We performed a comparison between GitLab and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people."
"The tool helps to integrate CI/CD pipeline deployments. It is very easy to learn. Its security model is good."
"CI/CD and GitLab scanning are the most valuable features."
"The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI."
"We like that we can have an all-encompassing product and don't have to implement different solutions."
"The initial setup of GitLab is pretty simple, with no complications."
"The SaaS setup is impressive, and it has DAST solutioning."
"Everything is easy to configure and easy to work with."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"Scan, proxify the application, and then detailed report along with evidence and remediations to problems."
"I like that it's stable and technical support is great."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better."
"I would like configuration of a YML file to be done via UI rather than a code file."
"It would be really good if they integrated more features in application security."
"We would like to generate document pages from the sources."
"I rate the support from GitLab a four out of five."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"The support's response time could be faster since we are in different time zones."
"The custom attack preparation screen might be improved."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"The scanner itself should be improved because it is a little bit slow."
"The scannings are not sufficiently updated."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"The solution needs to make a more specific report."
GitLab is ranked 7th in Application Security Tools with 70 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. GitLab is rated 8.6, while Invicti is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Fortify WebInspect. See our GitLab vs. Invicti report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.