GitLab vs. HCL AppScan

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
GitLab
Score 8.7 out of 10
N/A
GitLab DevSecOps platform enables software innovation by aiming to empower development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts. GitLab helps teams across the complete DevSecOps lifecycle, from developing, securing, and deploying software. Differentiators, as described by Gitlab: Simplicity: With GitLab, DevSecOps can…
$0
per month per user
HCL AppScan
Score 5.1 out of 10
N/A
AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.N/A
Pricing
GitLabHCL AppScan
Editions & Modules
GitLab Essential
$0
per month per user
GitLab Premium
$29
per month per user
GitLab Ultimate
$99
per month per user
No answers on this topic
Offerings
Pricing Offerings
GitLabHCL AppScan
Free Trial
YesYes
Free/Freemium Version
YesNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeOptionalNo setup fee
Additional Details
More Pricing Information
Community Pulse
GitLabHCL AppScan
Considered Both Products
GitLab
Chose GitLab
As mentioned earlier, the features like chart visualization sets it apart from the others. Other than that, GitLab is open source while other are not and comparatively more secure that its other counterparts. Also, GitLab supports adding other types of attachments which is not …
Chose GitLab
When i was using the other platform, Some time i face down time, But GitLabs its not happening for single time. GitLab is having easy user interference as compared to other platforms. Pull Request, Code review, Issue tracking, Merging, Access control and User Roles is having a …
Chose GitLab
GitLab is miles ahead of the competition. In so many words, having a simple UI with robust security and the ability to conduct Git actions takes the cake. The competitions like to say they can do these things easily but their products are more confusing and hard to use.
Chose GitLab
GitLab allows a self-hosted version that is easy to setup and configure. It is also open-source as compared to GitHub. The integrated CI/CD tools is a plus, since we do not have to worry about those tools, unlike Github. The All-in-one solution of GitLab made sense for our …
Chose GitLab
Gitlab offers the best support for CI/CD pipelines and the highest degree of customisation for workflows, permissions, and integrations. The integration of BitBucket with JIRA is better than GitLab but CI/CD features are limited in comparison. GitLab's built-in Container …
Chose GitLab
Gitlab provides basic functionality like any other git tool. Some features of push and pull requests , clone and merge is handled equally well. It lacks in AI features which are there in GitHub and setup processes are difficult. Cost difference is the only concern while …
Chose GitLab
GitHub is an inferior product from most points of view. We had to use it and the teams finds no positives about it. Everything is a downgrade from our previous GitLab solution.

GitLab CI\CD is vastly superior to workflows, for example doing a manual node is just "when : manual" …
Chose GitLab
It's much simpler than the competitors. The one important feature Gitlab stand out is the CI/CD pipeline. GitHub required integration with external CI tools but Gitlab has this feature built-in. Compare to Jenkins and Teamcity, It's easy to use without any additional Plugins. …
Chose GitLab
Gitlab seems more cutting-edge than GitHub; however, its AI tools are not yet as mature as those of CoPilot. It feels like the next-generation product, so as we selected a tool for our startup, we decided to invest in the disruptor in the space. While there are fewer …
Chose GitLab
I tried Github in the past, and it was really similar as GitLab. But we prefer use GitLab for the cicd part, easier to handle
Chose GitLab
i have more exoerence in GitLab rather than bitbucket . As personally , it is good for me to understand how things is going on. i have used personally and also in organisation . It is great for developer to see there 3 months ago code and also can come up with new solution to …
Chose GitLab
Because with Visual Studio code, it was very easy for us to install GitLab in it and have easy access through the terminal and due to GitLab, it was easy to implement codes regarding API and AWS services to make our software better. Gitlens and all features help to check the …
Chose GitLab
GitLab provides a far superior platform due to it's great integration and CI/CD focus. And while in the beginning the UI might look a bit overwhelming with use you will find it way more useful than it's competitors. The variables and settings also make way more sense and it's …
Chose GitLab
My feedback may not be important here because when I joined the company they already had GitLab and we still use it due to the ability to do CI/CD Integration, deployments, debugging, code owners approval, and Jira integration. So far we have not had any major blocker that has …
Chose GitLab
Github is more open-source first and enterprise-first second in their approach. The reverse is true for GitLab. Both are exceptional products and it highly depends on the specific needs of an org
Chose GitLab
Used Jenkins to connect with GitLab for building and deployment of microservices. GitLab helps in easy integration.
Chose GitLab
GitLab has a open-source community and great documentation that provides support resources and community contributions. AWS CodeCommit is used for integration with other AWS services in the AWS ecosystem and also have a low community and support compared to GitLab hence …
Chose GitLab
It was a management decision to use GitLab over other tools. It integrates well with RBAC using Terraform. Runners are easy to setup. Almost all the features the organization used before are available in GitLab.
Chose GitLab
For small projects or companies that do work on a few only code repositories selecting one of the git code hosting services like GitLab, GitHub, Bitbicket etc does not make a big difference.

