We performed a comparison between Fortify Static Code Analyzer and GitLab based on real PeerSpot user reviews.
Find out what your peers are saying about Veracode, Checkmarx, OpenText and others in Static Code Analysis."The reference provided for each issue is extremely helpful."
"Its flexibility is most valuable. It is such a flexible tool. It can be implemented in a number of ways. It can do anything you want it to do. It can be fully automated within a DevOps pipeline. It can also be used in an ad hoc, special test case scenario and anywhere in between."
"Integrating the Fortify Static Code Analyzer into our software development lifecycle was straightforward. It highlights important information beyond just syntax errors. It identifies issues like password credentials and access keys embedded in the code."
"Automating the Jenkins plugins and the build title is a big plus."
"You can really see what's happening after you've developed something."
"The most valuable features include its ability to detect vulnerabilities accurately and its integration with our CI/CD pipeline."
"The Software Security Center, which is often overlooked, stands out as the most effective feature."
"Fortify Static Code Analyzer tells us if there are any security leaks or not. If there are, then it's notifying us and does not allow us to pass the DevOps pipeline. If it is finds everything's perfect, as per our given guidelines, then it is allowing us to go ahead and start it, and we are able to deploy it."
"As a developer, this solution is useful as a repository holder because most of the POC projects that we have are on GitLab."
"The SaaS setup is impressive, and it has DAST solutioning."
"Of all available products, it was the easiest to use and easy to install."
"GitLab offers a good interface for doing code reviews between two colleagues."
"This is a scalable solution. We had around 200 users working with it."
"I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently."
"I have had no problem with the stability of the solution."
"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"Fortify's software security center needs a design refresh."
"Fortify Static Code Analyzer has a bit of a learning curve, and I don't find it particularly helpful in narrowing down the vulnerabilities we should prioritize."
"The price can be improved."
"Fortify Static Code Analyzer is a good solution, but sometimes we receive false positives. If they could reduce the number of false positives it would be good."
"Not all languages are supported in Fortify."
"The troubleshooting capabilities of this solution could be improved. This would reduce the number of cases that users have to submit."
"Streamlining the upgrade process and enhancing compatibility would make it easier for us to keep our security tools up-to-date."
"The pricing is a bit high."
"The tool should include a feature that helps to edit the code directly."
"Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes."
"The integration could be slightly better."
"GitLab would be improved with the addition of templates for deployment on local PCs."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package."
"GitLab could consider introducing a code-scanning tool. Purchasing such tools from external markets can incur charges, which might not be favorable. Integrating these features into GitLab would streamline the pipeline and make it more convenient for users."
"The documentation could be improved to help newcomers better understand things like creating new branches."
Fortify Static Code Analyzer is ranked 3rd in Static Code Analysis with 14 reviews while GitLab is ranked 7th in Application Security Tools with 70 reviews. Fortify Static Code Analyzer is rated 8.4, while GitLab is rated 8.6. The top reviewer of Fortify Static Code Analyzer writes "Seamless to integrate and identify vulnerabilities and frees up staff time". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Fortify Static Code Analyzer is most compared with Black Duck, Snyk, Veracode, Sonatype Lifecycle and Mend.io, whereas GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Sonatype Lifecycle.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.