• Home
  • GitGuardian Public Monitoring vs. Veracode

GitGuardian Public Monitoring vs Veracode comparison

Cancel
You must select at least 2 products to compare!
GitGuardian Logo
GitGuardian Public Monitoring
Read 2 GitGuardian Public Monitoring reviews
73 views|29 comparisons
100% willing to recommend
Veracode Logo
Veracode
Read 194 Veracode reviews
25,312 views|16,984 comparisons
90% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Application Security Testing (AST)
April 2024
Executive Summary

We performed a comparison between GitGuardian Public Monitoring and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST).
To learn more, read our detailed Application Security Testing (AST) Report (Updated: April 2024).
Download the complete report
769,599 professionals have used our research since 2012.
Featured Review
Theo Cusnir
Detects and alerts us about leaks quickly, and enables us to filter and prioritize occurrences
Overall, it has given us more trust in our engineers and in our global security. We know that if someone is leaking something critical or a secret,... Read more →
Everton Yoshitani
I like the ease of integration and onboarding
Veracode helps us improve our overall security and build trust with our customers. For example, some of our customers have strict security... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"One thing I really like about it is the fact that we can add search words or specific payloads inside the tool, and GitGuardian will look into GitHub and alert us if any of these words is found in a repository... With this capability in the tool, we have good surveillance over our potential blind spots.""The Explore function is valuable for finding specific things I'm looking for."

More GitGuardian Public Monitoring Pros →

"It provides security of different Shadow IT activities in our environment, especially around application development and website hosting.""The Veracode technical support is very good. They are responsive and very knowledgeable.""The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities.""Provides the capability to track remediation and the handling of identified vulnerabilities.""It is great to have such insight into code without having to upload the source code at all. It saves a lot of NDA paperwork. The Visual Studio plugin allows the developer to seamlessly upload the code and get results as he works, with no manual upload. The code review function is great. It allows you to find flaws in source code.""Valuable features for us are the static scanning of the software, which is very important to us; the ability to set policy profiles that are specific to us; the software composition analysis, to give us reports on known vulnerabilities from our third-party components.""All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing).""Static code scanning is the most valuable feature."

More Veracode Pros →

Cons
"I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems like a compelling approach to lure and identify attackers.""I would like to see improvement in some of the user interface features... When one secret is leaked in multiple files or multiple repositories, it will appear on the dashboard. But when you click on that secret, all the occurrences will appear on the page. It would be better to have one secret per occurrence, directly, so that we don't have to click to get to the list of all the occurrences."

More GitGuardian Public Monitoring Cons →

"Static scanning takes a long time, so you need to patiently wait for the scan to achieve. I also think the software could be more accurate. It isn't 100 percent, so you shouldn't completely rely on Veracode. You need to manually verify its findings.""We use Ruby on Rails and we still don't have any support for that from Veracode.""Sometimes, the scans halt or drop for some reason, and we need to get help from Veracode to fix it.""Their scanning engine is sometimes a little bit slow. They can improve the scan time.""There might be room for improvement in the in-app guidance and the tips and tricks for the developer about how to progress. We would like more insight into the development environment, where they would get guidance on how to avoid flaws.""The dynamic scanning feature works, but it doesn't work properly for some of our applications. It doesn't allow us to skip. They claim that we can do this, but it doesn't work when we're scanning the applications in real-time.""There is room for improvement in the speed of the system. Sometimes, the servers are very busy and slow... Also, the integration with SonarQube is very weak, so we had to implement a custom solution to extend it.""Veracode does not support scans for .NET Blazor server applications."

More Veracode Cons →

Pricing and Cost Advice
  • "It's a bit expensive, but it works well. You get what you pay for."

    • More GitGuardian Public Monitoring Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    See Recommendations
    769,599 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about GitGuardian Public Monitoring?
    Top Answer:The Explore function is valuable for finding specific things I'm looking for.
    Read all 2 answers   →
    What is your experience regarding pricing and costs for GitGuardian Publi...
    Top Answer:It's a bit expensive, but it works well. You get what you pay for. You get something that is fully managed with a lot of features, and a tool that is very efficient.
    What needs improvement with GitGuardian Public Monitoring?
    Top Answer:I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems… more »
    Read all 2 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    19th
    out of 67 in Application Security Testing (AST)
    Views
    73
    Comparisons
    29
    Reviews
    2
    Average Words per Review
    1,292
    Rating
    9.0
    2nd
    out of 67 in Application Security Testing (AST)
    Views
    25,312
    Comparisons
    16,984
    Reviews
    101
    Average Words per Review
    976
    Rating
    8.1
    Comparisons
    Also Known As
    Crashtest Security , Veracode Detect
    Learn More
    GitGuardian
    Video Not Available
    Veracode
    Overview

    GitGuardian Public Monitoring allows real-time GitHub scanning and alerting to uncover sensitive company information hiding in online repositories. It monitors both organization repositories and developers' personal repositories. The solution gives visibility to developers and security teams on this very critical blindspot that are the organization developers' personal repositories on GitHub (80% of leaked corporate secrets on public GitHub come from developers’ personal repositories).

    GitGuardian Public Monitoring is particularly interesting for companies with large development teams (above 200 developers) and modern development practices.

    GitGuardian Public Monitoring cover 350+ API providers, database connection strings, private keys, certificates, usernames and passwords and intellectual property. It uses sophisticated pattern matching techniques to detect credentials that cannot be strictly defined with a distinctive pattern (like unprefixed credentials). The algorithm has a high precision (91% “true positive” feedback following our alerts, as reported by our users.)

    The alerting is done in real-time (a few seconds after the secret was publicly exposed) which allows fast remediation involving in a collaborative way developers, security teams and operations.

    GitGuardian Public Monitoring also allows red teams and pentesters to proactively look for sensitive information by performing complex queries on 12 billion documents and metadata from more than 3 years of GitHub history.

    GitGuardian Public Monitoring scans public GitHub activity in real-time, helping organizations detect sensitive information leaks in source code repositories. Our solution gives Threat Intelligence and Security teams full visibility over their organization’s public GitHub Attack Surface, by monitoring both organization-owned repositories and developers' personal repositories.

    With 80% of secrets and credentials leaks on public GitHub finding their source in developers' personal repositories, GitGuardian for Public Monitoring helps organizations address a critical security blind spot.

    With real-time incident notification, Threat Intelligence and Security teams are guaranteed to reach the incident scene before everyone else and take action to mitigate the threat of breaches and intrusions.

    Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

    Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

    Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

    Here are some of the benefits of using Veracode:

    • Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
    • Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application. 
    • Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.
    Sample Customers
    Align Technology, Automox, Fred Hutch, Instacart, Maven Wave, Mirantis, SafetyCulture, Snowflake, Talend
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    No Data Available
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    No Data Available
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    Application Security Testing (AST)
    April 2024
    Download Free Report
    Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST). Updated: April 2024.
    DOWNLOAD NOW
    769,599 professionals have used our research since 2012.

    GitGuardian Public Monitoring is ranked 19th in Application Security Testing (AST) with 2 reviews while Veracode is ranked 2nd in Application Security Testing (AST) with 194 reviews. GitGuardian Public Monitoring is rated 9.0, while Veracode is rated 8.2. The top reviewer of GitGuardian Public Monitoring writes "Helps us prioritize remediation tasks efficiently, improves our overall security visibility, and is effective in detecting and alerting us to security leaks quickly". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitGuardian Public Monitoring is most compared with Snyk, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap.

    See our list of best Application Security Testing (AST) vendors and best Application Security Tools vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.