But, if you are on a code development company that handles too many repositories and …
Chose GitLab
Software delivery is the key objective and GitLab made it much easier to hit the group quickly. It worked well with automation, and integrations with other SDLC tools used in the Organization and it is really easy to use. It's widely adopted and has the power to deliver what we …
Chose GitLab
1. Easier to use and setup then any other product.
2. CI/CD is also easier in GitLab
Chose GitLab
GitLab's online IDE and code modification is much better compared to Stash. While pricier than Bitbucket, Gitlab also provides CI CD configuration better than BB.
Chose GitLab
GitLab is rich in features and access control if compared with GitHub also GitHub stands no where in CI/CD if compared with GitLab.
GitLab CI/CD is mature, robust and far better than GitHub actions in all means.
If I talk about quality of support and reponse time of GitLab it is …
HCL AppScan
Chose HCL AppScan
When we used Veracode, it takes a-lot of time to run a source code analysis. It's user interface is also bit clumsy. So we switched to HCL AppScan. It enables enterprises to scan internal and external applications for vulnerabilities. It provides quick and easy access to the …
Chose HCL AppScan
Both solutions are decent, however, I had team members who had the experience working with HCL AppScan. Also, the product was priced nominally which suited our budget. Further, HCL AppScan's user community was bigger and many learning resources were freely available which …
Chose HCL AppScan
We have been using AppScan for about 14 years (Before it was acquired by IBM). A few years ago we did an upgrade from the standard edition to the enterprise edition (to allow several users at once) in order to accommodate the growth of our team. Prior to this upgrade we looked …
Best Alternatives
GitLabHCL AppScan
Small Businesses

