We performed a comparison between GitLab and OWASP Zap based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Of the two solutions, users find deployment to be easier with Gitlab. For this reason, Gitlab comes out slightly on top in this comparison.
"I have had no problem with the stability of the solution."
"The merging feature makes it easy later on for the deployment."
"The solution makes the CI/CD pipelines easy to execute."
"This is a scalable solution. We had around 200 users working with it."
"GitLab's best features are continuous integration and fast deployment."
"GitLab offers a good interface for doing code reviews between two colleagues."
"This product is always evolving, and they listen to the customers."
"I like GitLab from the CI/CD perspective. It is much easier to set up CI/CD and then integrate with other tools."
"The solution is good at reporting the vulnerabilities of the application."
"Simple to use, good user interface."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"The most valuable feature is scanning the URL to drill down all the different sites."
"It scans while you navigate, then you can save the requests performed and work with them later."
"The product discovers more vulnerabilities compared to other tools."
"They offer free access to some other tools."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"I rate the support from GitLab a four out of five."
"GitLab's UI could be improved."
"It is a little complex to set up the pipelines within the solution."
"We'd always like to see better pricing on the product."
"We do face issues in our company when we run out of disk space."
"For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"There is room for improvement in GitLab Agents."
"It doesn't run on absolutely every operating system."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"It would be nice to have a solid SQL injection engine built into Zap."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"The solution is unable to customize reports."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
GitLab is ranked 8th in Static Application Security Testing (SAST) with 70 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. GitLab is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Rapid7 InsightAppSec. See our GitLab vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.