Cancel
You must select at least 2 products to compare!
GitLab Logo
3,615 views|2,842 comparisons
OWASP Logo
22,442 views|10,766 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Nov 2, 2022

We performed a comparison between GitLab and OWASP Zap based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: GitLab users say deployment is straightforward. Some OWASP Zap users say the solution is easy to deploy, while some find it difficult.
  • Features: Users of both products are happy with their stability, scalability, and ease of use.

    GitLab users like the solution’s mature CI/CD engine, UI, and its DevOps. Reviewers mention that the integration with Kubernetes needs improvement and that the solution should be more cloud-native.

    OWASP Zap users like the solution’s heads up display, reporting of vulnerabilities, and reliability. Users say they would like to see a marketplace of additional options offered.
  • Pricing: Gitlab has an open-source edition and a commercial version. Most users consider the commercial version to be reasonably priced, while a few feel it is expensive. Users of OWASP Zap note that it is an open-source solution.
  • Service and Support: Gitlab users share mixed reviews on the support they receive. Most users of OWASP Zap note that the community support makes up for the fact that it lacks traditional technical support.

Comparison Results: Of the two solutions, users find deployment to be easier with Gitlab. For this reason, Gitlab comes out slightly on top in this comparison.

To learn more, read our detailed GitLab vs. OWASP Zap Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We use the Git repository and tagging feature. We are a product-based company and use this solution to move to a forward or backward tag.""The most valuable feature of GitLab is its convenience. I am able to trace back most of my changes up to a far distance in time and it helps me to analyze and see the older version of the code.""CI/CD and GitLab scanning are the most valuable features.""I have found the most valuable feature is security control. I also like the branching and cloning software.""Of all available products, it was the easiest to use and easy to install.""The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI.""CI/CD is valuable for me.""GitLab's best features are maintenance, branch integration, and development infrastructure."

More GitLab Pros →

"The ZAP scan and code crawler are valuable features.""They offer free access to some other tools.""It can be used effectively for internal auditing.""The application scanning feature is the most valuable feature.""Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.""We use the solution for security testing.""Automatic scanning is a valuable feature and very easy to use.""The product discovers more vulnerabilities compared to other tools."

More OWASP Zap Pros →

Cons
"Atlassian offers more products than GitLab. GitLab offers source control management, version control and collaboration between developers. Atlassian offers features on top of this as well as more integration points for developers.""There is room for improvement in GitLab Agents.""There was a problem with the build environment when we were looking at developing iOS applications. iOS build require Mac machines and there are no Mac machines provided by GitLab in their cloud. So to build for mobile iOS application, we needed to use our own Mac machine within our own infrastructure. If GitLab were to provide a feature such that an iOS application could also be built through GitLab directly, that would be great.""The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation.""In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents.""Expand features to match other tools such as a static code analysis tool so third-party integrations are not required.""I would like to have some features to support peer review.""GitLab could add a plugin to integrate with Kubernetes stuff."

More GitLab Cons →

"There isn't too much information about it online.""The automated vulnerability assessments that the application performs needs to be simplified as well as diversified.""The product should allow users to customize the report based on their needs.""The port scanner is a little too slow.​""They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better.""There are too many false positives.""It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful.""The solution is unable to customize reports."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "I think that we pay approximately $100 USD per month."
  • "The price is okay."
  • "It seems reasonable. Our IT team manages the licenses."
  • "Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
  • "It is very expensive. We can't bear it now, and we have to find another solution. We have a yearly subscription in which we can increase the number of licenses, but we have to pay at the end of the year."
  • "I don't mind the price because I use the free version."
  • "We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
  • "The price of GitLab could be better, it is expensive."
  • More GitLab Pricing and Cost Advice →

  • "It is highly recommended as it is an open source tool."
  • "It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
  • "OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."
  • "As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
  • "It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."
  • "OWASP Zap is free to use."
  • "This app is completely free and open source. So there is no question about any pricing."
  • "This is an open-source solution and can be used free of charge."
  • More OWASP Zap Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The solution makes the CI/CD pipelines easy to execute.
    Top Answer:The tool should include a feature that helps to edit the code directly.
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer:The application scanning feature is the most valuable feature.
    Ranking
    Views
    3,615
    Comparisons
    2,842
    Reviews
    48
    Average Words per Review
    401
    Rating
    8.6
    Views
    22,442
    Comparisons
    10,766
    Reviews
    12
    Average Words per Review
    360
    Rating
    7.3
    Comparisons
    Microsoft Azure DevOps logo
    Compared 47% of the time.
    Bamboo logo
    Compared 5% of the time.
    AWS CodePipeline logo
    Compared 5% of the time.
    SonarQube logo
    Compared 4% of the time.
    Tekton logo
    Compared 4% of the time.
    Also Known As
    Fuzzit
    Learn More
    Overview

    GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster. 

    It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring. 

    With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

    OWASP Zap is a free and open-source web application security scanner. 

    The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

    With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

    Sample Customers
    1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
    1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
    Top Industries
    REVIEWERS
    Financial Services Firm16%
    Computer Software Company16%
    Manufacturing Company13%
    Retailer10%
    VISITORS READING REVIEWS
    Educational Organization25%
    Computer Software Company12%
    Financial Services Firm11%
    Manufacturing Company8%
    REVIEWERS
    Computer Software Company25%
    Financial Services Firm15%
    Retailer10%
    Energy/Utilities Company10%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Government7%
    Comms Service Provider7%
    Company Size
    REVIEWERS
    Small Business44%
    Midsize Enterprise9%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise34%
    Large Enterprise52%
    REVIEWERS
    Small Business22%
    Midsize Enterprise30%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise16%
    Large Enterprise63%
    Buyer's Guide
    GitLab vs. OWASP Zap
    March 2024
    Find out what your peers are saying about GitLab vs. OWASP Zap and other solutions. Updated: March 2024.
    765,386 professionals have used our research since 2012.

    GitLab is ranked 7th in Application Security Testing (AST) with 68 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 36 reviews. GitLab is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, SonarQube and Tekton, whereas OWASP Zap is most compared with SonarQube, PortSwigger Burp Suite Professional, Acunetix, Qualys Web Application Scanning and Contrast Security Assess. See our GitLab vs. OWASP Zap report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.