Try our new research platform with insights from 80,000+ expert users

GitLab vs Veracode comparison

GitLab and Veracode are both solutions in the Application Security Tools category. GitLab is ranked #9 with an average rating of 8.6, while Veracode is ranked #2 with an average rating of 8.1. GitLab holds a 2.8% mindshare in AS, compared to Veracode’s 9.2% mindshare. Additionally, 97% of GitLab users are willing to recommend the solution, compared to 90% of Veracode users who would recommend it.
GitLab
Read 84 GitLab reviews
  • 3,342 Views
  • 2,379 Comparison Views
97% willing to recommend
Veracode
Read 201 Veracode reviews
  • 14,613 Views
  • 9,530 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Apr 20, 2025

Veracode and GitLab are leading tools in the security and DevOps categories, respectively. Veracode stands out in security-focused applications due to its in-depth analysis and vulnerability management, while GitLab is prominent in collaborative development with superior version control and CI/CD capabilities.

Features: Veracode provides thorough static and dynamic analyses, seamless integration into development processes, and extensive language support, beneficial for catching vulnerabilities early. GitLab offers efficient CI/CD pipeline management, repository hosting, and integration with various development tools, making it ideal for maintaining code integrity throughout the development cycle.

Room for Improvement: Veracode users suggest enhancements in false-positive management, expanding language support, and reducing scan times for large applications. GitLab could benefit from stronger integration with third-party apps, more advanced security features, and streamlined CI/CD pipeline integrations for improved project management.

Ease of Deployment and Customer Service: Veracode offers versatile deployment options, including hybrid and public clouds, but faces criticism for customer support response times. GitLab supports both on-premises and cloud deployments, receiving positive feedback for its agile and proactive customer service, which is crucial for continuous development environments.

Pricing and ROI: Veracode is positioned as a premium service with substantial ROI through enhanced security and compliance, suitable for organizations with heavy security investments. GitLab provides flexible pricing, including a free version, and its open-source nature offers cost-saving opportunities for smaller teams and organizations seeking robust DevOps solutions.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed GitLab vs. Veracode Report (Updated: May 2025).
Buyer's Guide
GitLab vs. Veracode
May 2025
Download the complete report
Helped 856,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.6
GitLab improves ROI by increasing efficiency, reducing deployment time, and enhancing DevOps through cost-saving, automation, and vulnerability management.
Sentiment score
6.9
Veracode improved code quality, security, and efficiency, leading to cost savings, faster releases, and enhanced operational benefits for organizations.
Migrating to GitLab is bringing time-saving benefits, and everything is easier to automate.
We have saved time significantly, reducing deployment time from four hours to five minutes per deployment.
For more quotes and insights, download the GitLab report
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
For more quotes and insights, download the Veracode report
reviewer2603940 - PeerSpot reviewerAndrea PICCININI - PeerSpot reviewer
AM
reviewer2703864 - PeerSpot reviewer
 

Customer Service

Sentiment score
6.8
GitLab's support varies by license; paid users praise responsiveness, while free version users rely on community forums and documentation.
Sentiment score
7.4
Veracode provides effective, prompt support with knowledgeable staff, though response times and coordination occasionally need improvement.
We have rarely needed to escalate issues to technical support since GitLab usually runs seamlessly.
I have interacted with architects for some advice during the implementation, and they were prompt in their response.
I have had meetings where they taught me, explained things, and provided guidance for starting from scratch.
For more quotes and insights, download the GitLab report
Access to the engineering team is crucial for faster feedback on the product fix process.
They are very responsive and quick to help with queries within our scope.
They respond very quickly since security is something critical.
For more quotes and insights, download the Veracode report
Gaurav Chandel - PeerSpot reviewerMikhael Ibrahim - PeerSpot reviewerreviewer2603940 - PeerSpot reviewer
SR
Kv Rao - PeerSpot reviewer
AM
 

