Try our new research platform with insights from 80,000+ expert users

GitHub Code Scanning vs Rapid7 AppSpider comparison

GitHub and Rapid7 are both solutions in the Static Application Security Testing (SAST) category. GitHub is ranked #17 with an average rating of 9.3, while Rapid7 is ranked #27 with an average rating of 8.0. GitHub holds a 1.0% mindshare in SAST, compared to Rapid7’s 0.5% mindshare. Additionally, 100% of GitHub users are willing to recommend the solution, compared to 100% of Rapid7 users who would recommend it.
GitHub Code Scanning
Read 3 GitHub Code Scanning reviews
  • 676 Views
  • 585 Comparison Views
100% willing to recommend
Rapid7 AppSpider
Read 14 Rapid7 AppSpider reviews
  • 909 Views
  • 614 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

Rapid7 AppSpider and GitHub Code Scanning are competitors in application security. While both solutions offer unique advantages, GitHub Code Scanning holds the upper hand with its integration within the GitHub ecosystem and real-time capabilities that streamline developer workflows.

Features: Rapid7 AppSpider provides comprehensive vulnerability detection, broad technology support, and deep scanning capabilities across diverse environments. GitHub Code Scanning offers direct integration with GitHub, real-time scan capabilities, and continuous analysis throughout the development lifecycle.

Room for Improvement: Rapid7 AppSpider users suggest improvements in its reporting interface, documentation clarity, and ease of deployment. GitHub Code Scanning users point to the need for enhanced customization options, expanded language support, and improved vulnerability details.

Ease of Deployment and Customer Service: Rapid7 AppSpider is often noted for its complexity and steep learning curve, whereas GitHub Code Scanning benefits from the familiar GitHub platform, offering smoother deployment. GitHub generally receives more favorable feedback for its responsive support aligned with developer needs.

Pricing and ROI: Rapid7 AppSpider faces criticism for higher setup costs, affecting ROI. GitHub Code Scanning is more favorably priced for teams already using GitHub, enhancing ROI through existing workflow integration. GitHub's cost-effectiveness provides a significant investment advantage for many users.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed GitHub Code Scanning vs. Rapid7 AppSpider Report (Updated: April 2025).
Buyer's Guide
GitHub Code Scanning vs. Rapid7 AppSpider
April 2025
Download the complete report
Helped 850,028 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

GitHub Code Scanning
Ranking in Static Application Security Testing (SAST)
17th
Average Rating
9.4
Reviews Sentiment
7.9
Number of Reviews
3
Ranking in other categories
No ranking in other categories
Rapid7 AppSpider
Ranking in Static Application Security Testing (SAST)
27th
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
14
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of May 2025, in the Static Application Security Testing (SAST) category, the mindshare of GitHub Code Scanning is 1.0%, up from 0.2% compared to the previous year. The mindshare of Rapid7 AppSpider is 0.5%, down from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

VishalSingh - PeerSpot reviewer
Traverses the entire network, scanning every system to determine which ports are open
You can use the tool locally on your system or in the cloud. I rate it a nine out of ten. It's a very good tool for people who want to start using GitHubCode Scanning, especially for software development or team collaboration. GitHubCode Scanning allows teams to collaborate by uploading files to repositories. For example, if someone is developing an application, they can host the code on GitHub Code Scanning. Other developers can then download the code for testing purposes. If bugs are found, fixes can be applied using the GitHub Code Scanningrepository, and everyone on the team can see the changes. Software developers often use GitHub Code Scanning for version control, and it's essential for CI/CD pipelines to work.
Read full review
Andrei Bigdan - PeerSpot reviewer
Useful vulnerability reporting data, flexible, and simple implementation
I have had some stability problems but it could be the Microsoft Windows operating system. I found that closing other applications helps with stability. It is helpful to have as much memory as possible, such as eight gigabytes. The more pages being processed the more resources you need. I rate the stability of Rapid7 AppSpider a nine out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use GitHub Code Scanning mostly for source code management."
"GitHub Code Spaces brings significant value with its simplicity and ease of use."
"The solution helps identify vulnerabilities by understanding how ports communicate with applications running on a system. Ports are like house numbers; to visit someone's house, you must know their number. Similarly, ports are used to communicate with applications. For example, if you want to use an HTTP web server, you must use port 80. It is the port on which the web application or your server listens for incoming requests."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"The solution is highly stable, rated at ten out of ten."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"It scans all the components developed within a web application."
"One of the most valuable features of AppSpider is its broad range of authentication identification, which is a key reason for its utilization."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
More Rapid7 AppSpider pros
 

