FOSSA vs GitLab comparison

Cancel
You must select at least 2 products to compare!
FOSSA Logo
3,152 views|1,893 comparisons
GitLab Logo
2,958 views|2,478 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between FOSSA and GitLab based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed FOSSA vs. GitLab Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"What I really need from FOSSA, and it does a really good job of this, is to flag me when there are particular open source licenses that cause me or our legal department concern. It points out where a particular issue is, where it comes from, and the chain that brought it in, which is the most important part to me.""The most valuable feature is definitely the ease and speed of integrating into build pipelines, like a Jenkins pipeline or something along those lines. The ease of a new development team coming on board and integrating FOSSA with a new project, or even an existing project, can be done so quickly that it's invaluable and it's easy to ask the developers to use a tool like this. Those developers greatly value the very quick feedback they get on any licensing or security vulnerability issues.""I found FOSSA's out-of-the-box policy engine to be accurate and that it was tuned appropriately to the settings that we were looking for. The policy engine is pretty straightforward... I find it to be very straightforward to make small modifications to, but it's very rare that we have to make modifications to it. It's easy to use. It's a four-category system that handles most cases pretty well.""Being able to know the licenses of the libraries is most valuable because we sell products, and we need to provide to the customers the licenses that we are using.""I am impressed with the tool’s seamless integration and quick results.""The scalability is excellent.""The most valuable feature is its ability to identify all of the components in a build, and then surface the licenses that are associated with it, allowing us to make a decision as to whether or not we allow a team to use the components. That eliminates the risk that comes with running consumer software that contains open source components.""One of the things that I really like about FOSSA is that it allows you to go very granular. For example, if there's a package that's been flagged because it's subject to a license that may be conflicts with or raises a concern with one of the policies that I've set, then FOSSA enables you to go really granular into that package to see which aspects of the package are subject to which licenses. We can ultimately determine with our engineering teams if we really need this part of the package or not. If it's raising this flag, we can make really actionable decisions at a very micro level to enable the build to keep pushing forward."

More FOSSA Pros →

"As a developer, this solution is useful as a repository holder because most of the POC projects that we have are on GitLab.""I like GitLab from the CI/CD perspective. It is much easier to set up CI/CD and then integrate with other tools.""GitLab offers a good interface for doing code reviews between two colleagues.""The scalability is good.""The solution makes the CI/CD pipelines easy to execute.""GitLab is kind of an image of GitHub, so it gives us the flexibility to monitor our changes in the repos.""It speeds up our development, it's faster, safer, and more convenient.""The SaaS setup is impressive, and it has DAST solutioning."

More GitLab Pros →

Cons
"I wish there was a way that you could have a more global rollout of it, instead of having to do it in each repository individually. It's possible, that's something that is offered now, or maybe if you were using the CI Jenkins, you'd be able to do that. But with Travis, there wasn't an easy way to do that. At least not that I could find. That was probably the biggest issue.""We have seen some inaccuracies or incompleteness with the distribution acknowledgments for an application, so there's certainly some room for improvement there. Another big feature that's missing that should be introduced is snippet matching, meaning, not just matching an entire component, but matching a snippet of code that had been for another project and put in different files that one of our developers may have created.""On the dashboard, there should be an option to increase the column width so that we can see the complete name of the GitHub repository. Currently, on the dashboard, we see the list of projects, but to see the complete name, you have to hover your mouse over an item, which is annoying.""I would like the FOSSA API to be broader. I would like not to have to interact with the GUI at all, to do the work that I want to do. I would like them to do API-first development, rather than a focus on the GUI.""The technical support has room for improvement.""I want the product to include binary scanning which is missing at the moment. Binary scanning includes code and component matching through dependency management. It also includes the actual scanning and reverse engineering of the boundaries and finding out what is inside.""For open-source management, FOSSA's out-of-the-box policy engine is easy to use, but the list of licenses is not as complete as we would like it to be. They should add more open-source licenses to the selection.""The solution provides contextualized, actionable, intelligence that alerts us to compliance issues, but there is still a little bit of work to be done on it. One of the issues that I have raised with FOSSA is that when it identifies an issue that is an error, why is it in error? What detail can they give to me? They've improved, but that still needs some work. They could provide more information that helps me to identify the dependencies and then figure out where they originated from."

More FOSSA Cons →

"The integration and storage capabilities could be better.""Their RBAC is role-based access, which is fine but not very good.""There is room for improvement in GitLab Agents.""GitLab would be improved with the addition of templates for deployment on local PCs.""Reporting could be improved.""We'd always like to see better pricing on the product.""Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes.""The tool should include a feature that helps to edit the code directly."

