GitLab vs Veracode comparison

You must select at least 2 products to compare!
GitLab Logo
4,165 views|3,359 comparisons
Veracode Logo
28,835 views|19,575 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between GitLab and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed GitLab vs. Veracode Report (Updated: September 2023).
734,963 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The most valuable feature of GitLab is its security.""I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus.""The most valuable feature of GitLab is its convenience. I am able to trace back most of my changes up to a far distance in time and it helps me to analyze and see the older version of the code.""The scalability is good.""GitLab is being used as a repository for our codebase and it is a one stop DevOps tool we use in our team.""GitLab's best features are continuous integration and fast deployment.""It is very flexible and easy because you can store data on cloud.""CI/CD is very good. The version control system is also good. These are the two features that we use."

More GitLab Pros →

"Veracode offers various security features.""I like Veracode's ease of integration with various cloud platforms and tools.""Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful.""The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use.""The recommendations and frequent updates are the most valuable features of Veracode.""Code scanning is the most valuable feature.""It pinpoints the errors. Its accuracy is very interesting. It also elaborates on flaws, meaning it provides you with details about what is valid or not and how something can be fixed.""The static analysis gives you deep insights into problems."

More Veracode Pros →

"I used Spring Cloud config and to connect that to GitLab was so hard.""I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment.""For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better.""As a partner, sometimes it's difficult to get support. They have a really complicated procedure for their support.""The integration and storage capabilities could be better.""There is room for improvement in GitLab Agents.""Their RBAC is role-based access, which is fine but not very good.""We do face issues in our company when we run out of disk space."

More GitLab Cons →

"The training lab is not very user-friendly and takes a long time to set up.""One area for improvement is the navigation in the UI. For junior developers or newcomers to the team, it can be confusing. The UI doesn't clearly bundle together certain elements associated with a scan. While running a scan, there are various aspects linked to it, but in the UI, they appear separate. It would be beneficial if they could redesign the UI to make it more intuitive for users.""It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount.""Scanning progress is highly dependent on the speed of the Internet.""There should be more APIs, especially in SCA, to get some results or automate some things.""Veracode does not support scans for .NET Blazor server applications.""Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly.""The number of false positives could be reduced a lot. For each good result, we are getting somewhere around 15 to 20 false positives."

More Veracode Cons →

Pricing and Cost Advice
  • "I don't mind the price because I use the free version."
  • "We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
  • "The price of GitLab could be better, it is expensive."
  • "I'm not aware of the licensing costs because those were covered by the customer."
  • "GitLab is an open-source solution."
  • "GitLab's pricing is good compared to others on the market."
  • "In terms of the pricing for GitLab, on a scale of one to five, with one being expensive and five being cheap, I'm rating pricing for the solution a four. It could still be cheaper because right now, my company has a small team, and sometimes it's difficult to use a paid product for a small team. You'd hope the team will grow and scale, but currently, you're paying a high license fee for a small team. I'm referring to the GitLab license that has premium features and will give you all features. This can be a problem for management to approve the high price of the license for a team this small."
  • "This product is not very expensive but the price can be better."
  • More GitLab Pricing and Cost Advice →

  • "From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."
  • "The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."
  • "It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as compared to the other competitors, and any small, medium, or big company can easily adopt Veracode. Its cost includes deployment, training, and support for one year."
  • "The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."
  • "There is a fee to scale up the solution which I consider expensive."
  • "I know that Veracode is a semi-pricey solution. If you are serious about security, I would recommend that you use an open-source option to learn how the scanning process works and then look into Veracode if you want to really step up your game and have an all-in-one solution."
  • "I wouldn't really recommend Veracode for a small firm, because it might be a little pricey for them. But for a large organization, with more than 1,000 applications in the enterprise, there are tiered levels of pricing."
  • "There are no setup or implementation charges. They offer a free trial and free consulting services... The price depends on your requirements, your source code sizes, and how complicated your source code is."
  • More Veracode Pricing and Cost Advice →

    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    734,963 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:We are using the open-source version, anyone can download it.
    Top Answer:The documentation is confusing. Sometimes, it is incomplete or has incorrect information. I have informed the vendor about it. Some features in the GitLab Community Edition are not available to us.
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Top Answer:The SAST and DAST modules are great.
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Average Words per Review
    Average Words per Review
    SonarQube logo
    Compared 35% of the time.
    Checkmarx logo
    Compared 15% of the time.
    Fortify on Demand logo
    Compared 6% of the time.
    OWASP Zap logo
    Compared 5% of the time.
    Acunetix logo
    Compared 2% of the time.
    Also Known As
    Learn More

    GitLab is a DevOps platform used for DevOps adoption, including pipeline development, automation, deployment, version control, and CI/CD. It is also used as a repository for code, issue, and configuration management. It can be deployed on-premise or in the cloud and is used by various industries. 

