We performed a comparison between GitLab and SonarCloud based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We have seen a couple of merge requests or pull requests raised in GitLab. I see the interface, the way it shows the difference between the two source codes, that it is easy for anyone to do the review and then accept the request; the pull request is the valuable feature."
"The most valuable feature of GitLab is the automatic merging of code."
"The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable."
"GitLab integrates well with other platforms."
"GitLab is kind of an image of GitHub, so it gives us the flexibility to monitor our changes in the repos."
"It is a speedy platform compared to the others I have used. I have also enjoyed using the platform as this solution offers a good user experience."
"For what it is meant to do, it works pretty well."
"The reports from SonarCloud are very good."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"The solution can be installed locally."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"The most valuable feature of SonarCloud is its overall performance."
"GitLab's Windows version is yet not available and having this would be an improvement."
"Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes."
"Expand features to match other tools such as a static code analysis tool so third-party integrations are not required."
"The integration could be slightly better."
"Even if I say I want some improvement, they will say it is already planned in the first quarter, second quarter, or third quarter. That said, most everything is quite improved already, and they're improving even further still."
"There is a need to improve or adopt AI into the ecosystem like a co-pilot, which Microsoft has done with GitHub."
"Reporting could be improved."
"I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities."
"The solution needs to improve its customization and flexibility."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"SonarCloud's UI needs enhancement."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"It would be helpful if notifications could go out to an extra person."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"There's room for improvement in the configuration process, particularly during the initial setup phase."
GitLab is ranked 8th in Static Application Security Testing (SAST) with 70 reviews while SonarCloud is ranked 10th in Static Application Security Testing (SAST) with 10 reviews. GitLab is rated 8.6, while SonarCloud is rated 8.4. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of SonarCloud writes "Beneficial vulnerability discovery, simple to maintain, and proactive support". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube and AWS CodePipeline, whereas SonarCloud is most compared with SonarQube, Veracode, Checkmarx One, OWASP Zap and Coverity. See our GitLab vs. SonarCloud report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
