We performed a comparison between GitLab and OWASP Zap based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Of the two solutions, users find deployment to be easier with Gitlab. For this reason, Gitlab comes out slightly on top in this comparison.
"We like that we can have an all-encompassing product and don't have to implement different solutions."
"It is scalable."
"This product is always evolving, and they listen to the customers."
"I have had no problem with the stability of the solution."
"I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."
"The SaaS setup is impressive, and it has DAST solutioning."
"The most valuable feature of GitLab is its security."
"GitLab is a solution for source code management, container registry, pipelines, testing, and deployment."
"They offer free access to some other tools."
"We use the solution for security testing."
"The product discovers more vulnerabilities compared to other tools."
"Simple to use, good user interface."
"The scalability of this product is very good."
"Automatic scanning is a valuable feature and very easy to use."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
"We are having a few problems integrating with Jira at the moment, which is something that our IT department is investigating."
"I rate the support from GitLab a four out of five."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"GitLab can improve by integrating with more tools, such as servers with Docker."
"The price of GitLab could improve, it is high."
"I'm new to GitLab, so I would appreciate more documentation about the code and commands."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"It doesn't run on absolutely every operating system."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"It would be nice to have a solid SQL injection engine built into Zap."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"Sometimes, we get some false positives."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
GitLab is ranked 7th in Static Application Security Testing (SAST) with 70 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. GitLab is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and ImmuniWeb. See our GitLab vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.