On This Page
- GitLab vs. GitHub Solutions to Common Technical Decision Maker (TDM) Problems
- GitLab DevSecOps Capabilities Missing in GitHub
- GitLab SAST vs GitHub Code Scanning
GitLab vs. GitHub Solutions to Common Technical Decision Maker (TDM) Problems
💚Complete Support 💛Partial Support 💔No Support
| TDM Problem | The DevOps Solution | GitLab | GitHub |
|---|---|---|---|
| Safeguarding against application attacks | Distinct Native Security Scanning | 💚 SAST, DAST, Fuzz-testing, Secret Scanning,Dependency Scanning, Container scanning, License Compliance and vulnerability management all in one for a single cost. |
💛 ⚠ Only SAST, Secret Scanning and Dependency Scanning. Additional Security Test and Scans require 3rd party plugins resulting in added cost and technical support and maintenance gaps. |
| Effectively assessing and managing security risk | Comprehensive Security Risk Indicators & Vulnerabilities Actions | 💚 Assess security posture (grade), sort and manage vulnerabilities, indicate risk associated with vulnerabilities (critical, high, medium and low). |
💛 ⚠ No security posture or vulnerability risk indicators which prevents a proper understanding of security risk. |
| Checking for security vulnerabilities when isolated from the Internet | Offline Security Scanning | 💚 Run GitLab Scanners on self-managed GitLab Instances that are installed on air-gapped environments. |
💔 ⚠ No native support for Security Scanning in offline deployments which introduces challenges in adhering to strict security protocols that require code building and testing in air-gapped environments. |
GitLab DevSecOps Capabilities Missing in GitHub
| GitLab Capability | Features |
|---|---|
| View all security issues in a single pane of glass within project context | Security Dashboard |
| Proactively scan for vulnerabilities | Dependency scanning, Container Scanning |
| Preview App before Merge to reduce defects, shorten development time | Preview changes with review apps. Environments Autostop for review apps |
| Security Test running applications | Dynamic Application Security Testing |
GitLab SAST vs GitHub Code Scanning
| GitHub Code Scanning | GitLab SAST | |
|---|---|---|
| Supported Languages | View Here | View Here |
| Predefined vulnerabilities | Yes | Yes |
| Number of predefined vulnerabilities | 2,000+ | Varies- Based on Scan Tool |
| Custom vulnerability definitions | Yes | Yes |
| Variant analysis | Yes | Yes |
| Display security results in pull/merge request | Yes | Yes |
| Schedule scans | Yes | Yes |
| Event triggered scans | Yes | No, planned |
| API Support | Yes | Yes |
| Auto SAST setup and configuration | No | Yes |
| Vulnerability Filtering based on threshold | No | Yes |
