We performed a comparison between GitLab and OWASP Zap based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Of the two solutions, users find deployment to be easier with Gitlab. For this reason, Gitlab comes out slightly on top in this comparison.
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"GitLab is being used as a repository for our codebase and it is a one stop DevOps tool we use in our team."
"It is very flexible and easy because you can store data on cloud."
"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"As a developer, this solution is useful as a repository holder because most of the POC projects that we have are on GitLab."
"GitLab integrates well with other platforms."
"The solution's service delivery model is fantastic."
"The user interface is really good so that helps with huge teams who need to collaborate."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"It updates repositories and libraries quickly."
"The most valuable feature is scanning the URL to drill down all the different sites."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"It scans while you navigate, then you can save the requests performed and work with them later."
"The interface is easy to use."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"GitLab would be improved with the addition of templates for deployment on local PCs."
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"GitLab's UI could be improved."
"I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors."
"The solution should again offer an on-premises deployment option."
"It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain."
"When deploying the solution on cloud and the CI/CD pipeline, we have to define the steps and it becomes confusing."
"GitLab's Windows version is yet not available and having this would be an improvement."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"The technical support team must be proactive."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"There are too many false positives."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
GitLab is ranked 8th in Static Application Security Testing (SAST) with 70 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. GitLab is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and ImmuniWeb. See our GitLab vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.