More GitLab Cons →

Pricing and Cost Advice
  • "FOSSA is not cheap, but their offering is top-notch. It is very much a "you get what you pay for" scenario. Regardless of the price, I highly recommend FOSSA."
  • "Its price is reasonable as compared to the market. It is competitively priced in comparison to other similar solutions on the market. It is also quite affordable in terms of the value that it delivers as compared to its alternative of hiring a team."
  • "FOSSA is a fairly priced product. It is not either cheaper or expensive. The pricing lies somewhere in the middle. The solution is worth the money that we are spending to use it."
  • "The solution's cost is a five out of ten."
  • More FOSSA Pricing and Cost Advice →

  • "I think that we pay approximately $100 USD per month."
  • "The price is okay."
  • "It seems reasonable. Our IT team manages the licenses."
  • "Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
  • "It is very expensive. We can't bear it now, and we have to find another solution. We have a yearly subscription in which we can increase the number of licenses, but we have to pay at the end of the year."
  • "I don't mind the price because I use the free version."
  • "We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
  • "The price of GitLab could be better, it is expensive."
  • More GitLab Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I am impressed with the tool’s seamless integration and quick results.
    Top Answer:FOSSA is a fairly priced product. It is not either cheaper or expensive. The pricing lies somewhere in the middle. The solution is worth the money that we are spending to use it.
    Top Answer:I want the product to include binary scanning which is missing at the moment. Binary scanning includes code and component matching through dependency management. It also includes the actual scanning… more »
    Top Answer:The solution makes the CI/CD pipelines easy to execute.
    Top Answer:The tool should include a feature that helps to edit the code directly.
    Ranking
    Views
    3,152
    Comparisons
    1,893
    Reviews
    1
    Average Words per Review
    282
    Rating
    8.0
    Views
    2,958
    Comparisons
    2,478
    Reviews
    48
    Average Words per Review
    401
    Rating
    8.6
    Comparisons
    Black Duck logo
    Compared 49% of the time.
    Snyk logo
    Compared 16% of the time.
    Mend.io logo
    Compared 10% of the time.
    Microsoft Azure DevOps logo
    Compared 47% of the time.
    Bamboo logo
    Compared 6% of the time.
    AWS CodePipeline logo
    Compared 5% of the time.
    SonarQube logo
    Compared 4% of the time.
    Tekton logo
    Compared 4% of the time.
    Also Known As
    Fuzzit
    Learn More
    FOSSA
    Video Not Available
    Overview
    Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for legal teams to maintain license compliance, security to fix vulnerabilities, and engineering to improve code quality across the entire software supply chain. As the only developer-native open source management platform, FOSSA fully integrates with your existing CI/CD pipeline to provide complete visibility and context earlier in the software development lifecycle. For the first time, teams can collaboratively shift left and audit, analyze, control, and remediate license issues and vulnerabilities right in their existing workflows.

    GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster. 

    It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring. 

    With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

    Sample Customers
    AppDyanmic, Uber, Twitter, Zendesk, Confluent
    1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
    Top Industries
    REVIEWERS
    Computer Software Company45%
    Legal Firm9%
    Comms Service Provider9%
    Financial Services Firm9%
    VISITORS READING REVIEWS
    Manufacturing Company24%
    Computer Software Company19%
    Financial Services Firm12%
    Healthcare Company5%
    REVIEWERS
    Financial Services Firm16%
    Computer Software Company16%
    Manufacturing Company13%
    Retailer10%
    VISITORS READING REVIEWS
    Educational Organization25%
    Computer Software Company12%
    Financial Services Firm11%
    Manufacturing Company8%
    Company Size
    REVIEWERS
    Small Business45%
    Midsize Enterprise9%
    Large Enterprise45%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    REVIEWERS
    Small Business44%
    Midsize Enterprise9%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise34%
    Large Enterprise52%
    Buyer's Guide
    FOSSA vs. GitLab
    March 2024
    Find out what your peers are saying about FOSSA vs. GitLab and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    FOSSA is ranked 9th in Software Composition Analysis (SCA) with 12 reviews while GitLab is ranked 6th in Software Composition Analysis (SCA) with 68 reviews. FOSSA is rated 8.6, while GitLab is rated 8.6. The top reviewer of FOSSA writes "Compatibility with a wide range of dev tools, web and "C-type", enables us to scan across our ecosystem, including legacy software". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". FOSSA is most compared with Black Duck, Snyk, Mend.io and Fortify Static Code Analyzer, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, SonarQube and Tekton. See our FOSSA vs. GitLab report.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.