• Home
  • Contrast Security Assess vs. GitLab

Contrast Security Assess vs GitLab comparison

Cancel
You must select at least 2 products to compare!
Contrast Security Logo
Contrast Security Assess
Read 11 Contrast Security Assess reviews
1,378 views|842 comparisons
100% willing to recommend
GitLab Logo
GitLab
Read 70 GitLab reviews
4,611 views|3,608 comparisons
98% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Contrast Security Assess vs. GitLab
May 2024
Executive Summary
Updated on Mar 13, 2023

We performed a comparison between GitLab and Contrast Security Assess based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Reviewers have noted that GitLab is easy to deploy, especially if the online version is used, as no installation is required. Deploying an agent to a specific environment with Contrast Security Assess can become complex if the process is not made clear.
  • Features: GitLab is an open source application code development platform that enables users to control access to source codes and manage their security, as well as built-in CI/CD automation that enables customization. Supporting features like issue management and tracking need to be improved, so it integrates with other tools better. Contrast Security Assess enables applications to negate cyberattacks, featuring always-on protection and a helpful API interface. This allows companies to save resources when testing application security. Reviewers have stated that the out-of-the-box reporting could be improved, as they need to write their own APIs to make the reporting more robust.
  • Pricing: GitLab’s price is described as a bit costly for smaller companies, but it also offers an open source license, which possesses a lot of useful features. Contrast Security Assess has a licensing model that is described as “tired” as it is based on the number of applications used, where the company assumes that there is a set ratio of developers per application, making users also buy the developer licensing.
  • Service and Support: The customer service for Contrast Security Assess is described as very positive by users. The technical support for GitLab has mixed responses, while overall good, the time and content of their responses could be improved.

Comparison results: Based on the parameters we compared, GitLab comes out ahead of Contrast Security Assess. While both solutions’ core features have been rated favorably by their users, Contrast Security Assess’s potentially complex deployment and licensing plan leave room for improvement.

To learn more, read our detailed Contrast Security Assess vs. GitLab Report (Updated: May 2024).
Download the complete report
772,649 professionals have used our research since 2012.
Featured Review
AggelosKaronis
A cost-effective solution that is easy to implement and detects vulnerabilities within minutes of launch
The product has helped us identify vulnerabilities.
Duy Chu
Version control history is valuable for our development workflow
When it comes to GitLab's CI/CD integration, it significantly supports our development process by accelerating deployments. With automated... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It is a stable solution...Contrast Security Assess is one of the first players in this market, so they have experience and customers, especially abroad. Overall, it's a good product.""I am impressed with the product's identification of alerts and vulnerabilities.""In our most critical applications, we have a deep dive in the code evaluation, which was something we usually did with periodic vulnerability assessments, code reviews, etc. Now, we have real time access to it. It's something that has greatly enhanced our code's quality. We have actually embedded a KPI in regards to the improvement of our code shell. For example, Contrast provides a baseline where libraries and the usability of the code are evaluated, and they produce a score. We always aim to improve that score. On a quarterly basis, we have added this to our KPIs.""Assess has an excellent API interface to pull APIs.""This has changed the way that developers are looking at usage of third-party libraries, upfront. It's changing our model of development and our culture of development to ensure that there is more thought being put into the usage of third-party libraries.""By far, the thing that was able to provide value was the immediate response while testing ahead of release, in real-time.""When we access the application, it continuously monitors and detects vulnerabilities.""The most valuable feature is the continuous monitoring aspect: the fact that we don't have to wait for scans to complete for the tool to identify vulnerabilities. They're automatically identified through developers' business-as-usual processes."

