We performed a comparison between GitLab and OWASP Zap based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Of the two solutions, users find deployment to be easier with Gitlab. For this reason, Gitlab comes out slightly on top in this comparison.
"The most valuable features of GitLab are the review, patch repo, and plans are in YAML."
"The most valuable feature of GitLab is its security."
"The code merging capability is something that we use very frequently."
"It is very useful for reviews. We are using branch merging operations and full reset operations. It is also very useful for merging our code and tracking another branch. The graph diagrams of Git are very useful. Its interface is straightforward and not too complex for us."
"I have had no problem with the stability of the solution."
"The most valuable feature of GitLab is its convenience. I am able to trace back most of my changes up to a far distance in time and it helps me to analyze and see the older version of the code."
"The most valuable functionality of GitLab, for me, is the DevOps. Besides the normal source control based on Git, I find the Auto DevOps features most important in the solution."
"We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"It's great that we can use it with Portswigger Burp."
"They offer free access to some other tools."
"It has improved my organization with faster security tests."
"Fuzzer and Java APIs help a lot with our custom needs."
"It updates repositories and libraries quickly."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"Simple and easy to learn and master."
"Atlassian offers more products than GitLab. GitLab offers source control management, version control and collaboration between developers. Atlassian offers features on top of this as well as more integration points for developers."
"I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities."
"GitLab doesn't have AWS integration. It would be better to have integration with other container management environments beyond Kubernetes. It has very good integration with Kubernetes, but it doesn't have good integration with, for example, AWS, ETS, etc."
"The solution does not have many built-in functions or variables so scripting is required."
"I would like to have some features to support peer review."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors."
"GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package."
"The solution is unable to customize reports."
"The port scanner is a little too slow."
"Sometimes, we get some false positives."
"It doesn't run on absolutely every operating system."
"There's very little documentation that comes with OWASP Zap."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
"There isn't too much information about it online."
"The reporting feature could be more descriptive."
GitLab is ranked 8th in Static Application Security Testing (SAST) with 70 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. GitLab is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Rapid7 InsightAppSec. See our GitLab vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.