedback following our alerts, as reported by our users.)

The alerting is done in real-time (a few seconds after the secret was publicly exposed) which allows fast remediation involving in a collaborative way developers, security teams and operations.

GitGuardian Public Monitoring also allows red teams and pentesters to proactively look for sensitive information by performing complex queries on 12 billion documents and metadata from more than 3 years of GitHub history.

GitGuardian Public Monitoring scans public GitHub activity in real-time, helping organizations detect sensitive information leaks in source code repositories. Our solution gives Threat Intelligence and Security teams full visibility over their organization’s public GitHub Attack Surface, by monitoring both organization-owned repositories and developers' personal repositories.

With 80% of secrets and credentials leaks on public GitHub finding their source in developers' personal repositories, GitGuardian for Public Monitoring helps organizations address a critical security blind spot.

With real-time incident notification, Threat Intelligence and Security teams are guaranteed to reach the incident scene before everyone else and take action to mitigate the threat of breaches and intrusions.

GitGuardian

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Sample Customers

Align Technology, Automox, Fred Hutch, Instacart, Maven Wave, Mirantis, SafetyCulture, Snowflake, Talend

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.