CAST Highlight vs. GitLab

I think CAST is a great tool to give insight into your applications. The tool can be met with resistance from team members as the tool is going to expose defects that should be addressed. Out of the box, it may need some tailoring to focus on certain areas so that you are not overwhelmed with defects the first time you scan your code. But ultimately, you will want to eliminate all defects in the code and have all violations turned on.

Incentivized

GitLab is good if you work a lot with code and do complex repository actions. It gives you a very good overview of what were the states of your branches and the files in them at different stages in time. It's also way easier and more efficient to write pipelines for CI\CD. It's easier to read and it's easier to write them. It takes fewer clicks to achieve the same things with GitLab than it does for competitor products.

Incentivized

• Identifies common coding vulnerabilities.
• Compares code to industry best practices.
• Assesses the code for data privacy compliance.

Incentivized

• GitLab excels in managing code versions, allowing easy tracking of changes, branch management, and merging contributions.
• It helps maintain code stability and reliability, saving time and effort in the development or research workflow.
• Powerful code review features, enabling collaboration and feedback among team members.
• Robust project management features, including issue tracking, kanban boards, and milestones.

Incentivized

• Code scans could be faster. A large application may need to be broken down into smaller sub-applications in order to facilitate faster code scans.
• We spent a lot of time trying to figure out how to best structure our code base in the application for ultimate performance.

Incentivized

• CI variables management is sometimes hard to use, for example, with File type variables. The scope of each variable is also hard to guess.
• Access Token: there are too many types (Personal, Project, global..), and it is hard to identify the scope and where it comes from once created.
• Runners: auto-scaled runners are for the moment hard to put in place, and monitoring is not easy.

Incentivized

Gitlab is the best in its segment. They have a free version, they have open-source software, they provide a good service with their SaaS product, they are a fully-remote company since the beginning (which means they are fully distributed and have forward-thinking IMO). I would certainly recommend them to everyone.

Incentivized

I find it easy to use, I haven't had to do the integration work, so that's why it is a 9/10, cause I can't speak to how easy that part was or the initial set up, but day to day use is great!

Incentivized

Tech support and pro services are top-notch.

Incentivized

At this point, I do not have much experience with Gitlab support as I have never had to engage them. They have documentation that is helpful, not quite as extensive as other documentation, but helpful nonetheless. They also seem to be relatively responsive on social media platforms (twitter) and really thrived when GitHub was acquired by Microsoft

Incentivized

These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.

Incentivized

Gitlab seems more cutting-edge than GitHub; however, its AI tools are not yet as mature as those of CoPilot. It feels like the next-generation product, so as we selected a tool for our startup, we decided to invest in the disruptor in the space. While there are fewer out-of-the-box templates for Gitlab, we have never discovered a lack of feature parity.

Incentivized

• I believe once we had the tool working for our code base, we immediately saw positive ROI.
• We spent some time getting to where our code code be scanned efficiently but some of that was trying to do things ourselves instead of fully utilizing Cast Professional Services. I highly recommend to do an engagement with CAST to have them help setup the tool in your environment or to run it in the cloud for you.

Incentivized

• GitLab cut down our spent on container, package and infrastructure registry
• Best thing is we can now have everything in single platform which cost effective too
• Quality of support is really good and they do have emergency support team as well which is great

Incentivized