Acunetix vs GitHub Code Scanning comparison

Invicti and GitHub are both solutions in the Static Application Security Testing (SAST) category. Invicti is ranked #5 with an average rating of 7.9, while GitHub is ranked #17 with an average rating of 8.0. Invicti holds a 2.7% mindshare in SAST, compared to GitHub’s 1.3% mindshare. Additionally, 89% of Invicti users are willing to recommend the solution, compared to 100% of GitHub users who would recommend it.

Acunetix

Read 38 Acunetix reviews

10,102 Views
5,657 Comparison Views

89% willing to recommend

GitHub Code Scanning

Read 6 GitHub Code Scanning reviews

2,177 Views
2,090 Comparison Views

100% willing to recommend

Acunetix

GitHub Code Scanning

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Acunetix and GitHub Code Scanning are key players in security and code testing. GitHub Code Scanning generally holds an advantage for its ease of use and seamless integration into development workflows.

Features: Acunetix provides comprehensive vulnerability detection, robust scanning, and extensive reporting for deep security analysis. GitHub Code Scanning offers seamless integration with CI/CD pipelines, a streamlined interface, and effective collaboration tools within the GitHub ecosystem.

Room for Improvement: Acunetix could benefit from enhanced integration, improved performance speed, and simplified user navigation. GitHub Code Scanning needs more comprehensive vulnerability detection, expanded language support, and enhanced reporting capabilities.

Ease of Deployment and Customer Service: Acunetix requires a complex setup but has satisfactory customer service. GitHub Code Scanning offers simple deployment with integrated support from the GitHub ecosystem, leading to higher user satisfaction.

Pricing and ROI: Acunetix comes with a higher upfront cost but offers significant long-term value through its exhaustive security features. GitHub Code Scanning provides cost-effective solutions via GitHub plans, achieving ROI through efficient workflow integration.

To learn more, read our detailed Acunetix vs. GitHub Code Scanning Report (Updated: June 2026).

Buyer's Guide

Acunetix vs. GitHub Code Scanning

June 2026

Download the complete report

Helped 900,644 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Acunetix

Ranking in Static Application Security Testing (SAST)

5th

Average Rating

7.8

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

Application Security Tools (8th), Vulnerability Management (21st), DevSecOps (5th)

GitHub Code Scanning

Ranking in Static Application Security Testing (SAST)

17th

Average Rating

8.6

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of June 2026, in the Static Application Security Testing (SAST) category, the mindshare of Acunetix is 2.7%, down from 3.8% compared to the previous year. The mindshare of GitHub Code Scanning is 1.3%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST) Mindshare Distribution
Product	Mindshare (%)
Acunetix	2.7%
GitHub Code Scanning	1.3%
Other	96.0%

Static Application Security Testing (SAST)

Featured Reviews

Rahul Kumar

Senior Engineer - Penetration Tester at a government with 10,001+ employees

Identifies vulnerabilities across bulk web applications but needs better support and cleaner reports

The best feature Acunetix offers is the centralized dashboard and the quality of reports it generates, which includes various options for selecting reports and developer options for directly sharing the reports with developers. The centralized dashboard of Acunetix gives visibility into the security aspects of mass applications; for instance, with more than 200 applications, it provides a valuable overview of findings and necessary fixes, along with a high-level summary that helps us achieve compliance through monthly and sometimes weekly scanning. In terms of reporting, Acunetix is excellent because it can generate different types of reports, such as an executive summary report, detailed reports, and developer reports that can be shared directly with developers. Acunetix positively impacts my organization by helping identify outdated libraries and applications, including legacy applications vulnerable to old attacks based on OWASP Top 10, thus aiding in compliance checks for PCI DSS and OWASP. Acunetix provides a centralized report with compliance-related aspects and a vulnerability timeline, effectively helping reduce vulnerabilities and save time.

