We performed a comparison between GitLab and OWASP Zap based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Of the two solutions, users find deployment to be easier with Gitlab. For this reason, Gitlab comes out slightly on top in this comparison.
"For us, Gitlab's most valuable feature is the integration with Cypress. We're using Cypress as an automation tool, so we're using GitLab as a tool for running in parallel."
"As a developer, this solution is useful as a repository holder because most of the POC projects that we have are on GitLab."
"GitLab integrates well with other platforms."
"The most valuable feature of GitLab is the ability to upload scripts and make changes when needed and then reupload them. Additionally, the solution is user-friendly."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"The most valuable feature of GitLab is the automatic merging of code."
"GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable."
"I like GitLab from the CI/CD perspective. It is much easier to set up CI/CD and then integrate with other tools."
"You can run it against multiple targets."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"Fuzzer and Java APIs help a lot with our custom needs."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"The application scanning feature is the most valuable feature."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"The API is exceptional."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"GitLab could consider introducing a code-scanning tool. Purchasing such tools from external markets can incur charges, which might not be favorable. Integrating these features into GitLab would streamline the pipeline and make it more convenient for users."
"It would be really good if they integrated more features in application security."
"The solution could be faster."
"We are having a few problems integrating with Jira at the moment, which is something that our IT department is investigating."
"This solution could be improved by adding modifications such as slack notifications."
"The solution should again offer an on-premises deployment option."
"There is room for improvement in GitLab Agents."
"I would like to see security increased in the future. A secure environment is very important."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"The solution is unable to customize reports."
"Deployment is somewhat complicated."
"It would be nice to have a solid SQL injection engine built into Zap."
"The port scanner is a little too slow."
"The documentation is lacking and out-of-date, it really needs more love."
"The product reporting could be improved."
GitLab is ranked 8th in Application Security Testing (AST) with 70 reviews while OWASP Zap is ranked 7th in Application Security Testing (AST) with 37 reviews. GitLab is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Rapid7 InsightAppSec. See our GitLab vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.