GitHub Code Scanning vs Veracode comparison

GitHub Code Scanning
Read 2 GitHub Code Scanning reviews
  • 221 Views
  • 187 Comparison Views
100% willing to recommend
Veracode
Read 194 Veracode reviews
  • 24,547 Views
  • 16,417 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between GitHub Code Scanning and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed GitHub Code Scanning vs. Veracode Report (Updated: June 2024).
Buyer's Guide
GitHub Code Scanning vs. Veracode
June 2024
Download the complete report
Helped 787,779 peers since 2012
 

Categories and Ranking

GitHub Code Scanning
Ranking in Static Application Security Testing (SAST)
22nd
Average Rating
9.6
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Veracode
Ranking in Static Application Security Testing (SAST)
2nd
Average Rating
8.2
Number of Reviews
194
Ranking in other categories
Application Security Tools (2nd), Container Security (4th), Software Composition Analysis (SCA) (2nd), Penetration Testing Services (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)
 

Featured Reviews

AG
Nov 23, 2023
A highly stable solution that can be used for source code management
We use GitHub Code Scanning mostly for source code management GitHub Code Scanning should add more templates. I have been using GitHub Code Scanning for six to seven months. I rate GitHub Code Scanning ten out of ten for stability. GitHub Code Scanning is a scalable solution. Around 2,000 to…
Read full review
KS
Mar 20, 2024
Prevents vulnerable code, offers end-to-end visibility, and saves our developers time
Veracode's ability to prevent vulnerable code from entering the production environment is good. Using Veracode's ASC team is easy. I can send them an email and arrange a call from the app. They were helpful when I had issues or questions about using the app. Free access to the ASC team is a significant advantage because they possess in-depth knowledge of the product and are readily available for assistance. It is innovative when it comes to features. Veracode helps our organization with security scanning. We realized the benefit of Veracode as soon as it was deployed. The policy reporting is valuable because it provides two key benefits: first, it generates a security score for our application. Second, it offers comprehensive reporting that details both the vulnerabilities found and the potential risks they pose to our application. Veracode can provide visibility into application status at every phase of development. It assists our application team in fixing flaws by identifying issues and guiding the team toward resolving them. Veracode helps our developers save time by ensuring the code is secure. Veracode helps us improve our overall security posture. When a Veracode report shows no vulnerabilities, it indicates a strong security position. This allows the security team to sign off on approvals more efficiently, as a clean Veracode report is a key factor in their evaluation process. Veracode is a valuable tool for a shift-left security strategy. It helps save overall development time, money, and effort by identifying and resolving security vulnerabilities early in the development lifecycle.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use GitHub Code Scanning mostly for source code management."
"The solution helps identify vulnerabilities by understanding how ports communicate with applications running on a system. Ports are like house numbers; to visit someone's house, you must know their number. Similarly, ports are used to communicate with applications. For example, if you want to use an HTTP web server, you must use port 80. It is the port on which the web application or your server listens for incoming requests."
"Because it is a SaaS offering, I do not have to support the infrastructure."
"Ours is a Java-based application and Veracode can detect vulnerabilities in both Angular, which is used for the UI, and also in the backend code, which includes APIs and microservices."
"The most valuable feature of Veracode is the binary scan feature for auditing, which allows us to audit the software without the source code."
"The capability to identify vulnerable code is the most valuable feature of Veracode."
"I like Veracode's integration with our CI/CD. It automatically scans our code when we do the build. It can also detect any security flaws in our third-party libraries. Veracode is good at pinpointing the sections of code that have vulnerabilities."
"It has almost completely eliminated the presence of SQLi vulnerabilities."
"One of the valuable features is that it gives us the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important."
"The innovative features offered by Veracode are excellent."
More Veracode pros
 

