• Home
  • GitLab vs. OWASP Zap

GitLab vs OWASP Zap comparison

Cancel
You must select at least 2 products to compare!
GitLab Logo
GitLab
Read 70 GitLab reviews
3,623 views|2,949 comparisons
98% willing to recommend
OWASP Logo
OWASP Zap
Read 37 OWASP Zap reviews
20,743 views|9,835 comparisons
87% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
GitLab vs. OWASP Zap
May 2024
Executive Summary
Updated on Nov 2, 2022

We performed a comparison between GitLab and OWASP Zap based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: GitLab users say deployment is straightforward. Some OWASP Zap users say the solution is easy to deploy, while some find it difficult.
  • Features: Users of both products are happy with their stability, scalability, and ease of use.

    GitLab users like the solution’s mature CI/CD engine, UI, and its DevOps. Reviewers mention that the integration with Kubernetes needs improvement and that the solution should be more cloud-native.

    OWASP Zap users like the solution’s heads up display, reporting of vulnerabilities, and reliability. Users say they would like to see a marketplace of additional options offered.
  • Pricing: Gitlab has an open-source edition and a commercial version. Most users consider the commercial version to be reasonably priced, while a few feel it is expensive. Users of OWASP Zap note that it is an open-source solution.
  • Service and Support: Gitlab users share mixed reviews on the support they receive. Most users of OWASP Zap note that the community support makes up for the fact that it lacks traditional technical support.

Comparison Results: Of the two solutions, users find deployment to be easier with Gitlab. For this reason, Gitlab comes out slightly on top in this comparison.

To learn more, read our detailed GitLab vs. OWASP Zap Report (Updated: May 2024).
Download the complete report
772,649 professionals have used our research since 2012.
Featured Review
Nakul Kundaliya
Scalable, automatic code merging, and free version available
GitLab has helped our company save time. In our current project, we have split the job into two parts, one team is working on one particular... Read more →
Anonymous User
Good functionality and works well with Portswigger Burp but it needs to add more extensions
It helps that we can use it hand in hand with Portswigger Burp. Since each have scanning capabilities, we can use them together and leverage... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people.""GitLab is being used as a repository for our codebase and it is a one stop DevOps tool we use in our team.""It is very flexible and easy because you can store data on cloud.""Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective.""As a developer, this solution is useful as a repository holder because most of the POC projects that we have are on GitLab.""GitLab integrates well with other platforms.""The solution's service delivery model is fantastic.""The user interface is really good so that helps with huge teams who need to collaborate."

More GitLab Pros →

"The product helps users to scan and fix vulnerabilities in the pipeline.""It updates repositories and libraries quickly.""The most valuable feature is scanning the URL to drill down all the different sites.""This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer.""It scans while you navigate, then you can save the requests performed and work with them later.""The interface is easy to use.""Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.""It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."

More OWASP Zap Pros →

Cons
"GitLab would be improved with the addition of templates for deployment on local PCs.""We have only seen a couple of issues on Gitlab, which we use for building some of the applications.""GitLab's UI could be improved.""I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors.""The solution should again offer an on-premises deployment option.""It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain.""When deploying the solution on cloud and the CI/CD pipeline, we have to define the steps and it becomes confusing.""GitLab's Windows version is yet not available and having this would be an improvement."

More GitLab Cons →

"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified.""The technical support team must be proactive.""It would be a great improvement if they could include a marketplace to add extra features to the tool.""There are too many false positives.""The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time.""As security evolves, we would like DevOps built into it. As of now, Zap does not provide this.""If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning.""It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "I think that we pay approximately $100 USD per month."
  • "The price is okay."
  • "It seems reasonable. Our IT team manages the licenses."
  • "Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
  • "It is very expensive. We can't bear it now, and we have to find another solution. We have a yearly subscription in which we can increase the number of licenses, but we have to pay at the end of the year."
  • "I don't mind the price because I use the free version."
  • "We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
  • "The price of GitLab could be better, it is expensive."

