We performed a comparison between GitLab and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is scalable."
"CI/CD is valuable for me."
"For us, Gitlab's most valuable feature is the integration with Cypress. We're using Cypress as an automation tool, so we're using GitLab as a tool for running in parallel."
"I like that it's easy to deploy our services over GitLab. The customer support is also good with a really active community. You have a lot of support that you can get online with your stack. That is probably one of the benefits of using GitLab. It's also really fast."
"I have had no problem with the stability of the solution."
"The initial setup of GitLab is pretty simple, with no complications."
"GitLab is being used as a repository for our codebase and it is a one stop DevOps tool we use in our team."
"CI/CD is very good. The version control system is also good. These are the two features that we use."
"The product has valuable features for static and dynamic testing."
"It provides a better integration for our ecosystem."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The most valuable feature of the solution is the scanning or security part."
"I like the recording feature."
"The solution is easy to use."
"It was easy to set up."
"The reporting part is the most valuable feature."
"I would like to see security increased in the future. A secure environment is very important."
"The tool should include a feature that helps to edit the code directly."
"The solution could be faster."
"It would be really good if they integrated more features in application security."
"Their RBAC is role-based access, which is fine but not very good."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"We would like to generate document pages from the sources."
"It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain."
"One thing which I think can be improved is the CI/CD Integration"
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"Scans become slow on large websites."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"The pricing has room for improvement."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"IBM Security AppScan Source is rather hard to use."
GitLab is ranked 7th in Application Security Tools with 70 reviews while HCL AppScan is ranked 15th in Application Security Tools with 41 reviews. GitLab is rated 8.6, while HCL AppScan is rated 7.8. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and OWASP Zap. See our GitLab vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
