We performed a comparison between FOSSA and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Their CLI tool is very efficient. It does not send your source code over to their servers. It just does fingerprinting. It is also very easy to integrate into software development practices."
"FOSSA provided us with contextualized, easily actionable intelligence that alerted us to compliance issues. I could tell FOSSA exactly what I cared about and they would tell me when something was out of policy. I don't want to hear from the compliance tool unless I have an issue that I need to deal with. That was what was great about FOSSA is that it was basically "Here's my policy and only send me an alert if there's something without a policy." I thought that it was really good at doing that."
"The most valuable feature is definitely the ease and speed of integrating into build pipelines, like a Jenkins pipeline or something along those lines. The ease of a new development team coming on board and integrating FOSSA with a new project, or even an existing project, can be done so quickly that it's invaluable and it's easy to ask the developers to use a tool like this. Those developers greatly value the very quick feedback they get on any licensing or security vulnerability issues."
"Being able to know the licenses of the libraries is most valuable because we sell products, and we need to provide to the customers the licenses that we are using."
"The support team has just been amazing, and it helps us to have a great support team from FOSSA. They are there to triage and answer all our questions which come up by using their product."
"I am impressed with the tool’s seamless integration and quick results."
"What I really need from FOSSA, and it does a really good job of this, is to flag me when there are particular open source licenses that cause me or our legal department concern. It points out where a particular issue is, where it comes from, and the chain that brought it in, which is the most important part to me."
"The scalability is excellent."
"The dashboard and interface make it easy to use."
"GitLab offers a good interface for doing code reviews between two colleagues."
"The solution has an established roadmap that lays out its plans for upgrades over the next two to three years."
"CI/CD is very good. The version control system is also good. These are the two features that we use."
"A user friendly solution."
"The merging feature makes it easy later on for the deployment."
"GitLab's best features are continuous integration and fast deployment."
"The solution makes the CI/CD pipelines easy to execute."
"The technical support has room for improvement."
"The solution provides contextualized, actionable, intelligence that alerts us to compliance issues, but there is still a little bit of work to be done on it. One of the issues that I have raised with FOSSA is that when it identifies an issue that is an error, why is it in error? What detail can they give to me? They've improved, but that still needs some work. They could provide more information that helps me to identify the dependencies and then figure out where they originated from."
"For open-source management, FOSSA's out-of-the-box policy engine is easy to use, but the list of licenses is not as complete as we would like it to be. They should add more open-source licenses to the selection."
"On the legal and policy sides, there is some room for improvement. I know that our legal team has raised complaints about having to approve the same dependency multiple times, as opposed to having them it across the entire organization."
"We have seen some inaccuracies or incompleteness with the distribution acknowledgments for an application, so there's certainly some room for improvement there. Another big feature that's missing that should be introduced is snippet matching, meaning, not just matching an entire component, but matching a snippet of code that had been for another project and put in different files that one of our developers may have created."
"I would like more customized categories because our company is so big. This is doable for them. They are still in the stages of trying to figure this out since we are one of their biggest companies that they support."
"On the dashboard, there should be an option to increase the column width so that we can see the complete name of the GitHub repository. Currently, on the dashboard, we see the list of projects, but to see the complete name, you have to hover your mouse over an item, which is annoying."
"One thing that can sometimes be difficult with FOSSA is understanding all that it can do. One of the ways that I've been able to unlock some of those more advanced features is through conversations with the absolutely awesome customer success team at FOSSA, but it has been a little bit difficult to find some of that information separately on my own through FAQs and other information channels that FOSSA has. The improvement is less about the product itself and more about empowering FOSSA customers to know and understand how to unlock its full potential."
"The solution does not have many built-in functions or variables so scripting is required."
"Their RBAC is role-based access, which is fine but not very good."
"Even if I say I want some improvement, they will say it is already planned in the first quarter, second quarter, or third quarter. That said, most everything is quite improved already, and they're improving even further still."
"When deploying the solution on cloud and the CI/CD pipeline, we have to define the steps and it becomes confusing."
"The price of GitLab could improve, it is high."
"Merge conflicts and repository maintenance could improve. If there is someone new to the system they would not know if there is a conflict."
"For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better."
"Perhaps the integration could be better."
FOSSA is ranked 9th in Software Composition Analysis (SCA) with 12 reviews while GitLab is ranked 6th in Software Composition Analysis (SCA) with 70 reviews. FOSSA is rated 8.6, while GitLab is rated 8.6. The top reviewer of FOSSA writes "Compatibility with a wide range of dev tools, web and "C-type", enables us to scan across our ecosystem, including legacy software". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". FOSSA is most compared with Black Duck, Snyk, Mend.io and Fortify Static Code Analyzer, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton. See our FOSSA vs. GitLab report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
