Try our new research platform with insights from 80,000+ expert users

GitLab vs HCL AppScan comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

GitLab
Ranking in Application Security Tools
9th
Ranking in Static Application Security Testing (SAST)
7th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
82
Ranking in other categories
Build Automation (1st), Release Automation (2nd), Rapid Application Development Software (12th), Software Composition Analysis (SCA) (5th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (3rd)
HCL AppScan
Ranking in Application Security Tools
14th
Ranking in Static Application Security Testing (SAST)
10th
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
43
Ranking in other categories
Dynamic Application Security Testing (DAST) (1st)
 

Mindshare comparison

As of April 2025, in the Application Security Tools category, the mindshare of GitLab is 3.0%, up from 2.7% compared to the previous year. The mindshare of HCL AppScan is 2.6%, down from 2.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Gaurav Chandel - PeerSpot reviewer
Boosted productivity with automated pipelines and seamless collaboration
There are some challenges with repository file management as GitLab may struggle to manage larger files. Improvements could be made regarding size management and file partitioning. Also, the UI has remained the same for a couple of years and could benefit from an update with AI features and better customization.
Rishi Anupam - PeerSpot reviewer
A stable and scalable scanning solution with good reporting feature
The solution is used for the vulnerabilities scan on the network side The reporting part is the most valuable feature. The penetration testing feature should be included. I have been using the solution for four years. It is a stable solution. I rate it seven out of ten. It is a scalable…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"We use the Git repository and tagging feature. We are a product-based company and use this solution to move to a forward or backward tag."
"The initial setup of GitLab is pretty simple, with no complications."
"GitLab's best features are maintenance, branch integration, and development infrastructure."
"It streamlines our DevOps processes with automated CI/CD pipelines."
"Everything is easy to configure and easy to work with."
"If you want to maintain your issues in GitLab and raise your book of work and features, then GitLab is a great tool for collaboration and integration with code deployment and CICD pipelines."
"GitLab's best feature is Actions."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The platform has valuable security features, helping us identify sensitive code issues and the possibility of internal applications' exposure to external threats."
"AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further."
"The most valuable feature of the solution is Postman."
"There's extensive functionality with custom rules and a custom knowledge base."
"AppScan is stable."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"The product is useful, particularly in its sensitivity and scanning capabilities."
 

Cons

"The documentation is confusing."
"I would like configuration of a YML file to be done via UI rather than a code file."
"GitLab's Windows version is yet not available and having this would be an improvement."
"Their RBAC is role-based access, which is fine but not very good."
"The solution could be faster."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"We'd like to see better integration with the Atlassian ecosystem."
"I would like more Agile features in the Premium version. The Premium version should have all Agile features that exist in the Ultimate version. IBM AOM has a complete Agile implementation, but in GitLab, you only have these features if you buy the Ultimate version. It would be good if we can use these in the Premium version."
"AppScan needs to improve its handling of false positives."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"There are so many lines of code with so many different categories that I am likely to get lost. ​"
"The databases for HCL are small and have room for improvement."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
 

Pricing and Cost Advice

"My company uses the free version of GitLab, which is GitLab Community Edition. There is a licensed version also available for GitLab."
"On a scale of one to ten, where one is cheap, and ten is expensive, I rate the pricing a five out of ten."
"GitLab is an open-source solution."
"GitLab is a free solution to use."
"Regarding pricing, I would rate GitLab as moderately priced, maybe around a seven or eight out of ten. It could be more flexible for clients but generally offers good value."
"We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
"In total, I believe we have more than 300 licenses spread over about 100 users, though I can't comment on the costs involved."
"This product is not very expensive but the price can be better."
"The tool was expensive."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
"The solution is moderately priced."
"The price is very expensive."
"The solution is cheap."
"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"The product has premium pricing and could be more competitive."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
24%
Financial Services Firm
12%
Computer Software Company
12%
Manufacturing Company
9%
Computer Software Company
18%
Financial Services Firm
14%
Government
11%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about GitLab?
I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
What is your experience regarding pricing and costs for GitLab?
The pricing of GitLab is reasonable, aligning with what I consider to be average compared to competitors.
What needs improvement with GitLab?
Certain features in Jira are not available in GitLab, such as the functionality to have weights at the milestone and epic levels. Hopefully, these features will be resolved with work items in GitLa...
What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...
 

Comparisons

 

Also Known As

Fuzzit
IBM Security AppScan, Rational AppScan, AppScan
 

Overview

 

Sample Customers

1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Find out what your peers are saying about GitLab vs. HCL AppScan and other solutions. Updated: April 2025.
849,190 professionals have used our research since 2012.