GitLab DevSecOps platform enables software innovation by aiming to empower development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts. GitLab helps teams across the complete DevSecOps lifecycle, from developing, securing, and deploying software. Differentiators, as described by Gitlab:
Simplicity: With GitLab, DevSecOps can…
$0
per month per user
Fortify by OpenText
Score 9.0 out of 10
N/A
An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.
It is well-suited for any project that needs VCS. It's an excellent choice for teams that might be remote or have to collaborate across teams. Plenty of features allow for async working. With its dashboards and reporting features, it is also suitable for nontechnical PMs or stakeholders. It allows for very bespoke customization and can most often do much more than you need it to.
I think Micro Focus Fortify WebInspect could fit really any organization well that needs to perform static code analysis on their applications (they do have dynamic scanning but I don't have any experience using it). Different static analysis tools scan code differently, Micro Focus Fortify WebInspect requires you to provide a full build of the application to be submitted with debugging files which could be easy or hard depending on how your organization is building it's apps.
I really feel the platform has matured quite faster than others, and it is always at the top of its game compared to the different vendors like GitHub, Azure pipelines, CircleCI, Travis, Jenkins. Since it provides, agents, CI/CD, repository hosting, Secrets management, user management, and Single Sign on; among other features
Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.
I find it easy to use, I haven't had to do the integration work, so that's why it is a 9/10, cause I can't speak to how easy that part was or the initial set up, but day to day use is great!
It is a cloud-based platform which can provide us a very useful and unique features like Application Assessment, Scans, Vulnerability Test, Comprehensive Reporting, Monitoring, etc. Fortify by Open Text is also outstanding in various parameters for the support and integration and it is highly adaptable in various DevOps Program where you need secure app testing with all given features.
I've never had experienced outages from GItlab itself, but regarding the code I have deployed to Gitlab, the history helps a lot to trace the cause of the issue or performing a rollback to go back to a working version
GItlab reponsiveness is amazing, has never left me IDLE. I've never had issues even with complex projects. I have not experienced any issues when integrating it with agents for example or SSO
At this point, I do not have much experience with Gitlab support as I have never had to engage them. They have documentation that is helpful, not quite as extensive as other documentation, but helpful nonetheless. They also seem to be relatively responsive on social media platforms (twitter) and really thrived when GitHub was acquired by Microsoft
GitHub is an inferior product from most points of view. We had to use it and the teams finds no positives about it. Everything is a downgrade from our previous GitLab solution. GitLab CI\CD is vastly superior to workflows, for example doing a manual node is just "when : manual" in GitLab while you have to do clickops in GitHub to achieve the same. No overview of code in branches is a minus when we tried to figure out what our colleagues are trying to merge as it looked off.
Micro Focus Fortify WebInspect is better when it comes to speed, integration and detection capabilities as compared to Insight Appsec. What I loved the most is the broad coverage of vulnerabilities it identified as against Insight Appsec. Apart from detection capabilities the time taken is also less compared to Insight Appsec. Given the performance of Micro Focus Fortify WebInspect I would strongly recommend to everyone looking for DevSecOps and application security solutions