HCL AppScan and GitHub compete in the domain of software development, focusing on security and source code management, respectively. GitHub appears to have an edge due to its comprehensive source code management and collaborative features, despite HCL AppScan's strong security scanning capabilities.
Features: HCL AppScan provides comprehensive security scanning abilities to detect vulnerabilities like SQL injection and XSS, integrates seamlessly into the development process, and delivers detailed reports with a low false-positive rate. GitHub is notable for its source code management, collaboration tools, and version control capabilities, and offers many free features for open-source projects, making it a preferred choice for developers.
Room for Improvement: HCL AppScan could improve by reducing false positives, enhancing usability, expanding language support, and optimizing performance for large-scale scans. GitHub may benefit from better security features, simplification of complex operations like merging, improved project management tools, and more refined search functionality.
Ease of Deployment and Customer Service: HCL AppScan is flexible, available on-premises and in various cloud environments, though technical support has faced criticism for slow responses. GitHub is renowned for its ease of use, quick deployment on public and hybrid clouds, and responsive customer service, despite occasional issues with support management.
Pricing and ROI: HCL AppScan is considered expensive, yet offers a significant return on investment through its feature set and security improvements, resulting in a reduction in defect rates. GitHub's largely open-source model provides a cost-effective solution with reasonable licensing and subscription options, especially appealing to smaller companies for its affordability and favorable cost-value perception.
I have not used GitHub's technical support extensively because there are many resources and a robust knowledge base available due to the large user community.
The technical support from GitHub is generally good, and they communicate effectively.
Some forums help you get answers faster since you just type in your concern and see resolutions from other engineers.
Veracode provides excellent assistance and regularly scheduled calls to address customer concerns and updates.
We have never had a problem with scalability, so I would rate it at least eight to nine.
GitHub is more scalable than on-prem solutions, allowing for cloud-based scaling which is beneficial for processing large workloads efficiently.
It provides a reliable environment for code management.
If a skilled developer uses it, it is ten out of ten for stability.
GitHub is mostly stable, but there can be occasional hiccups.
One area for improvement in GitHub could be integration with other tools, such as test management or project management tools.
When solving merge conflicts, it would be helpful to have tooltips within the actions to know what changes could happen next when resolving a conflict.
There are still areas for improvement with GitHub Actions and their deployment workflows, as they have made significant progress but are not yet polished.
The pricing of GitHub is reasonable, with the cost being around seven dollars per user per month for private repositories.
The pricing of GitHub depends on the choice of solutions, such as building one's own GitHub Runners to save money or using GitHub's Runners with extra costs.
Normally, GitHub is not expensive, but it would be welcome if it reduces costs for developing countries.
Companies often choose based on budget constraints, with Veracode being on the higher end cost-wise.
The pull request facility for code review.
For branching, it works well, especially in an agile environment.
GitHub Actions allow for creating multiple jobs that run in different stages such as build, test, and deploy, which enable better visibility and control over the deployment pipeline.
AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
