We performed a comparison between Fortify Static Code Analyzer and GitLab based on real PeerSpot user reviews.
Find out what your peers are saying about Veracode, Checkmarx, OpenText and others in Static Code Analysis."We write software, and therefore, the most valuable aspect for us is basically the code analysis part."
"You can really see what's happening after you've developed something."
"The most valuable features include its ability to detect vulnerabilities accurately and its integration with our CI/CD pipeline."
"The reference provided for each issue is extremely helpful."
"The integration Subset core integration, using Jenkins is one of the good features."
"It's helped us free up staff time."
"Its flexibility is most valuable. It is such a flexible tool. It can be implemented in a number of ways. It can do anything you want it to do. It can be fully automated within a DevOps pipeline. It can also be used in an ad hoc, special test case scenario and anywhere in between."
"I like the Fortify taxonomy as it provides us with a list of all of the vulnerabilities found. Fortify release updated rule packs quarterly, with accompanying documentation, that lets us know what new features are being released."
"It is very useful for reviews. We are using branch merging operations and full reset operations. It is also very useful for merging our code and tracking another branch. The graph diagrams of Git are very useful. Its interface is straightforward and not too complex for us."
"We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people."
"GitLab's best features are maintenance, branch integration, and development infrastructure."
"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"Of all available products, it was the easiest to use and easy to install."
"The merging feature makes it easy later on for the deployment."
"The most valuable feature of GitLab is its convenience. I am able to trace back most of my changes up to a far distance in time and it helps me to analyze and see the older version of the code."
"The most valuable feature of GitLab is the ability to upload scripts and make changes when needed and then reupload them. Additionally, the solution is user-friendly."
"Not all languages are supported in Fortify."
"Fortify's software security center needs a design refresh."
"The troubleshooting capabilities of this solution could be improved. This would reduce the number of cases that users have to submit."
"The generation of false positives should be reduced."
"Fortify Static Code Analyzer is a good solution, but sometimes we receive false positives. If they could reduce the number of false positives it would be good."
"The pricing is a bit high."
"The product shows false positives for Python applications."
"The price can be improved."
"GitLab doesn't have AWS integration. It would be better to have integration with other container management environments beyond Kubernetes. It has very good integration with Kubernetes, but it doesn't have good integration with, for example, AWS, ETS, etc."
"GitLab's UI could be improved."
"I would like more Agile features in the Premium version. The Premium version should have all Agile features that exist in the Ultimate version. IBM AOM has a complete Agile implementation, but in GitLab, you only have these features if you buy the Ultimate version. It would be good if we can use these in the Premium version."
"We'd like to see better integration with the Atlassian ecosystem."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"Perhaps the integration could be better."
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
Fortify Static Code Analyzer is ranked 3rd in Static Code Analysis with 14 reviews while GitLab is ranked 7th in Application Security Tools with 70 reviews. Fortify Static Code Analyzer is rated 8.4, while GitLab is rated 8.6. The top reviewer of Fortify Static Code Analyzer writes "Seamless to integrate and identify vulnerabilities and frees up staff time". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Fortify Static Code Analyzer is most compared with Black Duck, Snyk, Veracode, Sonatype Lifecycle and Mend.io, whereas GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Sonatype Lifecycle.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.