Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Competition

Manage

Manage

Plan

Plan

Create

Create

Verify

Verify

Package

Package

Secure

Secure

Release

Release

Configure

Configure

Monitor

Monitor

Protect

Protect

GitLab logo 2.6 2.7 3.3 3.0 2.5 2.9 2.8 2.3 1.9 2.5
github logo 1.3 1.3 4.0 1.3 2.3 1.9 1.2 0 0 0

Toggle Details

manage

Manage

GitLab logo github logo
Subgroups complete

Organize your projects and restrict access to controlled resources.

Documentation
Audit Events viable complete

Track important events for review and compliance such as who performed certain actions and the time they happened.

Documentation
Documentation
Audit Reports minimal viable
Documentation Documentation
Compliance Management minimal viable

Provide customers with the tools and features necessary to manage their compliance programs.

Documentation
Documentation
Permissions minimal

Framework for what a user can and can’t do within GitLab

Documentation
User Management viable

GitLab user lifecycle management. Does not include user profile, groups, projects, or sharing.

Documentation
DevOps Reports minimal

Get an overview of how well your organization is adopting DevOps and to see the impact on your velocity.

Documentation
Value Stream Management viable

Visualize, manage and optimize the flow of work through the DevOps lifecycle value stream.

Documentation
plan

Plan

GitLab logo github logo
Team Planning viable complete

Plan, organize, and track team progress using Scrum, Kanban, SAFe, and other Agile methodologies.

Documentation
Documentation
Portfolio Management viable complete

Plan upcoming work by creating Epics and mapping all relevant Issues to them. Create and track against multiple milestones at the portfolio level to see status overtime and review progress towards your goals

Documentation
Documentation
Service Desk viable

Connect your team using GitLab issues, to external parties directly via email for feedback and support, with no additional tools required.

Documentation
Requirements Management minimal

Gather and manage the use cases and requirements to meet business objectives.

Documentation
Quality Management minimal

Plan and track testing and quality of your product.

Documentation
Design Management viable

Upload design assets to GitLab issues for easy collaboration on designs with a single source of truth.

Documentation
create

Create

GitLab logo github logo
Code Review lovable lovable

Review code, discuss changes, share knowledge, and identify defects in code among distributed teams via asynchronous review and commenting. Automate, track and report code reviews.

Documentation
Wiki viable lovable

Share documentation and organization information with a built in wiki.

Documentation
Pages complete complete

Use any static site generator to create websites that are easily managed and deployed by GitLab.

Documentation
Documentation
Web IDE viable lovable

A full featured Integrated Development Environment (IDE) built into GitLab so you can start contributing on day one with no need to spend days getting all the right packages installed into your local dev environment.

Documentation
Documentation
Snippets complete lovable

Store and share bits of code and text with other users.

Documentation
Documentation
Remote Development planned

Accelerate your workflow and ensure a consistent developer experience by ditching your local environment and moving to standardized, secure, remote development environments.

verify

Verify

GitLab logo github logo
Continuous Integration (CI) complete lovable

Gain the confidence to ship at blistering speed and immense scale with automated builds, testing, and out-of-the-box security to verify each commit moves you forward.

Documentation
Documentation
Code Testing and Coverage viable

Code testing and coverage ensure that individual components built within a pipeline perform as expected, and are an important part of a Continuous Integration framework.

Documentation
Performance Testing minimal

Be confident in the performance of your changes by ensuring that they are validated against real world scenarios.

Documentation
Merge Trains viable

Keeping master green and ensuring the stability of collaboration on branches is vitally important. GitLab has introduced Merge Trains as an important way to accomplish this.

Documentation
Review Apps complete

Get a fully functional pre-production environment for every merge request that updates on each commit. See code running, and enable user acceptance testing and automated smoke tests before you merge.

Documentation
Secrets Management minimal viable

Manage secrets and protect sensitive data to enable GitLab, or a component built within GitLab to connect to other systems.

Documentation
Documentation
package

Package

GitLab logo github logo
Package Registry viable lovable

Every team needs a place to store their packages and dependencies. GitLab aims to provide a comprehensive solution, integrated into our single application, that supports package management for all commonly used languages and binary formats.

Documentation
Documentation
Container Registry viable lovable

A secure and private registry for Docker images built-in to GitLab. Creating, pushing, and retrieving images works out of the box with GitLab CI/CD.

Documentation
Documentation
Helm Chart Registry viable

Kubernetes cluster integrations can take advantage of Helm charts to standardize their distribution and install processes. Supporting a built-in helm chart registry allows for better, self-managed container orchestration.

