GitLab vs. Coverity Static Analysis (SAST)

GitLab is good if you work a lot with code and do complex repository actions. It gives you a very good overview of what were the states of your branches and the files in them at different stages in time. It's also way easier and more efficient to write pipelines for CI\CD. It's easier to read and it's easier to write them. It takes fewer clicks to achieve the same things with GitLab than it does for competitor products.

Incentivized

Best suits for large scale and dynamic development environment. It may be best tool if you want to release your apps with less TAT. However if you have a CRM tool which is COTS product it can offer little help. Even then you should be familiar with what features of Coverity Static Analysis (SAST) are helpful for your development environment

Incentivized

• GitLab excels in managing code versions, allowing easy tracking of changes, branch management, and merging contributions.
• It helps maintain code stability and reliability, saving time and effort in the development or research workflow.
• Powerful code review features, enabling collaboration and feedback among team members.
• Robust project management features, including issue tracking, kanban boards, and milestones.

Incentivized

• It can provide security scanning dashboard
• Help detect vulnerabilities and recommend remediation
• Integration of devsecops helps speed up release cycles

Incentivized

• CI variables management is sometimes hard to use, for example, with File type variables. The scope of each variable is also hard to guess.
• Access Token: there are too many types (Personal, Project, global..), and it is hard to identify the scope and where it comes from once created.
• Runners: auto-scaled runners are for the moment hard to put in place, and monitoring is not easy.

Incentivized

• Coverage of integration with other security tools can be improved
• Customisation of dashboard to enable customer choice of tracking
• Showcase devsecops progressive tasks from SLA and violation from code scanner perspective

Incentivized

I really feel the platform has matured quite faster than others, and it is always at the top of its game compared to the different vendors like GitHub, Azure pipelines, CircleCI, Travis, Jenkins. Since it provides, agents, CI/CD, repository hosting, Secrets management, user management, and Single Sign on; among other features

Incentivized

I find it easy to use, I haven't had to do the integration work, so that's why it is a 9/10, cause I can't speak to how easy that part was or the initial set up, but day to day use is great!

Incentivized

I've never had experienced outages from GItlab itself, but regarding the code I have deployed to Gitlab, the history helps a lot to trace the cause of the issue or performing a rollback to go back to a working version

Incentivized

GItlab reponsiveness is amazing, has never left me IDLE. I've never had issues even with complex projects. I have not experienced any issues when integrating it with agents for example or SSO

Incentivized

At this point, I do not have much experience with Gitlab support as I have never had to engage them. They have documentation that is helpful, not quite as extensive as other documentation, but helpful nonetheless. They also seem to be relatively responsive on social media platforms (twitter) and really thrived when GitHub was acquired by Microsoft

Incentivized

Gitlab seems more cutting-edge than GitHub; however, its AI tools are not yet as mature as those of CoPilot. It feels like the next-generation product, so as we selected a tool for our startup, we decided to invest in the disruptor in the space. While there are fewer out-of-the-box templates for Gitlab, we have never discovered a lack of feature parity.

Incentivized

Coverity Static Analysis (SAST) has wide coverage in terms of Owasp Top 10 vulnerabilities, various types of languages, backward integration. While other tools offer similar experience of code scanning, coverity helps in pointed recommendations for quick closure of vulnerabilities. The historical analysis of vulnerabilities is a good value add in understanding which type of code and which language is better in improving cyber security maturity.

Incentivized

I think is very well designed, and like any VCS it works as intended

Incentivized

• GitLab cut down our spent on container, package and infrastructure registry
• Best thing is we can now have everything in single platform which cost effective too
• Quality of support is really good and they do have emergency support team as well which is great

Incentivized

• Helped reduce efforts of development team avoiding rework
• Increased security maturity
• Increased efficiency of the teams

Incentivized