GitLab DevSecOps Capabilities Missing in GitHub
| GitLab Capability | Features |
|---|---|
| View all security issues in a single pane of glass within project context | Security Dashboard |
| Proactively scan for vulnerabilities | Dependency scanning, Container Scanning |
| Preview App before Merge to reduce defects, shorten development time | Preview changes with review apps. Environments Autostop for review apps |
| Security Test running applications | Dynamic Application Security Testing |
GitLab SAST vs GitHub Code Scanning
| GitHub Code Scanning | GitLab SAST | |
|---|---|---|
| Supported Languages | View Here | View Here |
| Predefined vulnerabilities | Yes | Yes |
| Number of predefined vulnerabilities | 2,000+ | Varies- Based on Scan Tool |
| Custom vulnerability definitions | Yes | Yes |
| Variant analysis | Yes | Yes |
| Display security results in pull/merge request | Yes | Yes |
| Schedule scans | Yes | Yes |
| Event triggered scans | Yes | No, planned |
| API Support | Yes | Yes |
| Auto SAST setup and configuration | No | Yes |
| Vulnerability Filtering based on threshold | No | Yes |