Documentation
Dependency Proxy viable

The GitLab Dependency Proxy can serve as an intermediary between your local developers and automation and the world of packages that need to be fetched from remote repositories. By adding a security and validation layer to a caching proxy, you can ensure reliability, accuracy, and auditability for the packages you depend on.

Documentation
Dependency Firewall planned

GitLab ensures that the dependencies stored in your package registries conform to your corporate compliance guidelines. This means you can prevent your organization from using dependencies that are insecure or out of policy.

Git LFS minimal complete

Git LFS (Large File Storage) is a Git extension, which reduces the impact of large files in your repository by downloading the relevant versions of them lazily. Specifically, large files are downloaded during the checkout process rather than during cloning or fetching.

Documentation
Documentation
secure

Secure

GitLab logo github logo
SAST complete complete

Static Application Security Testing scans the application source code and binaries to spot potential vulnerabilities before deployment using open source tools that are installed as part of GitLab. Vulnerabilities are shown in-line with every merge request and results are collected and presented as a single report.

Documentation

GitHub experts, security researchers, and community contributors write and maintain the default CodeQL queries used for code scanning. The queries are regularly updated to improve analysis and reduce any false positive results. The queries are open source, so you can view and contribute to the queries in the github/codeql repository. For more information, see CodeQL on the CodeQL website.

You can also write your own queries. For more information, see “About CodeQL queries” in the CodeQL documentation.

Documentation
Secret Detection viable lovable

Check for credentials and secrets in commits.

Documentation

GitHub will scan your entire Git history on all branches present in your GitHub repository for any secrets. Service providers can partner with GitHub to provide their secret formats for scanning.

When secret scanning detects a potential secret, we notify the service provider who issued the secret. The service provider validates the string and then decides whether they should revoke the secret, issue a new secret, or contact you directly. Their action will depend on the associated risks to you or them.

Documentation
Code Quality minimal

Automatically analyze your source code to surface issues and see if quality is improving or getting worse with the latest commit.

Documentation
DAST viable

Dynamic Application Security Testing analyzes your running web application for known runtime vulnerabilities. It runs live attacks against a Review App, an externally deployed application, or an active API, created for every merge request as part of the GitLab’s CI/CD capabilities. Users can provide HTTP credentials to test private areas. Vulnerabilities are shown in-line with every merge request. Tests can also be run outside of CI/CD pipelines by utilizing on-demand DAST scans

Documentation
API Security viable

API Security focuses on testing and protecting APIs. Testing for known vulnerabilities with DAST API and unknown vulnerabilities with API Fuzzing, API Security runs against a live API or a Review App to discover vulnerabilities that can only be uncovered after the API has been deployed. Users can provide credentials to test authenticated APIs. Vulnerabilities are shown in-line with every merge request.

Documentation
Fuzz Testing viable

Fuzz testing increase chances to get results by using arbitrary payloads instead of well-known ones.

Documentation
Dependency Scanning viable

Analyze external dependencies (e.g. libraries like Ruby gems) for known vulnerabilities on each code commit with GitLab CI/CD. This scan relies on open source tools and on the integration with Gemnasium technology (now part of GitLab) to show, in-line with every merge request, vulnerable dependencies needing updating. Results are collected and available as a single report.

Documentation
License Compliance minimal complete

Upon code commit, project dependencies are searched for approved and blacklisted licenses defined by custom policies per project. Software licenses being used are identified if they are not within policy. This scan relies on an open source tool, LicenseFinder and license analysis results are shown in-line for every merge request for immediate resolution.

Documentation

Scorecards is an automated security tool that flags risky supply chain practices. You can use the Scorecards action and starter workflow to follow best security practices. Once configured, the Scorecards action runs automatically on repository changes, and alerts developers about risky supply chain practices using the built-in code scanning experience.

The Scorecards project runs a number of checks, including script injection attacks, token permissions, and pinned actions.

Documentation
Vulnerability Management viable complete

View, triage, trend, track, and resolve vulnerabilities detected in your applications.

Documentation
Documentation
release

Release

GitLab logo github logo
Continuous Delivery complete complete

Deliver your changes to production with zero-touch software delivery; focus on building great software and allow GitLab CD to bring your release through your path to production for you.

Documentation
Documentation
Advanced Deployments viable

Mitigate the risk of production deploys by deploying new production code to a small subset of your fleet and then incrementally adding more.

Documentation
Feature Flags viable

Feature flags enable teams to achieve CD by letting them deploy dark features to production as smaller batches for controlled testing, separating feature delivery from customer launch, and removing risk from delivery.

