We performed a comparison between GitLab and OWASP Zap based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Of the two solutions, users find deployment to be easier with Gitlab. For this reason, Gitlab comes out slightly on top in this comparison.
"I have had no problem with the stability of the solution."
"It speeds up our development, it's faster, safer, and more convenient."
"The most valuable features of GitLab are the review, patch repo, and plans are in YAML."
"CI/CD is very good. The version control system is also good. These are the two features that we use."
"I like GitLab's security and SAS tools."
"It is scalable."
"It is a speedy platform compared to the others I have used. I have also enjoyed using the platform as this solution offers a good user experience."
"The initial setup of GitLab is pretty simple, with no complications."
"The solution is scalable."
"The application scanning feature is the most valuable feature."
"Fuzzer and Java APIs help a lot with our custom needs."
"The ZAP scan and code crawler are valuable features."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"They offer free access to some other tools."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"We are having a few problems integrating with Jira at the moment, which is something that our IT department is investigating."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"GitLab could add a plugin to integrate with Kubernetes stuff."
"I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities."
"It should be used by a larger number of people. They should raise awareness."
"It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful."
"I rate the support from GitLab a four out of five."
"I would like configuration of a YML file to be done via UI rather than a code file."
"The product should allow users to customize the report based on their needs."
"It doesn't run on absolutely every operating system."
"OWASP Zap needs to extend to mobile application testing."
"Deployment is somewhat complicated."
"There isn't too much information about it online."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"It would be nice to have a solid SQL injection engine built into Zap."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
GitLab is ranked 7th in Static Application Security Testing (SAST) with 70 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. GitLab is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and ImmuniWeb. See our GitLab vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.