We performed a comparison between GitLab and OWASP Zap based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Of the two solutions, users find deployment to be easier with Gitlab. For this reason, Gitlab comes out slightly on top in this comparison.
"It is a speedy platform compared to the others I have used. I have also enjoyed using the platform as this solution offers a good user experience."
"I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."
"The important feature is the entire process of versioning source code maintenance and easy deployment. It is a necessity for the CI/CD pipeline."
"I like that you can use GitLab as a double-sided solution for both DevOps and version management. It's a good product for working in these two areas, and the user interface makes it easy to understand."
"I like GitLab's security and SAS tools."
"GitLab's best features are maintenance, branch integration, and development infrastructure."
"The SaaS setup is impressive, and it has DAST solutioning."
"GitLab offers a good interface for doing code reviews between two colleagues."
"The stability of the solution is very good."
"The most valuable feature is scanning the URL to drill down all the different sites."
"The solution has tightened our security."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"The API is exceptional."
"The application scanning feature is the most valuable feature."
"Automatic scanning is a valuable feature and very easy to use."
"The product discovers more vulnerabilities compared to other tools."
"I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors."
"It would be really good if they integrated more features in application security."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"Reporting could be improved."
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"I would like more Agile features in the Premium version. The Premium version should have all Agile features that exist in the Ultimate version. IBM AOM has a complete Agile implementation, but in GitLab, you only have these features if you buy the Ultimate version. It would be good if we can use these in the Premium version."
"It should be used by a larger number of people. They should raise awareness."
"Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"Reporting format has no output, is cluttered and very long."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
GitLab is ranked 8th in Static Application Security Testing (SAST) with 70 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. GitLab is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Rapid7 InsightAppSec. See our GitLab vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.