Read full review

AbhishekKumar20

Software Development Manager at Amazon

Code scanning identifies vulnerabilities quickly and improves team response with minimal setup

I have been using Git for approximately 13-14 years. I have used GitHub Code Scanning for about three to four years. The primary purpose is to identify any vulnerability in the code itself. The system logs vulnerabilities that we can immediately examine to see all the error-prone areas. The AI functionalities include predefined agents that scan through and immediately provide responses regarding the best nomenclature or code coverage percentage. It's actually a one-time setup, and the team benefits as long as they push code and changes in the repository itself. Every time we push something, we immediately check the total deviation, whether our code coverage has improved, or if any vulnerability has been identified. There is always a metrics dashboard that we can see and identify. Primarily, GitHub is used for doing the versioning itself in the repository. With vulnerability functionality being provided and AI agents available, it makes a complete package. As soon as we publish our code, we immediately get to know the test code coverage. This immediately informs us about all the vulnerable areas which are not being fully tested. If we address those areas, most vulnerabilities are resolved. Even after tests are added, if by any chance the test is not treated cleanly or corner cases are missed, GitHub Code Scanning immediately flags those corners. It's always beneficial to have because it's not humanly possible to check all corner case scenarios, but as a system where they diagnose each line item, that's very helpful.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Acunetix is the best service in the world."

"As a team, it's helped us to deliver better security assessments."

"The solution is highly stable."

"I haven't seen reporting of that level in any other tool."

"If an organization has 100 plus applications and wants to use an automated scanner, they should definitely go ahead with Acunetix because it is very cost-effective and will save time compared to focusing on other solutions and performing manual security assessments."

"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."

"With Acunetix, we cut the time to make infrastructures and web applications for our colleagues more secure, and for one application with two or three critical vulnerabilities and some other vulnerabilities, it took about a week to remediate issues because the scan and findings were really fast."

"Picks up weaknesses in our app setups."

More Acunetix pros

"GitHub Code Scanning has positively impacted my organization as it helps us recognize errors and avoid many later issues which may arise."

"The solution helps identify vulnerabilities by understanding how ports communicate with applications running on a system. Ports are like house numbers; to visit someone's house, you must know their number. Similarly, ports are used to communicate with applications. For example, if you want to use an HTTP web server, you must use port 80. It is the port on which the web application or your server listens for incoming requests."

"GitHub Code Spaces brings significant value with its simplicity and ease of use."

"The static code analysis capability in GitHub Code Scanning is a very powerful feature, providing the ability to identify vulnerabilities and ensure code quality."

"It's very scalable, very easy to handle, and very intuitive."

"We use GitHub Code Scanning mostly for source code management."

Cons

"One of the biggest problems I've had with Acunetix is that it's hard to replicate things manually because you don't get the raw packet."

"The solution is generally stable, however, there might be room for improvement regarding glitches or bugs."

"Acunetix needs to include agent analysis."

"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."

"It is difficult to create a proxy connection."

"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."

"Improving the handling of false positives would be beneficial because it can be challenging to trust the findings flagged by Acunetix, and those findings must be manually validated."

"There is room for improvement in the pricing."

More Acunetix cons

"At times it becomes very annoying as it highlights certain things which are intuitive. They require code coverage for those aspects as an extra overhead."

"GitHub Code Scanning should add more templates."

"When running code scans, GitHub Code Scanning provides recommendations for probable fixes. However, integrating a feature where developers receive real-time highlights of vulnerabilities when checking in or merging a PR would be beneficial."

"One area for improvement could be the ability to have an AI system digest the reports generated from code scanning and provide a summary. Currently, the reports can be extensive, and users may overlook details, such as outdated libraries, which could be highlighted for attention."

Pricing and Cost Advice

"The pricing is a little high, and moreover, it's kind of domain-based."

"The costs aren't very expensive. It costs around $3000 or $4000."

"The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable."

"It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two years at 7,000 per year for only five applications. You cannot change the applications in the license. So, you are stuck with the same license for the five applications for one full year."

"When compared with other products, the pricing is a little bit high. But it gives value for the price. It serves the purpose and is worthwhile for the price we pay."

"Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."

"The cost is based on two types of licenses, ConsultLite, and ConsultPlus, as well as the number of domains that are scanned."

"I would say that Acunetix is expensive because there are products on the market with similar features that are equally or better-priced."

More Acunetix pricing and cost advice

"The minimum pricing for the tool is five dollars a month."

"GitHub Code Scanning is a moderately priced solution."

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

900,644 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

12%

Manufacturing Company

10%

Computer Software Company

Comms Service Provider

Financial Services Firm

11%

Manufacturing Company

10%

Computer Software Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	18
Midsize Enterprise	7
Large Enterprise	19

No data available

Questions from the Community

What is your primary use case for Acunetix Vulnerability Scanner?