Scalability Issues

Sentiment score
7.4
GitLab's scalable container architecture supports diverse environments, flexible deployment, and smooth integration, despite some configuration and scaling challenges.
Sentiment score
7.5
Veracode is scalable and effective for large user volumes, though some note potential scaling costs and manageable packaging challenges.
It has all the features required for our coding and deployment needs, which makes it scalable to our changing requirements.
We're transitioning to OpenShift for future scalability with increased user numbers.
For scaling, other deployment options from GitLab's side need to be adopted.
For more quotes and insights, download the GitLab report
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
For more quotes and insights, download the Veracode report
Sarfaraz Khan - PeerSpot reviewerMikhael Ibrahim - PeerSpot reviewerRohit Kesharwani - PeerSpot reviewer
AM
BP
 

Stability Issues

Sentiment score
8.2
GitLab is highly stable and reliable, with minor issues mainly under heavy load or during updates.
Sentiment score
8.0
Users find Veracode stable and reliable, with occasional well-communicated maintenance and improved stability, despite some glitches and false positives.
I have not encountered any performance or stability issues with GitLab so far.
The updates are frequent and demanding, happening at least once a week due to security reasons.
For more quotes and insights, download the GitLab report
If the Veracode server is down, we experience many issues during the scan.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
For more quotes and insights, download the Veracode report
Gaurav Chandel - PeerSpot reviewer
AS
BP
reviewer2703864 - PeerSpot reviewer
 

Room For Improvement

GitLab users seek improved CI/CD automation, integrations, user interface, project management, security, pricing, and support for enhanced usability.
Veracode faces criticism for false positives, outdated UI, slow scans, high costs, and poor support for new technologies.
It would be beneficial to have a user-friendly interface for setting up these configurations, instead of just writing YAML files.
It is essential to conduct proper testing, such as unit tests and code coverage, within the SDLC pipelines.
GitLab can improve its user interface to make conflict resolution more user-friendly.
For more quotes and insights, download the GitLab report
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
For more quotes and insights, download the Veracode report
reviewer2603940 - PeerSpot reviewerRohit Kesharwani - PeerSpot reviewerSarfaraz Khan - PeerSpot reviewer
HS
BP
reviewer2700198 - PeerSpot reviewer
 

Setup Cost

GitLab provides flexible pricing with open-source access and paid tiers, catering to different enterprise needs and budgets.
Veracode's high pricing suits large enterprises but is challenging for smaller businesses, with negotiable terms for optimal value.
Even when working in other small organizations, we opted for GitLab as it was cost-efficient.
The pricing of GitLab is reasonable, aligning with what I consider to be average compared to competitors.
The price is high, and it limits user accessibility.
For more quotes and insights, download the GitLab report
It's not the most expensive solution.
If there's a security gap, you'll never know the cost or effect.
Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode.
For more quotes and insights, download the Veracode report
Sarfaraz Khan - PeerSpot reviewerreviewer2603940 - PeerSpot reviewerAndrea PICCININI - PeerSpot reviewer
AM
HS
BP
 

Valuable Features

GitLab excels in UI, CI/CD, code management, and integration, offering user-friendly, efficient, and scalable development and deployment features.
Veracode integrates with CI/CD pipelines, offering fast scans, low false positives, and tools for efficient vulnerability management and compliance.
As we implement automated testing and DevSecOps, it speeds up the process by forty to sixty percent.
The Ultimate version offers enhanced features for security scanning through DAST and SAST analysis, which have greatly benefitted our project workflow.
By integrating GitLab as a DevOps platform, we have enhanced agility, improved our time to market, and different teams can work collaboratively on various projects.
For more quotes and insights, download the GitLab report
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
For more quotes and insights, download the Veracode report
Mikhael Ibrahim - PeerSpot reviewerAndrea PICCININI - PeerSpot reviewerRohit Kesharwani - PeerSpot reviewerKv Rao - PeerSpot reviewer
HS
reviewer2700198 - PeerSpot reviewer
 

Categories and Ranking

GitLab
Ranking in Application Security Tools
9th
Ranking in Static Application Security Testing (SAST)
6th
Ranking in Software Composition Analysis (SCA)
5th
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
84
Ranking in other categories
Build Automation (1st), Release Automation (2nd), Rapid Application Development Software (11th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (3rd), DevSecOps (1st)
Veracode
Ranking in Application Security Tools
2nd
Ranking in Static Application Security Testing (SAST)
2nd
Ranking in Software Composition Analysis (SCA)
3rd
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
201
Ranking in other categories
Container Security (8th), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)
 

