HCL AppScan and GitHub compete in the realms of security management and source code collaboration, respectively. HCL AppScan has the upper hand in security features, while GitHub excels in code management and collaboration.
Features: HCL AppScan specializes in identifying vulnerabilities such as XSS and SQL injection and integrates well with agile processes to enhance security during development stages. Its strong test coverage and low false-positive rate are notable. GitHub is renowned for its robust source code management, pull requests, and advanced security options ideal for integrating with CI/CD pipelines.
Room for Improvement: HCL AppScan could better integrate with CI/CD environments and improve on mobile-specific vulnerabilities and false positives while also requiring more comprehensive technical support. GitHub needs to enhance its security scanning and improve the user interface for non-technical users. Additionally, resolving merge conflicts and streamlining integration with automation tools are areas needing attention.
Ease of Deployment and Customer Service: HCL AppScan supports primarily on-premises deployments, which can be less flexible compared to GitHub’s cloud-based options that offer simplicity in scaling and deployment. Both products provide satisfactory technical support, though HCL AppScan has faced challenges post-IBM support transition, whereas GitHub is often praised for its responsiveness.
Pricing and ROI: HCL AppScan is seen as expensive but valuable due to its extensive security capabilities, offering cost savings and quick ROI through reduced vulnerabilities. GitHub provides a highly cost-effective free version for public repositories, with enterprise licensing viewed as accessible and appealing for budget-conscious users seeking affordable solutions.
I have not used GitHub's technical support extensively because there are many resources and a robust knowledge base available due to the large user community.
The technical support from GitHub is generally good, and they communicate effectively.
Some forums help you get answers faster since you just type in your concern and see resolutions from other engineers.
Veracode provides excellent assistance and regularly scheduled calls to address customer concerns and updates.
We have never had a problem with scalability, so I would rate it at least eight to nine.
GitHub is more scalable than on-prem solutions, allowing for cloud-based scaling which is beneficial for processing large workloads efficiently.
It provides a reliable environment for code management.
If a skilled developer uses it, it is ten out of ten for stability.
GitHub is mostly stable, but there can be occasional hiccups.
One area for improvement in GitHub could be integration with other tools, such as test management or project management tools.
When solving merge conflicts, it would be helpful to have tooltips within the actions to know what changes could happen next when resolving a conflict.
There are still areas for improvement with GitHub Actions and their deployment workflows, as they have made significant progress but are not yet polished.
The pricing of GitHub is reasonable, with the cost being around seven dollars per user per month for private repositories.
The pricing of GitHub depends on the choice of solutions, such as building one's own GitHub Runners to save money or using GitHub's Runners with extra costs.
Normally, GitHub is not expensive, but it would be welcome if it reduces costs for developing countries.
Companies often choose based on budget constraints, with Veracode being on the higher end cost-wise.
The pull request facility for code review.
For branching, it works well, especially in an agile environment.
GitHub Actions allow for creating multiple jobs that run in different stages such as build, test, and deploy, which enable better visibility and control over the deployment pipeline.
AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
