We performed a comparison between GitLab and OWASP Zap based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Of the two solutions, users find deployment to be easier with Gitlab. For this reason, Gitlab comes out slightly on top in this comparison.
"Everything is easy to configure and easy to work with."
"GitLab's best features are maintenance, branch integration, and development infrastructure."
"I like GitLab's security and SAS tools."
"GitLab's best feature is Actions."
"The stability is good."
"We use the Git repository and tagging feature. We are a product-based company and use this solution to move to a forward or backward tag."
"A user friendly solution."
"It is very useful for reviews. We are using branch merging operations and full reset operations. It is also very useful for merging our code and tracking another branch. The graph diagrams of Git are very useful. Its interface is straightforward and not too complex for us."
"The most valuable feature is scanning the URL to drill down all the different sites."
"The scalability of this product is very good."
"The ZAP scan and code crawler are valuable features."
"The API is exceptional."
"Automatic scanning is a valuable feature and very easy to use."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"The solution is scalable."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"Merge conflicts and repository maintenance could improve. If there is someone new to the system they would not know if there is a conflict."
"Their RBAC is role-based access, which is fine but not very good."
"There is room for improvement in GitLab Agents."
"I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors."
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"GitLab's UI could be improved."
"There was a problem with the build environment when we were looking at developing iOS applications. iOS build require Mac machines and there are no Mac machines provided by GitLab in their cloud. So to build for mobile iOS application, we needed to use our own Mac machine within our own infrastructure. If GitLab were to provide a feature such that an iOS application could also be built through GitLab directly, that would be great."
"The forced browse has been incorporated into the program and it is resource-intensive."
"OWASP Zap needs to extend to mobile application testing."
"I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers."
"The port scanner is a little too slow."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"Deployment is somewhat complicated."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
GitLab is ranked 7th in Static Application Security Testing (SAST) with 70 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. GitLab is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Rapid7 AppSpider. See our GitLab vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.