In a typical enterprise environment, Acunetix is mainly used for visibility, detection, and investigation across network traffic. The main use cases usually fall into a few core areas, with primary...

See all answers

What advice do you have for others considering Acunetix Vulnerability Scanner?

I advise that Acunetix is the best option. Invest time in proper initial configuration and scope definitions. The tool is powerful, but its effectiveness depends heavily on how the authenticated ar...

See all answers

What is your experience regarding pricing and costs for Acunetix?

Everything is perfect and good, including the pricing and all related aspects.

See all answers

What is your experience regarding pricing and costs for GitHub Code Scanning?

The organization pays for the license of GitHub Code Scanning, but specific price details are unknown.

See all answers

What needs improvement with GitHub Code Scanning?

In my opinion, areas of GitHub Code Scanning that could be improved include that a few things are not visible to us, such as where it stores data and which path. There is a separate team for that w...

See all answers

What advice do you have for others considering GitHub Code Scanning?

I am an end user only here with GitHub Code Scanning. I currently might be using the latest version of GitHub Code Scanning, but I don't remember the specific version. I have not utilized the real-...

See all answers

Comparisons

PortSwigger Burp Suite Professional vs Acunetix

Compared 8% of the time

OWASP Zap vs Acunetix

Compared 7% of the time

HCL AppScan vs Acunetix

Compared 4% of the time

Invicti vs Acunetix

Compared 4% of the time

OpenText Dynamic Application Security Testing vs Acunetix

Compared 4% of the time

More Acunetix Competitors

SonarQube vs GitHub Code Scanning

Compared 16% of the time

Coverity Static vs GitHub Code Scanning

Compared 10% of the time

Aikido Security vs GitHub Code Scanning

Compared 6% of the time

HCL AppScan vs GitHub Code Scanning

Compared 6% of the time

OWASP Zap vs GitHub Code Scanning

Compared 5% of the time

More GitHub Code Scanning Competitors

Product Reports

Buyer's Guide

Acunetix

June 2026

Download Acunetix product report

Buyer's Guide

GitHub Code Scanning

June 2026

Download GitHub Code Scanning product report

Also Known As

AcuSensor

No data available

Overview

Acunetix is a dynamic application security tool used globally for web application vulnerability scanning, focusing on SQL injection and cross-site scripting.

Acunetix provides a comprehensive web vulnerability assessment platform designed for identifying and remediating security threats. Users benefit from its ability to schedule scans, boasting a fast detection rate for common vulnerabilities. The tool's centralized dashboard helps organizations with compliance monitoring and features such as crawling and login sequence enhancements, contributing depth to its security assessments. Despite high praise for its integration capabilities and automated scanning that saves time, pricing and false positives present challenges. Organizations often use Acunetix to maintain internal security and evaluate pre-release environments.

What are Acunetix's main features?

Comprehensive Reporting: Detailed reports assist in security analysis and compliance audits.
User-Friendly Interface: Simple navigation enhances user experience.
Scheduled Scans: Automation of scans allows for continuous monitoring.
Fast Detection: Quickly identifies vulnerabilities like SQL injection and cross-site scripting.
Integration Capabilities: Scalable solutions with compatibility across applications.
Crawling & Login Sequence: Improves depth in security analysis.

What benefits should businesses look for in reviews?

Low False Positive Rate: Accurate vulnerability detection saves time in analysis.
Time Efficiency: Automated scans reduce manual workload, improving team productivity.
Scalability: Integration features help accommodate growth and complexity.
Compliance Support: Centralized dashboard supports regulatory compliance checks.

In industries like finance, healthcare, and technology, Acunetix assists in protecting sensitive data through robust scanning and reporting capabilities. Its ability to perform dynamic assessments makes it a chosen tool in regulatory environments and development settings, offering both internal security inspections and pre-release evaluations.

Invicti

Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.

GitHub

Sample Customers

Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand

Information Not Available

Buyer's Guide

Acunetix vs. GitHub Code Scanning

June 2026

Free Report: Acunetix vs. GitHub Code Scanning

Find out what your peers are saying about Acunetix vs. GitHub Code Scanning and other solutions. Updated: June 2026.

DOWNLOAD NOW

900,644 professionals have used our research since 2012.

See our Acunetix vs. GitHub Code Scanning report.

See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.