We performed a comparison between GitLab and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable."
"GitLab offers a good interface for doing code reviews between two colleagues."
"The most valuable functionality of GitLab, for me, is the DevOps. Besides the normal source control based on Git, I find the Auto DevOps features most important in the solution."
"The merging feature makes it easy later on for the deployment."
"I like GitLab from the CI/CD perspective. It is much easier to set up CI/CD and then integrate with other tools."
"The dashboard and interface make it easy to use."
"We use the Git repository and tagging feature. We are a product-based company and use this solution to move to a forward or backward tag."
"The SaaS setup is impressive, and it has DAST solutioning."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"Invicti is a good product, and its API testing is also good."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"The scanner and the result generator are valuable features for us."
"I like that it's stable and technical support is great."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
"GitLab could add a plugin to integrate with Kubernetes stuff."
"It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful."
"The solution could be faster."
"I would like configuration of a YML file to be done via UI rather than a code file."
"Reporting could be improved."
"GitLab could improve by having more plugins and better user-friendliness."
"The pricing model of GitLab is an issue for me."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"The solution needs to make a more specific report."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"The scannings are not sufficiently updated."
"Right now, they are missing the static application security part, especially web application security."
"The scanner itself should be improved because it is a little bit slow."
GitLab is ranked 7th in Application Security Tools with 70 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. GitLab is rated 8.6, while Invicti is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Fortify WebInspect. See our GitLab vs. Invicti report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.