We performed a comparison between GitLab and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."This product is always evolving, and they listen to the customers."
"I have found the most valuable feature is security control. I also like the branching and cloning software."
"Everything is easy to configure and easy to work with."
"GitLab is very well-organized and easy to use. Also, it offers most features that customers need."
"CI/CD and GitLab scanning are the most valuable features."
"The merging feature makes it easy later on for the deployment."
"The tool helps to integrate CI/CD pipeline deployments. It is very easy to learn. Its security model is good."
"The most valuable features of Gitlab are integration with CIE and the ability to rapidly deploy solutions, projects, and applications. It is very easy to use, and there are no complaints."
"The intercepting feature is the most valuable."
"The extension that it provides with the community version for the skills mapping is excellent."
"PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors."
"Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
"The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool."
"The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price."
"The solution has a great user interface."
"You can download different plugins if you don't have them in the standard edition."
"GitLab doesn't have AWS integration. It would be better to have integration with other container management environments beyond Kubernetes. It has very good integration with Kubernetes, but it doesn't have good integration with, for example, AWS, ETS, etc."
"It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful."
"It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain."
"It is a little complex to set up the pipelines within the solution."
"When deploying the solution on cloud and the CI/CD pipeline, we have to define the steps and it becomes confusing."
"Their RBAC is role-based access, which is fine but not very good."
"The integration could be slightly better."
"GitLab can improve the integration with third-party applications. It could be made easier. Additionally, having API control from my application could be helpful."
"The tool is very expensive."
"The reporting needs to be improved; it is very bad."
"A lot of our interns find it difficult to get used to PortSwigger Burp's environment."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
"The number of false positives need to be reduced on the solution."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"You can have many false positives in Burp Suite. It depends on the scale of the penetration testing."
"We'd like to have more integration potential across all versions of the product."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
GitLab is ranked 7th in Application Security Tools with 70 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 57 reviews. GitLab is rated 8.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Fortify on Demand. See our GitLab vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best Fuzz Testing Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