    • More GitLab Pricing and Cost Advice →

  • "It is highly recommended as it is an open source tool."
  • "It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
  • "OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."
  • "As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
  • "It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."
  • "OWASP Zap is free to use."
  • "This app is completely free and open source. So there is no question about any pricing."
  • "This is an open-source solution and can be used free of charge."

    • More OWASP Zap Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about GitLab?
    Top Answer:I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
    Read all 43 answers   →
    What is your experience regarding pricing and costs for GitLab?
    Top Answer:For small-scale usage, GitLab offers a free tier. For enterprise pricing, GitLab is more expensive than GitHub, as it's not as widely adopted. GitLab is the preferred choice for many developers… more »
    Read all 31 answers   →
    What needs improvement with GitLab?
    Top Answer:I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities. Better integration and usability within the pipeline could make a significant… more »
    Read all 43 answers   →
    Is OWASP Zap better than PortSwigger Burp Suite Pro?
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Read all 3 answers   →
    What do you like most about OWASP Zap?
    Top Answer:The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's… more »
    Read all 28 answers   →
    What is your experience regarding pricing and costs for OWASP Zap?
    Top Answer:The tool is open source.
    Read all 16 answers   →
    Ranking
    8th
    out of 71 in Static Application Security Testing (SAST)
    Views
    3,623
    Comparisons
    2,949
    Reviews
    50
    Average Words per Review
    406
    Rating
    8.6
    7th
    out of 71 in Static Application Security Testing (SAST)
    Views
    20,743
    Comparisons
    9,835
    Reviews
    12
    Average Words per Review
    392
    Rating
    7.6
    Comparisons
    Microsoft Azure DevOps logo
    Microsoft Azure DevOps vs. GitLab
    Compared 50% of the time.
    SonarQube logo
    SonarQube vs. GitLab
    Compared 5% of the time.
    Bamboo logo
    Bamboo vs. GitLab
    Compared 5% of the time.
    AWS CodePipeline logo
    AWS CodePipeline vs. GitLab
    Compared 5% of the time.
    Tekton logo
    Tekton vs. GitLab
    Compared 4% of the time.
    More GitLab Competitors   →
    SonarQube logo
    SonarQube vs. OWASP Zap
    Compared 21% of the time.
    Acunetix logo
    Acunetix vs. OWASP Zap
    Compared 13% of the time.
    Veracode logo
    Veracode vs. OWASP Zap
    Compared 9% of the time.
    ImmuniWeb logo
    ImmuniWeb vs. OWASP Zap
    Compared 1% of the time.
    More OWASP Zap Competitors   →
    Also Known As
    Fuzzit
    Learn More
    GitLab
    OWASP
    Overview

    GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster. 

    It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring. 

    With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

    OWASP Zap is a free and open-source web application security scanner. 

    The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

    With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

    Sample Customers
    1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
    1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
    Top Industries
    REVIEWERS
    Financial Services Firm16%
    Computer Software Company16%
    Manufacturing Company13%
    Retailer10%
    VISITORS READING REVIEWS
    Educational Organization25%
    Computer Software Company12%
    Financial Services Firm11%
    Manufacturing Company8%
    REVIEWERS
    Computer Software Company25%
    Financial Services Firm15%
    Retailer10%
    Energy/Utilities Company10%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Government7%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business44%
    Midsize Enterprise9%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise34%
    Large Enterprise51%
    REVIEWERS
    Small Business22%
    Midsize Enterprise30%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise64%
    Buyer's Guide
    GitLab vs. OWASP Zap
    May 2024
    Free Report: GitLab vs. OWASP Zap
    Find out what your peers are saying about GitLab vs. OWASP Zap and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    GitLab is ranked 8th in Static Application Security Testing (SAST) with 70 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. GitLab is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and ImmuniWeb. See our GitLab vs. OWASP Zap report.

    See our list of best Static Application Security Testing (SAST) vendors.

    We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.