More Contrast Security Assess Pros →

"I have found the most valuable feature is security control. I also like the branching and cloning software.""GitLab is being used as a repository for our codebase and it is a one stop DevOps tool we use in our team.""We use the Git repository and tagging feature. We are a product-based company and use this solution to move to a forward or backward tag.""CI/CD is valuable for me.""A user friendly solution.""We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people.""The initial setup of GitLab is pretty simple, with no complications.""We're only using the basic features of GitLab and haven't used any advanced features. The solution works fine, so that's what we like about GitLab. We're party using GitHub and GitLab. We have a GitHub server, while we use GitLab locally or only within our team, and it works okay. We don't have any significant problems with the solution. We also found the straightforward setup, stability, and scalability of GitLab valuable."

More GitLab Pros →

Cons
"The product's retesting part needs improvement. The tool also needs improvement in the suggestions provided for fixing vulnerabilities. It relies more on documentation rather than on quick fixes.""Contrast Security Assess covers a wide range of applications like .NET Framework, Java, PSP, Node.js, etc. But there are some like Ubuntu and the .NET Core which are not covered. They have it in their roadmap to have these agents. If they have that, we will have complete coverage.""To instrument an agent, it has to be running on a type of application technology that the agent recognizes and understands. It's excellent when it works. If we're using an application that is using an unsupported technology, then we can't instrument it at all. We do use PHP and Contrast presently doesn't support that, although it's on their roadmap. My primary hurdle is that it doesn't support all of the technologies that we use.""The setup of the solution is different for each application. That's the one thing that has been a challenge for us. The deployment itself is simple, but it's tough to automate because each application is different, so each installation process for Contrast is different.""I would like to see them come up with more scanning rules.""The out-of-the-box reporting could be improved. We need to write our own APIs to make the reporting more robust.""Regarding the solution's OSS feature, the one drawback that we do have is that it does not have client-side support. We'll be missing identification of libraries like jQuery or JavaScript, and such, that are client-side.""The solution needs to improve flexibility...The scalability of the product is a problem in the solution, especially from a commercial perspective."

More Contrast Security Assess Cons →

"We would like to have easier tutorials. Their tutorials are too technical for a user to understand. They should be more detailed but less technical.""There is room for improvement in GitLab Agents.""I would like configuration of a YML file to be done via UI rather than a code file.""It should be used by a larger number of people. They should raise awareness.""It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful.""The user interface could be more user-friendly. We do most of our operations through the website interface but it could be better.""There was a problem with the build environment when we were looking at developing iOS applications. iOS build require Mac machines and there are no Mac machines provided by GitLab in their cloud. So to build for mobile iOS application, we needed to use our own Mac machine within our own infrastructure. If GitLab were to provide a feature such that an iOS application could also be built through GitLab directly, that would be great.""The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."

More GitLab Cons →

Pricing and Cost Advice
  • "I like the per-application licensing model... We just license the app and we look at different vulnerabilities on that app and we remediate within the app. It's simpler."
  • "You only get one license for an application. Ours are very big, monolithic applications with millions of lines of code. We were able to apply one license to one monolithic application, which is great. We are happy with the licensing. Pricing-wise, they are industry-standard, which is fine."
  • "The good news is that the agent itself comes in two different forms: the unlicensed form and the licensed form. Unlicensed gives use of that software composition analysis for free. Thereafter, if you apply a license to that same agent, that's when the instrumentation takes hold. So one of my suggestions is to do what we're doing: Deploy the agent to as many applications as possible, with just the SCA feature turned on with no license applied, and then you can be more choosy and pick which teams will get the license applied."
  • "For what it offers, it's a very reasonable cost. The way that it is priced is extremely straightforward. It works on the number of applications that you use, and you license a server. It is something that is extremely fair, because it doesn't take into consideration the number of requests, etc. It is only priced based on the number of onboarded applications. It suits our model as well, because we have huge traffic. Our number of applications is not that large, so the pricing works great for us."
  • "It's a tiered licensing model. The more you buy, as you cross certain quantity thresholds, the pricing changes. If you have a smaller environment, your licensing costs are going to be different than a larger environment... The licensing is primarily per application. An application can be as many agents as you need. If you've got 10 development servers and 20 production servers and 50 QA servers, all of those agents can be reporting as a single application that utilizes one license."
  • "The product's pricing is low. I would rate it a two out of ten."
  • "The solution is expensive."

