We performed a comparison between GitHub and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best feature is the ability to track the history of all code changes, and it's easy to use. Additionally, as it's open source, anyone can use that feature resulting in distributed development. This opens the door to collaboration with different code and developer, feature, and master branches of development."
"We are finding GitHub is very stable."
"The flexibility of this solution has been most valuable. It operates on a pay per use basis where you can ramp up or decrease usage."
"GitHub's version control is valuable."
"It is really simple to set up."
"During our use of GitHub, we have not encountered any problems and GitHub adds new features frequently."
"GitHub provides good time reduction and this is what I value the most."
"This product allows us to easily collaborate on development tasks with our subcontractors, and control the workflow as the project progresses."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"The vulnerability management feature is a strong one. And also the patch management feature."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"It is easy to use."
"The descriptions within Github could be more user-friendly to show the trees of Gitflow."
"GitHub uses basic configuration, but messaging is not clear."
"The only thing I see missing in GitHub is that it isn't very user friendly for key personnel who don't have in-depth, technical knowledge. In Jira, there are many functions to upload our test cases, and in GitHub we can only do it manually. There are functions which can be used to upload different files, but that still requires some technical knowledge. A layman cannot do it."
"I would like to see more security where a plugin was available for us to update in relation to security."
"We would like this solution to have a more user-friendly interface."
"Scalability is an area with a shortcoming, because of which it has room for improvement."
"It would be good if there were training materials for junior developers."
"GitHub could add some more security features."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"Deployment can be complicated."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"There should be better visibility into the application."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"They should try to include business logic vulnerabilities in the scanner testing."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
More Qualys Web Application Scanning Pricing and Cost Advice →
GitHub is ranked 10th in Application Security Tools with 64 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. GitHub is rated 8.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". GitHub is most compared with Snyk, AWS CodeCommit, Atlassian SourceTree, Bitbucket and Sonatype Repository Firewall, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our GitHub vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.