Azure DevOps has Application security available through integration with partner products. They have no built-in tools to do SAST, DAST, Container scanning, dependency scanning, or Open Source license compliance scanning.
In Azure DevOps, the results from non-built-in security scanning tools are not all available from the Merge/Pull Request or pipeline run, and the results are not formatted and presented consistently across the tools.
You can integrate other tools to Azure Pipelines, but you have to install and maintain each one separately. And every integrated tool (plugin) has a different required configuration to be learned and done. If not using OSS tools, then there is an additional licensing cost for each new tool.
GitLab offers extensive built-in application security scanning.