We performed a comparison between GitLab and OWASP Zap based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Of the two solutions, users find deployment to be easier with Gitlab. For this reason, Gitlab comes out slightly on top in this comparison.
"We use the Git repository and tagging feature. We are a product-based company and use this solution to move to a forward or backward tag."
"The most valuable feature of GitLab is its convenience. I am able to trace back most of my changes up to a far distance in time and it helps me to analyze and see the older version of the code."
"CI/CD and GitLab scanning are the most valuable features."
"I have found the most valuable feature is security control. I also like the branching and cloning software."
"Of all available products, it was the easiest to use and easy to install."
"The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI."
"CI/CD is valuable for me."
"GitLab's best features are maintenance, branch integration, and development infrastructure."
"The ZAP scan and code crawler are valuable features."
"They offer free access to some other tools."
"It can be used effectively for internal auditing."
"The application scanning feature is the most valuable feature."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"We use the solution for security testing."
"Automatic scanning is a valuable feature and very easy to use."
"The product discovers more vulnerabilities compared to other tools."
"Atlassian offers more products than GitLab. GitLab offers source control management, version control and collaboration between developers. Atlassian offers features on top of this as well as more integration points for developers."
"There is room for improvement in GitLab Agents."
"There was a problem with the build environment when we were looking at developing iOS applications. iOS build require Mac machines and there are no Mac machines provided by GitLab in their cloud. So to build for mobile iOS application, we needed to use our own Mac machine within our own infrastructure. If GitLab were to provide a feature such that an iOS application could also be built through GitLab directly, that would be great."
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"Expand features to match other tools such as a static code analysis tool so third-party integrations are not required."
"I would like to have some features to support peer review."
"GitLab could add a plugin to integrate with Kubernetes stuff."
"There isn't too much information about it online."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"The product should allow users to customize the report based on their needs."
"The port scanner is a little too slow."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"There are too many false positives."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"The solution is unable to customize reports."
GitLab is ranked 7th in Application Security Testing (AST) with 68 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 36 reviews. GitLab is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, SonarQube and Tekton, whereas OWASP Zap is most compared with SonarQube, PortSwigger Burp Suite Professional, Acunetix, Qualys Web Application Scanning and Contrast Security Assess. See our GitLab vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.