Qualys Web Application Scanning and GitLab compete in the area of vulnerability management and DevOps solutions. Based on features, Qualys has an advantage in vulnerability detection and zero-day management, while GitLab excels in CI/CD pipeline management and integration capabilities.
Features: Qualys Web Application Scanning is noted for its strong vulnerability management, integration capabilities, and comprehensive compliance scanning with detailed reporting. It is adept at detecting zero-day vulnerabilities and minimizes false positives effectively. GitLab is preferred for its robust CI/CD pipeline management, efficient code reviews, and its ability to integrate seamlessly with Kubernetes for containerized deployments.
Room for Improvement: Qualys could benefit from better management of false positives, pricing models, enhanced user interfaces, and expanded security standards support. GitLab needs improvements in integration with non-Kubernetes environments, project management tools, and better metrics for leadership teams. Enhancing automation features and adjusting pricing for smaller teams would also be beneficial.
Ease of Deployment and Customer Service: Qualys Web Application Scanning offers flexible deployment across hybrid, private, and public clouds, supported by strong technical support focused on quick issue resolution. GitLab provides various deployment models, excelling in public cloud environments with generally well-regarded technical support, though documentation and responsiveness could be improved.
Pricing and ROI: Qualys offers a competitive pricing model, though it might be higher than peers, with good value due to its comprehensive features and significant ROI. GitLab provides flexible pricing with free and paid tiers, but the cost of premium versions can be limiting for smaller teams. Its ROI is seen in streamlined DevOps processes and enhanced productivity.
We have saved time significantly, reducing deployment time from four hours to five minutes per deployment.
Migrating to GitLab is bringing time-saving benefits, and everything is easier to automate.
I have interacted with architects for some advice during the implementation, and they were prompt in their response.
I have had meetings where they taught me, explained things, and provided guidance for starting from scratch.
We have rarely needed to escalate issues to technical support since GitLab usually runs seamlessly.
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
It has all the features required for our coding and deployment needs, which makes it scalable to our changing requirements.
We're transitioning to OpenShift for future scalability with increased user numbers.
It is licensed for assets, so we just contact the team for additional licenses if needed.
At one point, there was a limitation on reporting for 100,000 assets at a time.
I have not encountered any performance or stability issues with GitLab so far.
It would be beneficial to have a user-friendly interface for setting up these configurations, instead of just writing YAML files.
GitLab can improve its user interface to make conflict resolution more user-friendly.
Roadmaps and Gantt charts in GitLab are not as advanced as in Jira, and changing start and end dates is more laborious in GitLab.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
One area of improvement is reducing false positives by prioritizing agent findings over remote findings when there is a corresponding local agent finding.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
Even when working in other small organizations, we opted for GitLab as it was cost-efficient.
The pricing of GitLab is reasonable, aligning with what I consider to be average compared to competitors.
The price is high, and it limits user accessibility.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
The Ultimate version offers enhanced features for security scanning through DAST and SAST analysis, which have greatly benefitted our project workflow.
As we implement automated testing and DevSecOps, it speeds up the process by forty to sixty percent.
The feature I appreciate the most about GitLab is its ease of use and compatibility, which allows for straightforward building and deployment processes.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
It is recognized as one of the best tools for web application security from a development perspective.
Credential scanning is very effective because it goes in-depth into the system, crawling the pages, and reporting on vulnerabilities.
GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster.
It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring.
With GitLab, teams can streamline their workflows, automate processes, and improve productivity.
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.
Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:
Benefits of Qualys Web Application Scanning
Qualys Web Application Scanning offers many benefits, including:
Reviews from Real Users
Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.
P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