    The most valuable features include integration with CIE, rapid deployment, ease of use, good customer support, stability, scalability, automation, and security. GitLab has helped organizations save time by providing easy merging of code and frequent updates.

    GitLab Benefits

    Some of the ways that organizations can benefit by deploying GitLab include:

    • Easy solution configuration. GitLab does not require organizations to devote significant time and other resources to bringing it online. It can be quickly installed by a business’s IT team to any device or cloud that is most convenient for them. IT teams can install it using either GUI installer or a command line installer, depending on what is more convenient for them.
    • Source code storage and management security. Developers can use GitLab to control who is able to access the source code that they are working on and manage the security of the location where the code is being stored. Gitlab makes it so that users get to decide the privacy status of their code and storage. This keeps unauthorized individuals from gaining access to their sensitive and proprietary code.
    • DevOps feedback. GitLab gives users the ability to learn from what they are doing and improve their DevOps practices. It will assign to their DevOps pipeline scores that can enable them to see where they might be lacking and do better.

    GitLab Features

    • Secret detection customization. Users can set GitLab to scan for sensitive data that might have accidentally been stored with the source code under development. Users can set custom parameters and discover at-risk data before it can be leaked.
    • Custom notifications. This feature makes it easy for developers to keep track of the changes that are being applied to their projects. They can set GitLab so that it sends them a notification when changes are made. These notifications can be customized to meet the developer's specific needs.
    • Built-in CI/CD capabilities. Users are able to build, test, and deploy their software without turning to outside integrations. The CI/CD automation is built-in so that all of these functions can be easily automated as necessary.

    Reviews from Real Users

    GitLab is a solution that stands out when compared to many of its competitors. Two major advantages it offers are the overall completeness of the solution and the way that it enables application developers to work on various parts of a given project simultaneously.

    Kulbhushan M., co-founder and technical architect at Think NYX Technologies LLP, writes, “The SaaS setup is impressive, and it has DAST solutions. It also has dependency check and scanning mechanisms. If we were using other solutions, they would have to be configured, and we would have to set them to us as a third party, but GitLab is straightforward. GitLab is a single solution that helps us do everything we need.”

    Zeeshan R., a software engineer at OZ, writes, “The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish. We can all work on our code in tandem.”

    Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

    Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

    Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

    Here are some of the benefits of using Veracode:

    • Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
    • Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application. 
    • Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.
    Learn more about GitLab
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Sample Customers
    Siemens, University of Washington, Equinix, Paessler AG, CNCF, Ticketmaster, CERN, Vaadin
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    Financial Services Firm18%
    Computer Software Company18%
    Manufacturing Company14%
    Educational Organization27%
    Computer Software Company12%
    Financial Services Firm10%
    Manufacturing Company7%
    Financial Services Firm27%
    Computer Software Company18%
    Insurance Company9%
    Comms Service Provider5%
    Financial Services Firm18%
    Computer Software Company16%
    Manufacturing Company8%
    Company Size
    Small Business45%
    Midsize Enterprise8%
    Large Enterprise48%
    Small Business15%
    Midsize Enterprise34%
    Large Enterprise51%
    Small Business29%
    Midsize Enterprise19%
    Large Enterprise52%
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise71%
    Buyer's Guide
    GitLab vs. Veracode
    September 2023
    Find out what your peers are saying about GitLab vs. Veracode and other solutions. Updated: September 2023.
    734,963 professionals have used our research since 2012.

    GitLab is ranked 6th in Application Security Tools with 50 reviews while Veracode is ranked 2nd in Application Security Tools with 70 reviews. GitLab is rated 8.6, while Veracode is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Veracode writes "Good reporting, comprehensive interface, and integrates well into our build pipeline". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, TeamCity and UrbanCode Deploy, whereas Veracode is most compared with SonarQube, Checkmarx, Fortify on Demand, OWASP Zap and Acunetix. See our GitLab vs. Veracode report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.