We performed a comparison between GitLab and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitLab is very well-organized and easy to use. Also, it offers most features that customers need."
"GitLab is kind of an image of GitHub, so it gives us the flexibility to monitor our changes in the repos."
"It scales well."
"The most valuable features of GitLab are the review, patch repo, and plans are in YAML."
"GitLab is a solution for source code management, container registry, pipelines, testing, and deployment."
"CI/CD and GitLab scanning are the most valuable features."
"The important feature is the entire process of versioning source code maintenance and easy deployment. It is a necessity for the CI/CD pipeline."
"The solution is stable."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"The solution offers services in a few specific development languages."
"You can easily find particular features and functions through the UI."
"The solution is easy to use."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"The security and the dashboard are the most valuable features."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors."
"The solution should again offer an on-premises deployment option."
"It can be free for commercial use."
"We would like to generate document pages from the sources."
"We'd like to see better integration with the Atlassian ecosystem."
"The integration could be slightly better."
"It should be used by a larger number of people. They should raise awareness."
"As a partner, sometimes it's difficult to get support. They have a really complicated procedure for their support."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"Sometimes it doesn't work so well."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"It has crashed at times."
"There is not a central management for static and dynamic."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"AppScan is too complicated and should be made more user-friendly."
GitLab is ranked 6th in Application Security Tools with 70 reviews while HCL AppScan is ranked 14th in Application Security Tools with 41 reviews. GitLab is rated 8.6, while HCL AppScan is rated 7.8. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and OWASP Zap. See our GitLab vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.