Mindshare comparison

As of June 2025, in the Application Security Tools category, the mindshare of GitLab is 2.8%, up from 2.8% compared to the previous year. The mindshare of Veracode is 9.2%, down from 10.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Improved agility and time to market with CI/CD enhancements
The CI/CD pipelines in GitLab ( /products/gitlab-reviews ) are highly valuable. Another important feature is the single source of repository, allowing efficient repository management and source code management. GitLab provides manageability by allowing us to manage source code effectively through separate repositories. Additionally, GitLab enables the creation of individual CI/CD pipelines for each repository, making software more agile. By integrating GitLab as a DevOps platform, we have enhanced agility, improved our time to market, and different teams can work collaboratively on various projects.
Read full review
David-Robertson - PeerSpot reviewer
Static scanning and software composition analysis are very helpful, but the usability needs improvement
Static scanning and software composition analysis are very helpful. My colleagues and I don't need to be experts on all of those ancillary things, so we can focus more on the business deliverables. They have a pretty good tool that allows me to run scans of my local integrated development environment. I can find a lot of those flaws a lot sooner than I would if I had to wait for these cloud-based scans. They've come out with some sort of automated fix feature. I haven't used it, but they gave us a demo of it, and that one looks promising. I don't know if it's ready for prime time yet.
Read full review
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
856,873 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
16%
Financial Services Firm
13%
Computer Software Company
13%
Government
9%
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
8%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about GitLab?
I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
See all answers
What is your experience regarding pricing and costs for GitLab?
The pricing and cost are on par with other tools and are neither too expensive nor cheap.
See all answers
What needs improvement with GitLab?
One significant feature we lack is the configuration that enforces code reviews, which simplifies the development life cycle. Unfortunately, this is available only at a higher license level than we...
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
What do you like most about Veracode?
The SAST and DAST modules are great.
See all answers
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
See all answers
 

Comparisons

Microsoft Azure DevOps vs GitLab Logo
Microsoft Azure DevOps vs GitLab
Compared 24% of the time
GitHub CoPilot vs GitLab Logo
GitHub CoPilot vs GitLab
Compared 15% of the time
SonarQube Server (formerly SonarQube) vs GitLab Logo
SonarQube Server (formerly SonarQube) vs GitLab
Compared 7% of the time
Tekton vs GitLab Logo
Tekton vs GitLab
Compared 5% of the time
SonarQube Cloud (formerly SonarCloud) vs GitLab Logo
SonarQube Cloud (formerly SonarCloud) vs GitLab
Compared 2% of the time
More GitLab Competitors
SonarQube Server (formerly SonarQube) vs Veracode Logo
SonarQube Server (formerly SonarQube) vs Veracode
Compared 19% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 10% of the time
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
Compared 7% of the time
Fortify on Demand vs Veracode Logo
Fortify on Demand vs Veracode
Compared 4% of the time
Snyk vs Veracode Logo
Snyk vs Veracode
Compared 4% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
GitLab
June 2025
GitLab reportDownload GitLab product report
Buyer's Guide
Veracode
May 2025
Veracode reportDownload Veracode product report
 

Also Known As

Fuzzit
Crashtest Security , Veracode Detect
 

Overview

GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster. 

It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring. 

With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

GitLab

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

  • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
  • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
  • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
  • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
  • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

  • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
  • Scalability - Supports organizations with large-scale application portfolios.
  • Compliance support - Ensures applications meet various security standards and regulations.
  • Developer training - Provides tools for educating developers on secure coding practices.
  • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode
 

Sample Customers

1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
GitLab vs. Veracode
May 2025
Free Report: GitLab vs. Veracode
Find out what your peers are saying about GitLab vs. Veracode and other solutions. Updated: May 2025.
DOWNLOAD NOW
856,873 professionals have used our research since 2012.
See our GitLab vs. Veracode report.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.