We performed a comparison between GitLab and OWASP Zap based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Of the two solutions, users find deployment to be easier with Gitlab. For this reason, Gitlab comes out slightly on top in this comparison.
"This product is always evolving, and they listen to the customers."
"A user friendly solution."
"Everything is easy to configure and easy to work with."
"It's a great toolbox where the CI/CD pipeline is the fundamental component, but there are so many other features that you can pull from, which makes it a very powerful tool. My current client is using AWS, and they can, of course, use AWS CodePipeline, but GitLab is much more mature than that, and it also gives you the freedom to decide to go to another platform or have a multi-cloud strategy and things like that. That freedom for me is also very valuable."
"The most valuable features of GitLab are the review, patch repo, and plans are in YAML."
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"GitLab's best feature is Actions."
"The stability is good."
"The solution is good at reporting the vulnerabilities of the application."
"The solution is scalable."
"It scans while you navigate, then you can save the requests performed and work with them later."
"They offer free access to some other tools."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"We use the solution for security testing."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"We'd like to see better integration with the Atlassian ecosystem."
"The only thing our company is really waiting on in terms of features is the development of metrics."
"The solution could be faster."
"We'd always like to see better pricing on the product."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful."
"I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors."
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"The technical support team must be proactive."
"Deployment is somewhat complicated."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
"OWASP Zap needs to extend to mobile application testing."
"The product reporting could be improved."
"Lacks resources where users can internally access a learning module from the tool."
"It needs more robust reporting tools."
GitLab is ranked 7th in Application Security Testing (AST) with 70 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. GitLab is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, SonarQube and Tekton, whereas OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Rapid7 AppSpider. See our GitLab vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