    • More Contrast Security Assess Pricing and Cost Advice →

  • "I think that we pay approximately $100 USD per month."
  • "The price is okay."
  • "It seems reasonable. Our IT team manages the licenses."
  • "Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
  • "It is very expensive. We can't bear it now, and we have to find another solution. We have a yearly subscription in which we can increase the number of licenses, but we have to pay at the end of the year."
  • "I don't mind the price because I use the free version."
  • "We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
  • "The price of GitLab could be better, it is expensive."

    • More GitLab Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Contrast Security Assess?
    Top Answer:When we access the application, it continuously monitors and detects vulnerabilities.
    Read all 11 answers   →
    What is your experience regarding pricing and costs for Contrast Security...
    Top Answer:The product's pricing is low. I would rate it a two out of ten.
    Read all 9 answers   →
    What needs improvement with Contrast Security Assess?
    Top Answer:Technical support for the solution should be faster. We have to further analyze what kind of CVEs are in the reported libraries and what part of the code is affected. That analysis can be added to the… more »
    Read all 11 answers   →
    What do you like most about GitLab?
    Top Answer:I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
    Read all 43 answers   →
    What is your experience regarding pricing and costs for GitLab?
    Top Answer:For small-scale usage, GitLab offers a free tier. For enterprise pricing, GitLab is more expensive than GitHub, as it's not as widely adopted. GitLab is the preferred choice for many developers… more »
    Read all 31 answers   →
    What needs improvement with GitLab?
    Top Answer:I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities. Better integration and usability within the pipeline could make a significant… more »
    Read all 43 answers   →
    Ranking
    31st
    out of 74 in Application Security Tools
    Views
    1,378
    Comparisons
    842
    Reviews
    4
    Average Words per Review
    511
    Rating
    8.5
    7th
    out of 74 in Application Security Tools
    Views
    4,611
    Comparisons
    3,608
    Reviews
    50
    Average Words per Review
    406
    Rating
    8.6
    Comparisons
    Also Known As
    Contrast Assess
    Fuzzit
    Learn More
    Contrast Security
    GitLab
    Overview

    Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

    GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster. 

    It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring. 

    With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

    Sample Customers
    Williams-Sonoma, Autodesk, HUAWEI, Chromeriver, RingCentral, Demandware.
    1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm17%
    Computer Software Company12%
    Insurance Company9%
    Manufacturing Company9%
    REVIEWERS
    Financial Services Firm16%
    Computer Software Company16%
    Manufacturing Company13%
    Retailer10%
    VISITORS READING REVIEWS
    Educational Organization25%
    Computer Software Company12%
    Financial Services Firm11%
    Manufacturing Company8%
    Company Size
    REVIEWERS
    Small Business18%
    Midsize Enterprise27%
    Large Enterprise55%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise10%
    Large Enterprise74%
    REVIEWERS
    Small Business44%
    Midsize Enterprise9%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise34%
    Large Enterprise51%
    Buyer's Guide
    Contrast Security Assess vs. GitLab
    May 2024
    Free Report: Contrast Security Assess vs. GitLab
    Find out what your peers are saying about Contrast Security Assess vs. GitLab and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    Contrast Security Assess is ranked 31st in Application Security Tools with 11 reviews while GitLab is ranked 7th in Application Security Tools with 70 reviews. Contrast Security Assess is rated 8.8, while GitLab is rated 8.6. The top reviewer of Contrast Security Assess writes "We're gathering vulnerability data from multiple environments in real time, fundamentally changing how we identify issues in applications". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Contrast Security Assess is most compared with Veracode, Seeker, Fortify WebInspect, HCL AppScan and Checkmarx One, whereas GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton. See our Contrast Security Assess vs. GitLab report.

    See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.