Cons

"One area for improvement could be the ability to have an AI system digest the reports generated from code scanning and provide a summary. Currently, the reports can be extensive, and users may overlook details, such as outdated libraries, which could be highlighted for attention."
"GitHub Code Scanning should add more templates."
"It needs better integration with mobile applications."
"For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users."
"Integration could be better."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"The dashboard and interface are crucial and they need some improvement."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"There are some glitches with stability, and it is an area for improvement."
"The enterprise interface is too simple. It should be more customizable."
More Rapid7 AppSpider cons
 

Pricing and Cost Advice

"The minimum pricing for the tool is five dollars a month."
"GitHub Code Scanning is a moderately priced solution."
"The price is pretty fair."
"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
"The licensing cost depends on the number of users."
"AppSpider is closed-source software and you need to acquire a license in order to use it."
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
850,028 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
10%
Manufacturing Company
10%
Government
8%
Financial Services Firm
18%
Computer Software Company
13%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about GitHub Code Scanning?
We use GitHub Code Scanning mostly for source code management.
See all answers
What is your experience regarding pricing and costs for GitHub Code Scanning?
The minimum pricing for the tool is five dollars a month.
See all answers
What needs improvement with GitHub Code Scanning?
One area for improvement could be the ability to have an AI system digest the reports generated from code scanning and provide a summary. Currently, the reports can be extensive, and users may over...
See all answers
What do you like most about Rapid7 AppSpider?
The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate a...
See all answers
What is your experience regarding pricing and costs for Rapid7 AppSpider?
The price is not high, but for Japanese customers, localization may incur additional costs.
See all answers
What needs improvement with Rapid7 AppSpider?
For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users.
See all answers
 

Comparisons

SonarQube Server (formerly SonarQube) vs GitHub Code Scanning Logo
SonarQube Server (formerly SonarQube) vs GitHub Code Scanning
Compared 34% of the time
Coverity vs GitHub Code Scanning Logo
Coverity vs GitHub Code Scanning
Compared 29% of the time
SonarQube Cloud (formerly SonarCloud) vs GitHub Code Scanning Logo
SonarQube Cloud (formerly SonarCloud) vs GitHub Code Scanning
Compared 15% of the time
Aikido Security vs GitHub Code Scanning Logo
Aikido Security vs GitHub Code Scanning
Compared 10% of the time
Polaris Software Integrity Platform vs GitHub Code Scanning Logo
Polaris Software Integrity Platform vs GitHub Code Scanning
Compared 5% of the time
More GitHub Code Scanning Competitors
Rapid7 InsightAppSec vs Rapid7 AppSpider Logo
Rapid7 InsightAppSec vs Rapid7 AppSpider
Compared 44% of the time
Acunetix vs Rapid7 AppSpider Logo
Acunetix vs Rapid7 AppSpider
Compared 11% of the time
Invicti vs Rapid7 AppSpider Logo
Invicti vs Rapid7 AppSpider
Compared 8% of the time
OWASP Zap vs Rapid7 AppSpider Logo
OWASP Zap vs Rapid7 AppSpider
Compared 7% of the time
Qualys Web Application Scanning vs Rapid7 AppSpider Logo
Qualys Web Application Scanning vs Rapid7 AppSpider
Compared 6% of the time
More Rapid7 AppSpider Competitors
 

Product Reports

Buyer's Guide
Static Application Security Testing (SAST)
April 2025
GitHub Code Scanning reportDownload GitHub Code Scanning product report
Buyer's Guide
Rapid7 AppSpider
April 2025
Rapid7 AppSpider reportDownload Rapid7 AppSpider product report
 

Also Known As

No data available
AppSpider
 

Overview

Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.

GitHub

SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.

Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.

Rapid7
 

Sample Customers

Information Not Available
Microsoft
Buyer's Guide
GitHub Code Scanning vs. Rapid7 AppSpider
April 2025
Free Report: GitHub Code Scanning vs. Rapid7 AppSpider
Find out what your peers are saying about GitHub Code Scanning vs. Rapid7 AppSpider and other solutions. Updated: April 2025.
DOWNLOAD NOW
850,028 professionals have used our research since 2012.
See our GitHub Code Scanning vs. Rapid7 AppSpider report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.