We performed a comparison between GitLab and SonarCloud based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."A user friendly solution."
"It is very flexible and easy because you can store data on cloud."
"I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."
"The most valuable feature of GitLab is the automatic merging of code."
"GitLab integrates well with other platforms."
"The most valuable features of Gitlab are integration with CIE and the ability to rapidly deploy solutions, projects, and applications. It is very easy to use, and there are no complaints."
"The user interface is really good so that helps with huge teams who need to collaborate."
"The solution is stable."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The solution can be installed locally."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"The reports from SonarCloud are very good."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
"The most valuable feature of SonarCloud is its overall performance."
"The solution should again offer an on-premises deployment option."
"The documentation is confusing."
"There was a problem with the build environment when we were looking at developing iOS applications. iOS build require Mac machines and there are no Mac machines provided by GitLab in their cloud. So to build for mobile iOS application, we needed to use our own Mac machine within our own infrastructure. If GitLab were to provide a feature such that an iOS application could also be built through GitLab directly, that would be great."
"I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository. Resolving that issue would make the product better. My team quickly fixed it by writing a small script, then double-clicking or enabling the script to take care of the issue. However, that quick fix was from my team and not the GitLab team, so in the next release, if an automatic deployment feature would be available in GitLab, then that would be good because, in Visual Studio, you can do that with just one click of a button."
"Perhaps the integration could be better."
"GitLab would be improved with the addition of templates for deployment on local PCs."
"GitLab could add a plugin to integrate with Kubernetes stuff."
"It would be really good if they integrated more features in application security."
"It would be helpful if notifications could go out to an extra person."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"We had some issues with the scanner."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"There's room for improvement in the configuration process, particularly during the initial setup phase."
GitLab is ranked 7th in Static Application Security Testing (SAST) with 70 reviews while SonarCloud is ranked 10th in Static Application Security Testing (SAST) with 10 reviews. GitLab is rated 8.6, while SonarCloud is rated 8.4. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of SonarCloud writes "Beneficial vulnerability discovery, simple to maintain, and proactive support". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo and AWS CodePipeline, whereas SonarCloud is most compared with SonarQube, Veracode, Checkmarx One, OWASP Zap and Coverity. See our GitLab vs. SonarCloud report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.