We performed a comparison between FOSSA and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Their CLI tool is very efficient. It does not send your source code over to their servers. It just does fingerprinting. It is also very easy to integrate into software development practices."
"Being able to know the licenses of the libraries is most valuable because we sell products, and we need to provide to the customers the licenses that we are using."
"Policies and identification of open-source licensing issues are the most valuable features. It reduces the time needed to identify open-source software licensing issues."
"The most valuable feature is definitely the ease and speed of integrating into build pipelines, like a Jenkins pipeline or something along those lines. The ease of a new development team coming on board and integrating FOSSA with a new project, or even an existing project, can be done so quickly that it's invaluable and it's easy to ask the developers to use a tool like this. Those developers greatly value the very quick feedback they get on any licensing or security vulnerability issues."
"FOSSA provided us with contextualized, easily actionable intelligence that alerted us to compliance issues. I could tell FOSSA exactly what I cared about and they would tell me when something was out of policy. I don't want to hear from the compliance tool unless I have an issue that I need to deal with. That was what was great about FOSSA is that it was basically "Here's my policy and only send me an alert if there's something without a policy." I thought that it was really good at doing that."
"One of the things that I really like about FOSSA is that it allows you to go very granular. For example, if there's a package that's been flagged because it's subject to a license that may be conflicts with or raises a concern with one of the policies that I've set, then FOSSA enables you to go really granular into that package to see which aspects of the package are subject to which licenses. We can ultimately determine with our engineering teams if we really need this part of the package or not. If it's raising this flag, we can make really actionable decisions at a very micro level to enable the build to keep pushing forward."
"What I really need from FOSSA, and it does a really good job of this, is to flag me when there are particular open source licenses that cause me or our legal department concern. It points out where a particular issue is, where it comes from, and the chain that brought it in, which is the most important part to me."
"I found FOSSA's out-of-the-box policy engine to be accurate and that it was tuned appropriately to the settings that we were looking for. The policy engine is pretty straightforward... I find it to be very straightforward to make small modifications to, but it's very rare that we have to make modifications to it. It's easy to use. It's a four-category system that handles most cases pretty well."
"GitLab is a solution for source code management, container registry, pipelines, testing, and deployment."
"The important feature is the entire process of versioning source code maintenance and easy deployment. It is a necessity for the CI/CD pipeline."
"Git hosting has an integration with ACD which is why we liked this solution in the first place."
"The initial setup of GitLab is pretty simple, with no complications."
"I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."
"GitLab's best feature is Actions."
"It speeds up our development, it's faster, safer, and more convenient."
"The solution's service delivery model is fantastic."
"On the dashboard, there should be an option to increase the column width so that we can see the complete name of the GitHub repository. Currently, on the dashboard, we see the list of projects, but to see the complete name, you have to hover your mouse over an item, which is annoying."
"I would like the FOSSA API to be broader. I would like not to have to interact with the GUI at all, to do the work that I want to do. I would like them to do API-first development, rather than a focus on the GUI."
"I wish there was a way that you could have a more global rollout of it, instead of having to do it in each repository individually. It's possible, that's something that is offered now, or maybe if you were using the CI Jenkins, you'd be able to do that. But with Travis, there wasn't an easy way to do that. At least not that I could find. That was probably the biggest issue."
"For open-source management, FOSSA's out-of-the-box policy engine is easy to use, but the list of licenses is not as complete as we would like it to be. They should add more open-source licenses to the selection."
"On the legal and policy sides, there is some room for improvement. I know that our legal team has raised complaints about having to approve the same dependency multiple times, as opposed to having them it across the entire organization."
"The technical support has room for improvement."
"I want the product to include binary scanning which is missing at the moment. Binary scanning includes code and component matching through dependency management. It also includes the actual scanning and reverse engineering of the boundaries and finding out what is inside."
"I would like more customized categories because our company is so big. This is doable for them. They are still in the stages of trying to figure this out since we are one of their biggest companies that they support."
"GitLab would be improved with the addition of templates for deployment on local PCs."
"It could have more security integrations and the ability to check the vulnerability of the code. I don't think it is a responsibility of Gitlab, but it would be nice to have more options to integrate with."
"We'd always like to see better pricing on the product."
"I would like to have some features to support peer review."
"GitLab can improve the integration with third-party applications. It could be made easier. Additionally, having API control from my application could be helpful."
"It would be really good if they integrated more features in application security."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
"I would like to see better integration with project management tools such as Jira."
FOSSA is ranked 9th in Software Composition Analysis (SCA) with 12 reviews while GitLab is ranked 6th in Software Composition Analysis (SCA) with 70 reviews. FOSSA is rated 8.6, while GitLab is rated 8.6. The top reviewer of FOSSA writes "Compatibility with a wide range of dev tools, web and "C-type", enables us to scan across our ecosystem, including legacy software". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". FOSSA is most compared with Black Duck, Snyk, Mend.io and Fortify Static Code Analyzer, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton. See our FOSSA vs. GitLab report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