Cons

"GitHub Code Scanning should add more templates."
"I do expect large applications with millions of lines of code to take a while, but it would be nice if there was a possibility to be able to have a baseline initial scan. I know that Veracode touts that there are Pipeline Scans that are supposed to take 90 seconds or less, and we've tried to do that ourselves with our ERP application. However, it actually times out after two hours of scanning. If the static scan itself or another option to run a lower tier scan can be integrated earlier on into our SDLC, it would be great. Right now, it takes so long that we usually leave it till a bit later in the cycle, whereas if it ran faster, we could push it to the time when a developer will be checking in code. That would make us feel a lot more confident that we'd be able to catch things almost instantaneously."
"The solution does not support Dynamic Application Security Testing."
"In the next release, I would like a proper way of packaging files for scanning and the packing of IOS apps and API Dynamic scan methodology."
"Sometimes we get a lot of false positives even after configuring our policies, so that could be improved."
"An area for improvement I found in Veracode is the connectivity because currently, my company uses a plugin for the dev-ops cloud-based connectivity. A pretty helpful feature would be if Veracode gives a direct code for connecting to the Oracle server directly and authenticating it via a unique server."
"The UI could be better. Also, there are some scenarios where there is no security flaw, but the report indicates that there is a security flaw. The report is not perfectly accurate. So, the accuracy of the scanning reports needs improvement."
"The reports on offer are too verbose."
"Another problem we have is that, while it is integrated with single sign-on—we are using Okta—the user interface is not great. That's especially true for a permanent link of a report of a page. If you access it, it goes to the normal login page that has nothing that says "Log in with single sign-on," unlike other software as a service that we use. It's quite bothersome because it means that we have to go to the Okta dashboard, find the Veracode link, and log in through it. Only at that point can we go to the permanent link of the page we wanted to access."
More Veracode cons
 

Pricing and Cost Advice

"The minimum pricing for the tool is five dollars a month."
"GitHub Code Scanning is a moderately priced solution."
"We are still considering it at the enterprise level. It has a subscription-based model. We find its price a little high based on the features it provides."
"Veracode provides value for the cost, with no additional charges apart from the standard licensing fee."
"It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent."
"Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward."
"The pricing of the product depends upon the number of codes or the number of applications."
"The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."
"From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."
"Veracode is fairly priced."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
787,779 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
20%
Financial Services Firm
13%
Comms Service Provider
7%
Manufacturing Company
7%
Financial Services Firm
18%
Computer Software Company
15%
Manufacturing Company
8%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about GitHub Code Scanning?
We use GitHub Code Scanning mostly for source code management.
See all answers
What is your experience regarding pricing and costs for GitHub Code Scanning?
The minimum pricing for the tool is five dollars a month.
See all answers
What needs improvement with GitHub Code Scanning?
GitHub Code Scanning should add more templates.
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
What do you like most about Veracode?
The SAST and DAST modules are great.
See all answers
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
See all answers
 

Comparisons

SonarCloud vs GitHub Code Scanning Logo
SonarCloud vs GitHub Code Scanning
Compared 34% of the time
Coverity vs GitHub Code Scanning Logo
Coverity vs GitHub Code Scanning
Compared 24% of the time
SonarQube vs GitHub Code Scanning Logo
SonarQube vs GitHub Code Scanning
Compared 20% of the time
Polaris Software Integrity Platform vs GitHub Code Scanning Logo
Polaris Software Integrity Platform vs GitHub Code Scanning
Compared 13% of the time
More GitHub Code Scanning Competitors
SonarQube vs Veracode Logo
SonarQube vs Veracode
Compared 26% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 14% of the time
Fortify on Demand vs Veracode Logo
Fortify on Demand vs Veracode
Compared 7% of the time
Snyk vs Veracode Logo
Snyk vs Veracode
Compared 6% of the time
Fortify Static Code Analyzer vs Veracode Logo
Fortify Static Code Analyzer vs Veracode
Compared 3% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
Static Application Security Testing (SAST)
June 2024
GitHub Code Scanning reportDownload GitHub Code Scanning product report
Buyer's Guide
Veracode
May 2024
Veracode reportDownload Veracode product report
 

Also Known As

No data available
Crashtest Security , Veracode Detect
 

Learn More

GitHub
Veracode
 

Overview

Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

 

Sample Customers

Information Not Available
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
GitHub Code Scanning vs. Veracode
June 2024
Free Report: GitHub Code Scanning vs. Veracode
Find out what your peers are saying about GitHub Code Scanning vs. Veracode and other solutions. Updated: June 2024.
DOWNLOAD NOW
787,779 professionals have used our research since 2012.
See our GitHub Code Scanning vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.