• Home
  • GitLab vs. Qualys Web Application Scanning

GitLab vs Qualys Web Application Scanning comparison

Cancel
You must select at least 2 products to compare!
GitLab Logo
GitLab
Read 70 GitLab reviews
4,611 views|3,608 comparisons
98% willing to recommend
Qualys Logo
Qualys Web Application Scanning
Read 31 Qualys Web Application Scanning reviews
4,583 views|3,537 comparisons
84% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
GitLab vs. Qualys Web Application Scanning
May 2024
Executive Summary

We performed a comparison between GitLab and Qualys Web Application Scanning based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed GitLab vs. Qualys Web Application Scanning Report (Updated: May 2024).
Download the complete report
772,649 professionals have used our research since 2012.
Featured Review
Nakul Kundaliya
Scalable, automatic code merging, and free version available
GitLab has helped our company save time. In our current project, we have split the job into two parts, one team is working on one particular... Read more →
Brammadevan K
Operates as a DAST tool, examining the application from an external perspective to identify security issues
Qualys Web Application Scanning (WAS) is a DAST tool. It stands for Dynamic Application Security Testing. Unlike SAST (Static Application Security... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The solution has an established roadmap that lays out its plans for upgrades over the next two to three years.""GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable.""This is a scalable solution. We had around 200 users working with it.""The scalability is good.""It is a speedy platform compared to the others I have used. I have also enjoyed using the platform as this solution offers a good user experience.""The stability is good.""The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI.""I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently."

More GitLab Pros →

"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours.""​We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues.​""It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools.""The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good.""The product prevents possible vulnerabilities in our network.""The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera.""Its most valuable features are patch management, vulnerability management, and PCI compliance.""I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

More Qualys Web Application Scanning Pros →

Cons
"I would like to see security increased in the future. A secure environment is very important.""There is room for improvement in GitLab Agents.""The integration could be slightly better.""It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain.""The solution should be more cloud-native and have more cloud-native capabilities and features.""This solution could be improved by adding modifications such as slack notifications.""GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package.""I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository. Resolving that issue would make the product better. My team quickly fixed it by writing a small script, then double-clicking or enabling the script to take care of the issue. However, that quick fix was from my team and not the GitLab team, so in the next release, if an automatic deployment feature would be available in GitLab, then that would be good because, in Visual Studio, you can do that with just one click of a button."

More GitLab Cons →

"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem.""The product should allow users to upload their payloads.""The virus code updates are not frequent enough.""The solution needs to adjust its pricing. They should make it more affordable.""The software’s pricing could be improved.""We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error.""The support could be faster.""We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."

More Qualys Web Application Scanning Cons →

Pricing and Cost Advice
  • "I think that we pay approximately $100 USD per month."
  • "The price is okay."
  • "It seems reasonable. Our IT team manages the licenses."
  • "Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
  • "It is very expensive. We can't bear it now, and we have to find another solution. We have a yearly subscription in which we can increase the number of licenses, but we have to pay at the end of the year."
  • "I don't mind the price because I use the free version."
  • "We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
  • "The price of GitLab could be better, it is expensive."

    • More GitLab Pricing and Cost Advice →

  • "​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders​."
  • "Try the free trial of the product to understand the basic working mechanisms.​"
  • "Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases, when we do the PCI scanning, the host will not like the scanning and we lose the IT license. So, this could be improved."
  • "Licensing was based on the number of assets that you want to scan on your network. You can also do licensing on subscription. On subscription, it is easier and more flexible. You tell Qualys that you want to move from the 1000 to 2000 band or the 3000 or 5000 band, then they will give you the quotation for it. Once you pay for it, applying the licensing is quite easy and effective."
  • "Pricing was reasonable and competitive. It was not too far above the other products."
  • "The product is expensive, at least initially, in comparison to other products in this category."
  • "There are different options available with respect to licensing."
  • "The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."

    • More Qualys Web Application Scanning Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about GitLab?
    Top Answer:I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
    Read all 43 answers   →
    What is your experience regarding pricing and costs for GitLab?
    Top Answer:For small-scale usage, GitLab offers a free tier. For enterprise pricing, GitLab is more expensive than GitHub, as it's not as widely adopted. GitLab is the preferred choice for many developers… more »
    Read all 31 answers   →
    What needs improvement with GitLab?
    Top Answer:I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities. Better integration and usability within the pipeline could make a significant… more »
    Read all 43 answers   →
    What do you like most about Qualys Web Application Scanning?
    Top Answer:The vulnerability management feature is a strong one. And also the patch management feature.
    Read all 19 answers   →
    What is your experience regarding pricing and costs for Qualys Web Applic...
    Top Answer:From my perspective, it is a budget-friendly option. Qualys offers good value for the features and protection it provides. The pricing seems reasonable, considering the comprehensive security… more »
    Read all 15 answers   →
    What needs improvement with Qualys Web Application Scanning?
    Top Answer:One area for improvement is the application scan interface. Although recent updates have introduced some features, there's a gap in supporting standards beyond OWASP. Currently, there isn't an option… more »
    Read all 18 answers   →
    Ranking
    7th
    out of 74 in Application Security Tools
    Views
    4,611
    Comparisons
    3,608
    Reviews
    50
    Average Words per Review
    406
    Rating
    8.6
    18th
    out of 74 in Application Security Tools
    Views
    4,583
    Comparisons
    3,537
    Reviews
    8
    Average Words per Review
    369
    Rating
    8.1
    Comparisons
    Also Known As
    Fuzzit
    Qualys WAS
    Learn More
    GitLab
    Qualys
    Overview

    GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster. 

    It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring. 

    With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

    Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

    Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

    Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

    • Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.

    • DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.

    • Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.

    • Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.


    Benefits of Qualys Web Application Scanning

    Qualys Web Application Scanning offers many benefits, including:

    • Quick Deployment: Requires no infrastructure or software to upkeep.

    • Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.

    • Centralized Management: Manage and mend all web app vulnerabilities through a single interface.

    • Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.

    • Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.

    • Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

    Reviews from Real Users

    Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

    P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

    Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

    Sample Customers
    1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
    BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
    Top Industries
    REVIEWERS
    Computer Software Company16%
    Financial Services Firm16%
    Manufacturing Company13%
    Retailer10%
    VISITORS READING REVIEWS
    Educational Organization25%
    Computer Software Company12%
    Financial Services Firm11%
    Manufacturing Company8%
    REVIEWERS
    Financial Services Firm36%
    Computer Software Company14%
    Educational Organization14%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm15%
    Manufacturing Company9%
    Government7%
    Company Size
    REVIEWERS
    Small Business44%
    Midsize Enterprise9%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise34%
    Large Enterprise51%
    REVIEWERS
    Small Business19%
    Midsize Enterprise16%
    Large Enterprise66%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise14%
    Large Enterprise68%
    Buyer's Guide
    GitLab vs. Qualys Web Application Scanning
    May 2024
    Free Report: GitLab vs. Qualys Web Application Scanning
    Find out what your peers are saying about GitLab vs. Qualys Web Application Scanning and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    GitLab is ranked 7th in Application Security Tools with 70 reviews while Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews. GitLab is rated 8.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton, whereas Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, Veracode, PortSwigger Burp Suite Professional and Fortify Application Defender. See our GitLab vs. Qualys Web Application Scanning report.

    See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.