We performed a comparison between GitLab and Rapid7 AppSpider based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Everything is easy to configure and easy to work with."
"The most valuable feature of GitLab is the ability to upload scripts and make changes when needed and then reupload them. Additionally, the solution is user-friendly."
"The tool helps to integrate CI/CD pipeline deployments. It is very easy to learn. Its security model is good."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"The most valuable features of Gitlab are integration with CIE and the ability to rapidly deploy solutions, projects, and applications. It is very easy to use, and there are no complaints."
"It scales well."
"It's a great toolbox where the CI/CD pipeline is the fundamental component, but there are so many other features that you can pull from, which makes it a very powerful tool. My current client is using AWS, and they can, of course, use AWS CodePipeline, but GitLab is much more mature than that, and it also gives you the freedom to decide to go to another platform or have a multi-cloud strategy and things like that. That freedom for me is also very valuable."
"I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"The setup is usually straightforward."
"The most valuable feature is the reporting, which is compliant with international standards."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"It is really accurate and the rate of false positives is very low."
"There is a need to improve or adopt AI into the ecosystem like a co-pilot, which Microsoft has done with GitHub."
"It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain."
"GitLab can improve by integrating with more tools, such as servers with Docker."
"This solution could be improved by adding modifications such as slack notifications."
"Some of the scripts that we encountered in GitLab were not fully functional and threw up errors."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"We would like to have easier tutorials. Their tutorials are too technical for a user to understand. They should be more detailed but less technical."
"I would like to see better integration with project management tools such as Jira."
"The dashboard and interface are crucial and they need some improvement."
"Integration could be better."
"This price of this solution is a little bit expensive."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"It needs better integration with mobile applications."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"The enterprise interface is too simple. It should be more customizable."
"The tech support is responsive but issues remain unresolved."
GitLab is ranked 7th in Static Application Security Testing (SAST) with 70 reviews while Rapid7 AppSpider is ranked 26th in Static Application Security Testing (SAST) with 13 reviews. GitLab is rated 8.6, while Rapid7 AppSpider is rated 7.8. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and Qualys Web Application Scanning. See our GitLab vs. Rapid7 AppSpider report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
