We performed a comparison between GitLab and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable."
"GitLab's best feature is Actions."
"The merging feature makes it easy later on for the deployment."
"The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI."
"The solution is stable."
"The tool helps to integrate CI/CD pipeline deployments. It is very easy to learn. Its security model is good."
"For us, Gitlab's most valuable feature is the integration with Cypress. We're using Cypress as an automation tool, so we're using GitLab as a tool for running in parallel."
"CI/CD is very good. The version control system is also good. These are the two features that we use."
"One of the features I like about this program is the low number of false positives and the support it offers."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"Its ability to crawl a web application is quite different than another similar scanner."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"The solution should be more cloud-native and have more cloud-native capabilities and features."
"GitLab's UI could be improved."
"Reporting could be improved."
"GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package."
"GitLab would be improved with the addition of templates for deployment on local PCs."
"The pricing model of GitLab is an issue for me."
"Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes."
"We would like to generate document pages from the sources."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"Right now, they are missing the static application security part, especially web application security."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"The scanner itself should be improved because it is a little bit slow."
"The scannings are not sufficiently updated."
"Invicti takes too long with big applications, and there are issues with the login portal."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
GitLab is ranked 6th in Application Security Tools with 70 reviews while Invicti is ranked 20th in Application Security Tools with 26 reviews. GitLab is rated 8.6, while Invicti is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Fortify WebInspect. See our GitLab vs. Invicti report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
