GitLab vs. F5 Distributed Cloud Bot Defense

We started to use GitLab for hosting git source code repositories of our projects only but slowly we started to use it to store container images, packages, dependency proxy as well infrastucture registry and it is now well suited for Continuous Integration in our projects, It wasn't that good in Continuous Deployment before 12.0 version but after 12.0 it is amazingly good for Continuous Deployment as well since it keeps deployment information in a well organized manner which can be configure in ci yaml configuration.

Incentivized

F5 Distributed Cloud Bot Defense is well suited for large Enterprises that face advanced bot attacks from Web
Scraping, Credential Stuffing, Carding/Credit Card Stuffing, Fake Account
Creation, and more where the collection of the Client-Side signals helps clearly show if the attackers are telling lies vs. other bot solutions that place a lot of the responsibility on their customers to tune bot scores.

• GitLab excels in managing code versions, allowing easy tracking of changes, branch management, and merging contributions.
• It helps maintain code stability and reliability, saving time and effort in the development or research workflow.
• Powerful code review features, enabling collaboration and feedback among team members.
• Robust project management features, including issue tracking, kanban boards, and milestones.

Incentivized

• Quickly helps mitigate the retooling and newer advanced bot attacks
• Excellent customer service from our f5 bot Defense team/partners
• Easy to do Traffic Analysis/False Positive reviews with their dashboard of data
• Our F5 Security/Solutions Architect and TAM is always there for us whenever we need them
• First class service by the F5 Distributed Cloud Bot DefenseSOC, the Tactics Team, the F5 Testing person that helps us, the mobile SDK experts, the Client-Side Signals experts and F5 management
• Industry best Threat Briefings
• Not only is F5 Distributed Cloud Bot Defense great at stopping the advanced bot attacks, they also have protection against any tampering or replay attacks.

• CI variables management is sometimes hard to use, for example, with File type variables. The scope of each variable is also hard to guess.
• Access Token: there are too many types (Personal, Project, global..), and it is hard to identify the scope and where it comes from once created.
• Runners: auto-scaled runners are for the moment hard to put in place, and monitoring is not easy.

Incentivized

• On a technical side, we've had a lot of deployment issues. This is not a one-sprint solution.
• We ran into undocumented failure modes and had to rely on L2 and L3 customer support, delaying troubleshooting significantly [in our experience].
• Accurate log ingestion is a larger challenge than one would want in a security tool.

Gitlab is the best in its segment. They have a free version, they have open-source software, they provide a good service with their SaaS product, they are a fully-remote company since the beginning (which means they are fully distributed and have forward-thinking IMO). I would certainly recommend them to everyone.

Incentivized

I find it easy to use, I haven't had to do the integration work, so that's why it is a 9/10, cause I can't speak to how easy that part was or the initial set up, but day to day use is great!

Incentivized

At this point, I do not have much experience with Gitlab support as I have never had to engage them. They have documentation that is helpful, not quite as extensive as other documentation, but helpful nonetheless. They also seem to be relatively responsive on social media platforms (twitter) and really thrived when GitHub was acquired by Microsoft

Incentivized

Support is quick to respond. They help guide you through any issues you have and ensure everything has been resolved before disconnecting. Wait times can vary, but it depends on the time of day. Eventually, excellent support is reached, and you can learn a few things from them as well.

Incentivized

F5 Distributed Cloud Bot Defense and our partners are great at helping us with in-depth Traffic Analysis of protected endpoints first in Monitoring Mode. After 7-14 days of Traffic Analysis/False Positive reviews, we can clearly tell when we are ready to place protected endpoints into Mitigation Mode.

GitLab is easily the preferred tool when it comes to versioning and source control. With other tools the UI often feels outdated and clunky leading to inefficiency and confusion. With some of the sleeker tools such as GitKraken, while the aesthetic is pleasing, the experience is plagued by a lack of support, lack of optional plugins, and a plethora of bugs that cause unnecessary legwork to resolve. GitLab is the best of both aesthetic and functionality

Incentivized

We have tried a whole bunch of solutions before we got Shape bot defense solution. But non of them worked for us the way F5 Shape solution worked

Incentivized

• We were able to streamline our project's codebase which made us very organised and laid out a proper plan for development.
• Our deployment and infra pipelines are well structured now making our process 10x faster.
• We are more focused into project building rather infra, as infra is totally on autopilot mode. Which has enabled us to grow our ROI by records.

Incentivized

• [F5] Shape [Security] established a clear negative trend line in bot traffic to our retail site.
• [F5] Shape [Security's] anti-automation has moved our business out of reach for ROI for attackers.
• So far, [F5] Shape [Security] has not caused any incidents as a technology, and has stifled attacks which would have certainly landed as a Sev 2 without this protection.