No answers on this topic

GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
GitLabHCL AppScan
Likelihood to Recommend
8.9
(0 ratings)
8.3
(0 ratings)
Likelihood to Renew
9.9
(0 ratings)
-
(0 ratings)
Usability
9.0
(0 ratings)
-
(0 ratings)
Support Rating
9.1
(0 ratings)
-
(0 ratings)
User Testimonials
GitLabHCL AppScan
Likelihood to Recommend
It is well-suited for any project that needs VCS. It's an excellent choice for teams that might be remote or have to collaborate across teams. Plenty of features allow for async working. With its dashboards and reporting features, it is also suitable for nontechnical PMs or stakeholders. It allows for very bespoke customization and can most often do much more than you need it to.
Read full review
I would say that HCL AppScan is very simple to understand and use since it uses a user-friendly interface and the terminologies that are used in the interface of the application is very clear. We can automate a scan with any third party like Jenkins. The fact, I don't like is the time takes to execute the application, it should be better.
Read full review
Pros
  • GitLab excels in managing code versions, allowing easy tracking of changes, branch management, and merging contributions.
  • It helps maintain code stability and reliability, saving time and effort in the development or research workflow.
  • Powerful code review features, enabling collaboration and feedback among team members.
  • Robust project management features, including issue tracking, kanban boards, and milestones.
Read full review
  • AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
  • Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
  • Technical reports include remediation information and cross reference CVSS scores
  • Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
Read full review
Cons
  • CI variables management is sometimes hard to use, for example, with File type variables. The scope of each variable is also hard to guess.
  • Access Token: there are too many types (Personal, Project, global..), and it is hard to identify the scope and where it comes from once created.
  • Runners: auto-scaled runners are for the moment hard to put in place, and monitoring is not easy.
Read full review
  • The functions you want, the points that are difficult to understand.
  • Issues presented in the vulnerability diagnostic report may not be fully explained and not well understood.
  • You may think it is very basic and natural, "diagnose screen after login" "diagnose according to input transition ⇒ confirmation ⇒ completion" but to do all this, you need regular expressions, and macros, there are many products that require you to write scripts.
Read full review
Likelihood to Renew
I really feel the platform has matured quite faster than others, and it is always at the top of its game compared to the different vendors like GitHub, Azure pipelines, CircleCI, Travis, Jenkins. Since it provides, agents, CI/CD, repository hosting, Secrets management, user management, and Single Sign on; among other features
Read full review
No answers on this topic
Usability
I find it easy to use, I haven't had to do the integration work, so that's why it is a 9/10, cause I can't speak to how easy that part was or the initial set up, but day to day use is great!
Read full review
No answers on this topic
Reliability and Availability
I've never had experienced outages from GItlab itself, but regarding the code I have deployed to Gitlab, the history helps a lot to trace the cause of the issue or performing a rollback to go back to a working version
Read full review
No answers on this topic
Performance
GItlab reponsiveness is amazing, has never left me IDLE. I've never had issues even with complex projects. I have not experienced any issues when integrating it with agents for example or SSO
Read full review
No answers on this topic
Support Rating
At this point, I do not have much experience with Gitlab support as I have never had to engage them. They have documentation that is helpful, not quite as extensive as other documentation, but helpful nonetheless. They also seem to be relatively responsive on social media platforms (twitter) and really thrived when GitHub was acquired by Microsoft
Read full review
No answers on this topic
Alternatives Considered
GitHub is an inferior product from most points of view. We had to use it and the teams finds no positives about it. Everything is a downgrade from our previous GitLab solution. GitLab CI\CD is vastly superior to workflows, for example doing a manual node is just "when : manual" in GitLab while you have to do clickops in GitHub to achieve the same. No overview of code in branches is a minus when we tried to figure out what our colleagues are trying to merge as it looked off.
Read full review
When we used Veracode, it takes a-lot of time to run a source code analysis. It's user interface is also bit clumsy. So we switched to HCL AppScan. It enables enterprises to scan internal and external applications for vulnerabilities. It provides quick and easy access to the most updated security guidelines by scanning applications against the OWASP Top 10 vulnerabilities.
Read full review
Scalability
I think is very well designed, and like any VCS it works as intended
Read full review
No answers on this topic
Return on Investment
  • GitLab cut down our spent on container, package and infrastructure registry
  • Best thing is we can now have everything in single platform which cost effective too
  • Quality of support is really good and they do have emergency support team as well which is great
Read full review
  • Reduced manual effort by 20-30%
  • Integrate 3-4 security solutions with other tools in the system
  • prevent sql injection attacks in our business
Read full review
ScreenShots

GitLab Screenshots

Screenshot of GitLab, a comprehensive DevSecOps platform.Screenshot of Security DashboardScreenshot of Merge Request

HCL AppScan Screenshots

Screenshot of Cloud Security: AppScan will scan Docker containers and container images to ensure that third party components have not introduced vulnerabilities to an application. Software composition analysis (SCA) tools help organizations inventory third-party commercial and open source components used within their software to understand which components and versions are being used and to identify security vulnerabilities affecting those components.Screenshot of API Testing: This dangerous attack vector can be secured by identifying vulnerable third-party components, automating and integrating API testing and detecting issues in the IDE.Screenshot of Auto Issue Correlation: AppScan leverages three technologies (DAST, SAST, IAST) to enrich results, validate fixes and reduce the number remediation tasks by grouping issues together.Screenshot of 30+ Code Languages Supported: HCL AppScan offers an extensive list of supported code languages.