We performed a comparison between GitLab and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitLab's best features are continuous integration and fast deployment."
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"GitLab's best feature is Actions."
"Of all available products, it was the easiest to use and easy to install."
"The merging feature makes it easy later on for the deployment."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"It is very flexible and easy because you can store data on cloud."
"The solution makes the CI/CD pipelines easy to execute."
"I like the recording feature."
"AppScan is stable."
"The solution is easy to use."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"The solution offers services in a few specific development languages."
"It provides a better integration for our ecosystem."
"The most valuable feature of the solution is Postman."
"The most valuable feature of HCL AppScan is scanning QR codes."
"The only thing our company is really waiting on in terms of features is the development of metrics."
"Some of the scripts that we encountered in GitLab were not fully functional and threw up errors."
"GitLab could improve by having more plugins and better user-friendliness."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"Expand features to match other tools such as a static code analysis tool so third-party integrations are not required."
"Reporting could be improved."
"GitLab's Windows version is yet not available and having this would be an improvement."
"There is room for improvement in GitLab Agents."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"IBM Security AppScan Source is rather hard to use."
"AppScan is too complicated and should be made more user-friendly."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"It has crashed at times."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"Sometimes it doesn't work so well."
GitLab is ranked 7th in Application Security Tools with 68 reviews while HCL AppScan is ranked 14th in Application Security Tools with 39 reviews. GitLab is rated 8.6, while HCL AppScan is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, SonarQube and Tekton, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and PortSwigger Burp Suite Professional. See our GitLab vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.