We performed a comparison between GitLab and Rapid7 AppSpider based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Git hosting has an integration with ACD which is why we liked this solution in the first place."
"As a developer, this solution is useful as a repository holder because most of the POC projects that we have are on GitLab."
"I like GitLab from the CI/CD perspective. It is much easier to set up CI/CD and then integrate with other tools."
"The most valuable feature of GitLab is its convenience. I am able to trace back most of my changes up to a far distance in time and it helps me to analyze and see the older version of the code."
"GitLab's best feature is Actions."
"It speeds up our development, it's faster, safer, and more convenient."
"The user interface is really good so that helps with huge teams who need to collaborate."
"GitLab integrates well with other platforms."
"It scans all the components developed within a web application."
"It is really accurate and the rate of false positives is very low."
"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"The setup is usually straightforward."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository. Resolving that issue would make the product better. My team quickly fixed it by writing a small script, then double-clicking or enabling the script to take care of the issue. However, that quick fix was from my team and not the GitLab team, so in the next release, if an automatic deployment feature would be available in GitLab, then that would be good because, in Visual Studio, you can do that with just one click of a button."
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
"Some of the scripts that we encountered in GitLab were not fully functional and threw up errors."
"For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"Merge conflicts and repository maintenance could improve. If there is someone new to the system they would not know if there is a conflict."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"It needs better integration with mobile applications."
"Support response times are slow and can be improved."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"The dashboard and interface are crucial and they need some improvement."
"The tech support is responsive but issues remain unresolved."
"The enterprise interface is too simple. It should be more customizable."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
GitLab is ranked 7th in Static Application Security Testing (SAST) with 70 reviews while Rapid7 AppSpider is ranked 26th in Static Application Security Testing (SAST) with 13 reviews. GitLab is rated 8.6, while Rapid7 AppSpider is rated 7.8. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and Qualys Web Application Scanning. See our GitLab vs. Rapid7 AppSpider report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
