We performed a comparison between Fortify Static Code Analyzer and GitLab based on real PeerSpot user reviews.
Find out what your peers are saying about Veracode, Checkmarx, OpenText and others in Static Code Analysis."The Software Security Center, which is often overlooked, stands out as the most effective feature."
"We've found the documentation to be very good."
"Automating the Jenkins plugins and the build title is a big plus."
"You can really see what's happening after you've developed something."
"It's helped us free up staff time."
"I like the Fortify taxonomy as it provides us with a list of all of the vulnerabilities found. Fortify release updated rule packs quarterly, with accompanying documentation, that lets us know what new features are being released."
"The integration Subset core integration, using Jenkins is one of the good features."
"We write software, and therefore, the most valuable aspect for us is basically the code analysis part."
"CI/CD is very good. The version control system is also good. These are the two features that we use."
"A user friendly solution."
"Everything is easy to configure and easy to work with."
"The SaaS setup is impressive, and it has DAST solutioning."
"I like that you can use GitLab as a double-sided solution for both DevOps and version management. It's a good product for working in these two areas, and the user interface makes it easy to understand."
"The initial setup of GitLab is pretty simple, with no complications."
"I like that it's easy to deploy our services over GitLab. The customer support is also good with a really active community. You have a lot of support that you can get online with your stack. That is probably one of the benefits of using GitLab. It's also really fast."
"GitLab is very well-organized and easy to use. Also, it offers most features that customers need."
"It comes with a hefty licensing fee."
"The generation of false positives should be reduced."
"The troubleshooting capabilities of this solution could be improved. This would reduce the number of cases that users have to submit."
"It can be tricky if you want to exclude some files from scanning. For instance, if you do not want to scan and push testing files to Fortify Software Security Center, that is tricky with some IDEs, such as IntelliJ. We found that there is an Exclude feature that is not working. We reported that to them for future fixing. It needs some work on the plugins to make them consistent across IDEs and make them easier."
"Not all languages are supported in Fortify."
"Fortify Static Code Analyzer has a bit of a learning curve, and I don't find it particularly helpful in narrowing down the vulnerabilities we should prioritize."
"The pricing is a bit high."
"The price can be improved."
"As a partner, sometimes it's difficult to get support. They have a really complicated procedure for their support."
"The pricing model of GitLab is an issue for me."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"Atlassian offers more products than GitLab. GitLab offers source control management, version control and collaboration between developers. Atlassian offers features on top of this as well as more integration points for developers."
"We do face issues in our company when we run out of disk space."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
"The solution does not have many built-in functions or variables so scripting is required."
"Their RBAC is role-based access, which is fine but not very good."
Fortify Static Code Analyzer is ranked 3rd in Static Code Analysis with 13 reviews while GitLab is ranked 7th in Application Security Tools with 70 reviews. Fortify Static Code Analyzer is rated 8.4, while GitLab is rated 8.6. The top reviewer of Fortify Static Code Analyzer writes "Seamless to integrate and identify vulnerabilities and frees up staff time". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Fortify Static Code Analyzer is most compared with Black Duck, Snyk, Veracode, Sonatype Lifecycle and Mend.io, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Sonatype Lifecycle.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.