IT Central Station is now PeerSpot: Here's why
You must select at least 2 products to compare!
GitLab Logo
14,386 views|12,758 comparisons
JFrog Logo
5,793 views|4,921 comparisons
Featured Review
Buyer's Guide
Software Composition Analysis (SCA)
May 2022
Find out what your peers are saying about Snyk, Sonatype, GitLab and others in Software Composition Analysis (SCA). Updated: May 2022.
597,415 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"Everything is easy to configure and easy to work with.""The stability is good.""This product is always evolving, and they listen to the customers.""We like that we can have an all-encompassing product and don't have to implement different solutions.""I have had no problem with the stability of the solution.""GitLab integrates well with other platforms.""The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish.""CI/CD is very good. The version control system is also good. These are the two features that we use."

More GitLab Pros →

"Good reporting functionalities."

More JFrog Xray Pros →

"It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain.""I would like more Agile features in the Premium version. The Premium version should have all Agile features that exist in the Ultimate version. IBM AOM has a complete Agile implementation, but in GitLab, you only have these features if you buy the Ultimate version. It would be good if we can use these in the Premium version.""Reporting could be improved.""I would like to see better integration with project management tools such as Jira.""In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents.""The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation.""I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors.""We would like to generate document pages from the sources."

More GitLab Cons →

"Lacks deeper reporting, the ability to compare things."

More JFrog Xray Cons →

Pricing and Cost Advice
  • "I think that we pay approximately $100 USD per month."
  • "The price is okay."
  • "It seems reasonable. Our IT team manages the licenses."
  • "Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
  • "It is very expensive. We can't bear it now, and we have to find another solution. We have a yearly subscription in which we can increase the number of licenses, but we have to pay at the end of the year."
  • "I don't mind the price because I use the free version."
  • "We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
  • More GitLab Pricing and Cost Advice →

    Information Not Available
    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    597,415 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: 
    I don't deal with any licensing aspects of the solution. I can't speak about the exact costs.
    Top Answer: 
    We'd like to see better integration with the Atlassian ecosystem. There needs to be better and native integration. That is really useful for us as Atlassian Jira has strong integration with Bitbucket… more »
    Top Answer: 
    Good reporting functionalities.
    Top Answer: 
    I'd like to see deeper reporting, they're pretty basic and there are no categories for comparing things. I'd also like to see an improvement with the documentation, there's not much available on their… more »
    Top Answer: 
    I'm using this solution for scanning artifacts related to the Jfrog Artifactory. I'm scanning them, checking licenses and things like that. I'm a DevOps engineer intern and we are customers of JFrog.
    Average Words per Review
    Average Words per Review
    Learn More

    GitLab is a single application with features for the whole software development and operations (DevOps) lifecycle.

    JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

    If you are a team player and you care and you play to WIN, we have just the job you're looking for.

    As we say at JFrog: "Once You Leap Forward You Won't Go Back!"​

    Learn more about GitLab
    Try it Now

    Enjoy a free DevOps platform cloud subscription

    Sample Customers
    Siemens, University of Washington, Equinix, Paessler AG, CNCF, Ticketmaster, CERN, Vaadin
    google, amazon, cisco, netflix, oracle, vmware, facebook
    Top Industries
    Computer Software Company29%
    Mining And Metals Company14%
    Transportation Company7%
    Comms Service Provider24%
    Computer Software Company21%
    Financial Services Firm8%
    Computer Software Company23%
    Financial Services Firm17%
    Comms Service Provider13%
    Manufacturing Company7%
    Company Size
    Small Business48%
    Midsize Enterprise10%
    Large Enterprise43%
    No Data Available
    Buyer's Guide
    Software Composition Analysis (SCA)
    May 2022
    Find out what your peers are saying about Snyk, Sonatype, GitLab and others in Software Composition Analysis (SCA). Updated: May 2022.
    597,415 professionals have used our research since 2012.

    GitLab is ranked 3rd in Software Composition Analysis (SCA) with 18 reviews while JFrog Xray is ranked 8th in Software Composition Analysis (SCA) with 1 review. GitLab is rated 8.2, while JFrog Xray is rated 8.0. The top reviewer of GitLab writes "Provides or mandates quantitative code into the Master". On the other hand, the top reviewer of JFrog Xray writes "Stable, scalable and offers great reporting functionalities". GitLab is most compared with Microsoft Azure DevOps, TeamCity, Tekton, Sonatype Nexus Lifecycle and AWS CodePipeline, whereas JFrog Xray is most compared with Black Duck, Snyk, Sonatype Nexus Lifecycle and Fortify Static Code Analyzer.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.