Documentation
Release Evidence minimal

Release Evidence includes all the assurances and evidence collection that are necessary for you to trust the changes you’re delivering.

Documentation
Release Orchestration viable

Management and orchestration of releases-as-code built on intelligent notifications, scheduling of delivery and shared resources, blackout periods, relationships, parallelization, and sequencing, as well as support for integrating manual processes and interventions.

Documentation
Environment Management minimal viable

Enable organizations to operate and manage multiple environments directly from GitLab. Environments are encapsulated in GitLab as a target system with associated configurations. By facilitating access control, visualizing deployments and deployment history across teams and projects, adding the ability to query environments, and ensuring that environment’s configurations are traceable, platform engineers can enact stronger controls and avoid costly mistakes in deployments.

Documentation
Documentation
configure

Configure

GitLab logo github logo
Auto DevOps viable

Commit your code and GitLab does the rest to build, test, deploy, and monitor automatically. Eliminate the complexities of getting going with automated software delivery by automatically setting up the pipeline and necessary integrations, freeing up your teams to focus on the culture part.

Documentation
Kubernetes Management viable

Connect Kubernetes clusters to GitLab for deployments and insights.

Documentation
Deployment Management minimal

Enable platform engineers to use GitLab as their deployment platform: platform engineers can define common DevOps practices, streamline compliance, and share common patterns to enable application development teams to be more efficient.

Documentation
ChatOps minimal

Tight integrations with Slack and Mattermost make it easy to manage and automate software development and delivery right from your chat app.

Documentation
Infrastructure as Code viable

Manage your infrastructure effectively to create, configure, and manage a complete software development environment.

Documentation
Cluster Cost Management planned

Gain insights and recommendations about your cluster spending

Documentation
monitor

Monitor

GitLab logo github logo
Metrics minimal

GitLab collects and displays performance metrics for deployed apps, leveraging Prometheus. Developers can determine the impact of a merge and keep an eye on their production systems, without leaving GitLab.

Documentation
Incident Management viable

Track incidents within GitLab, providing a consolidated location to understand the who, what, when, and where of the incident. Define service level objectives and error budgets, to achieve the desired balance of velocity and stability.

Documentation
On-call Schedule Management minimal

Track DevOps responsibilities within your team by creating rotating schedules for responders.

Documentation
Logging planned

GitLab makes it easy to view the logs distributed across multiple pods and services using log aggregation with Elastic Stack. Once Elastic Stack is enabled, you can view your aggregated Kubernetes logs across multiple services and infrastructure, go back in time, conduct infinite scroll, and search through your application logs from within the GitLab UI itself.

Documentation
Tracing minimal

Tracing provides insight into the performance and health of a deployed application, tracking each function or microservice which handles a given request. This makes it easy to understand the end-to-end flow of a request, regardless of whether you are using a monolithic or distributed system.

Documentation
Error Tracking minimal

Error tracking allows developers to easily discover and view the errors that their application may be generating. By surfacing error information where the code is being developed, efficiency and awareness can be increased.

Documentation
Continuous Verification planned

TBD

Product Analytics minimal
Documentation
protect

Protect

GitLab logo github logo
Container Scanning viable

Check Docker images for known vulnerabilities in the application environment. Analyze image contents against public vulnerability databases using the open source tool, Clair, that is able to scan any kind of Docker (or App) image. Vulnerabilities are shown in-line with every merge request.

Documentation
Security Orchestration minimal

Unified security policy management capabilities across all of GitLab’s scanners and security technologies. Apply policies to enforce scans and to require security approvals when vulnerabilities are found.

Documentation
Planned: Not yet implemented in GitLab, but on our roadmap.
Minimal: Available in the product, and works in the recommended setup. Has utility to the user, but does not completely address the job-to-be-done, yet. Not to be used as a primary selling point, as capabilities are minimal. Suitable to replace the need for existing tools for new companies, departments, and teams.
Viable: Significant use at GitLab the company. CM Scorecard at least 3.14 for the job to be done (JTBD) when tested with internal users. No assessment of related jobs to be done. Suitable to replace the need for existing tools for new namespaces, projects, and environments.
Complete: GitLab the company dogfoods it exclusively. At least 100 customers use it. CM Scorecard score at least 3.63 for the identified JTBDs when tested with external users. Suitable to migrate from existing tools.
Lovable: CM score of at least 3.95 for the JTBD (and related JTBDs, if applicable) when tested with external users.
Open in Web IDE View source