We performed a comparison between GitHub Advanced Security and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part."
"It ensures user passwords or sensitive information are not accidentally exposed in code or reports."
"GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need."
"The product's most valuable features are security scan, dependency scan, and cost-effectiveness."
"The most valuable is the developer experience and the extensibility of the overall ecosystem."
"Dependency scanning is a valuable feature."
"The most important feature is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client... Dynamic scanning actually hits our Web applications, to try to detect any well known Web application vulnerabilities as well."
"For use cases where our company buys a product with the source code, but only the final executables or the binaries, only Veracode is able to work on that type of tool."
"When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them."
"The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use."
"It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies."
"Within SCA, there is an extremely valuable feature called vulnerable methods. It is able to determine within a vulnerable library which methods are vulnerable. That is very valuable, because in the vast majority of cases where a library is vulnerable, none of the vulnerable methods are actually used by the code. So, if we want to prioritize the way open source libraries are updated when a library is found vulnerable, then we want to prioritize the libraries which have vulnerable methods used within the code."
"When we do have errors, Veracode is always available, their consultants, to help us either mitigate the error, or provide technical assistance on pointing exactly where the problem is and how we could probably fix it. I'm always amazed at how knowledgeable they are."
"The most valuable feature is the SAST capability and its integration into the Veracode pipelines."
"The report limitations are the main issue."
"There could be a centralized dashboard to view reports of all the projects on one platform."
"The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective."
"A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial."
"The customizations are a little bit difficult."
"There could be DST features included in the product."
"Veracode's ability to fix flaws is less sophisticated than that of its competitors."
"There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long."
"Raw file scans and dynamic scans would be an improvement, instead of dealing with code binaries."
"Veracode Static Analysis could improve the terminology. For example, I do not know what the sandbox scan does. The terminology and the way they have used it are quite confusing. They should have a process of capturing problems that users are having on their end."
"The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there."
"The GUI requires significant simplification, as its current complexity creates a steep learning curve for new users."
"Veracode Static Analysis can improve the false positive. There are always improvements that can be done to the false positive rate. There are some things that get flagged that are not an issue. However, it is not a huge concern."
"Veracode does not support scans for .NET Blazor server applications."
GitHub Advanced Security is ranked 15th in Application Security Tools with 6 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. GitHub Advanced Security is rated 9.0, while Veracode is rated 8.2. The top reviewer of GitHub Advanced Security writes "A tool that provides ease of integration with the set of existing codes in an infrastructure". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". GitHub Advanced Security is most compared with SonarQube, Snyk, Fortify on Demand, Checkmarx One and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and Qualys Web Application Scanning. See our GitHub Advanced Security vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.