GitLab

We have a paid plan. It is being paid through AWS Marketplace. We haven't used any GitLab’s security features yet.

Yes, one of the big advantages of GitLab against other solutions is the security model. First of all GitLab is an open source so every system vulnerability is much easier to fix. Another option that GitLab is usually preffered is that is provides self hosted options (paid, free and on premise). This means that a company could have all of its code infrastructure even on a docker image.

We do use GitLab's Enterprise Plans but we've not used any security features of GitLab ye.

None. This would be really a game changer.

I do not use these features

Using GitLab, we do scan our jars, images, and code for CVEs. It works well enough.

While we have not directly used any integration support for security vulnerabilities, these form a critical part of our infrastructure as we're a tightly regulated and user centric industry and software vulnerabilities signify immense potential loss of revenue and market importance. GitLab's support for vulnerability extermination is something we're evaluating to implement and move away from our hands on fix process that we employ right now.

We do not have a paid plan.

We have not used any of the security features.

We make use of GitLab's Unit Test Reports - This feature helps simplify the identification of faults within Ci/Cd ( continuous integration and deployment ) merge requests. Thus , eliminating the need for manual inspection of the software delivery pipeline, leading to faster identification of merge request security lapses and enhancing the overall quality of our codebase.

We have used GitLab's security features to scan code for vulnerabilities. While my personal experience with this has been less than others, we certainly benefit from the ability to address vulnerabilities when found instead of after code has been deployed. This has saved us unnecessary legwork and has saved the end customers from having to deal with oversights on our part.

Security considerations in GitLab are mainly covered by the security team in my organization. However, colleagues dedicated to the security of the company have been satisfied with GitLab and the features that the application has to offer when it comes to integrating the tool with the general security requirements of the company.

We have looked the GitLab Ultimate and to be honest I would like to be using this version. Only trouble I have is we have over 25 developers located in different global regions, and not able to budget those license costs at present. We did go through a demo with GitLab and the code scanning and vulnerability features are very compelling.

We use 2FA which makes it more difficult for attackers to gain unauthorized access and is also a security requirement within our company. Also, the code review and approval functionalities are considered as security feature in our company because with changes to the main branch, often a deployment to production systems is triggered. With code reviews and approvals, we ensure that no unintended code is being published.

Security feature detects the common and most known vulnerabilities that help to keep code sanity and code security up to date.
It reduce the burdens of Team leads.

The authentication is done through GitLab personal access token which work flawless.

Gitlab has this security check Api and dashboard where a user can check the report on how the production environment and the deployment team are performing on the following part of project. The treats, vulnerabilities and error/loss minimal can be visualized easily via the report and the necessary changes can be made effectively then and there.

We haven't used paid plan yet

We did use one of Gitlab's paid plans, and yes we did use the security features. Gitlab is very forgiving to the novice user in the sense that it teaches you to spot the vulnerabilities to make sure you can identify them quicker. That bit of indirect learning allowed us to be more secure, because while the software helps spot flaws, it taught our workers to be much more efficient.

We did not use gitlab security features, we did however integrate gitlab with other solutions such as SonarQube and secured the infrastructures on the technical level (ex. remove internet access on the project level, expose the service on a restricted internal network)

We are on the community version. Still, the community was so supportive, and the software has regular updates that keep you safe from vulnerabilities. Overall when you consider the paid plan, GitHub is a good alternative. Security features are great, with options to add SSH to the account and restrict the login process. This makes GitLab a good competitor in the self-hosted git management arena.

This is one of the main reason to choose apart pmo and code security and api life cycle is very important to us.

We are using other plugins for the security management.

We will use Sonar to identify the security and vulnerability of the code. Using the GitLab security feature, we could view the report where we are lacking and what we need to fix. It showcases all vulnerabilities and categories based on severity.

We only have the bare basic GitLab on-premise setup. Support is limited and based on our needs what we require. The out-of-box administration, controls, security, and user features are more than sufficient for what we need for our business.