We performed a comparison between GitLab and SonarCloud based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."
"It is very useful for reviews. We are using branch merging operations and full reset operations. It is also very useful for merging our code and tracking another branch. The graph diagrams of Git are very useful. Its interface is straightforward and not too complex for us."
"I like that it's easy to deploy our services over GitLab. The customer support is also good with a really active community. You have a lot of support that you can get online with your stack. That is probably one of the benefits of using GitLab. It's also really fast."
"The most valuable feature of GitLab is its convenience. I am able to trace back most of my changes up to a far distance in time and it helps me to analyze and see the older version of the code."
"The SaaS setup is impressive, and it has DAST solutioning."
"The most valuable features of GitLab are the CI/CD pipeline and code management."
"The scalability is good."
"We're only using the basic features of GitLab and haven't used any advanced features. The solution works fine, so that's what we like about GitLab. We're party using GitHub and GitLab. We have a GitHub server, while we use GitLab locally or only within our team, and it works okay. We don't have any significant problems with the solution. We also found the straightforward setup, stability, and scalability of GitLab valuable."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"The solution can be installed locally."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"The most valuable feature of SonarCloud is its overall performance."
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
"The reports from SonarCloud are very good."
"For what it is meant to do, it works pretty well."
"GitLab can improve the integration with third-party applications. It could be made easier. Additionally, having API control from my application could be helpful."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"The solution should again offer an on-premises deployment option."
"The solution could be faster."
"It should be used by a larger number of people. They should raise awareness."
"GitLab can improve by integrating with more tools, such as servers with Docker."
"The documentation could be improved to help newcomers better understand things like creating new branches."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"We had some issues with the scanner."
"It would be helpful if notifications could go out to an extra person."
"The solution needs to improve its customization and flexibility."
"SonarCloud's UI needs enhancement."
GitLab is ranked 7th in Static Application Security Testing (SAST) with 70 reviews while SonarCloud is ranked 10th in Static Application Security Testing (SAST) with 10 reviews. GitLab is rated 8.6, while SonarCloud is rated 8.4. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of SonarCloud writes "Beneficial vulnerability discovery, simple to maintain, and proactive support". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo and AWS CodePipeline, whereas SonarCloud is most compared with SonarQube, Veracode, Checkmarx One, OWASP Zap and Coverity. See our GitLab vs. SonarCloud report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.