In July 2020, GitHub announced Dependency Insights for open source dependencies. The table below draws a comparison between how GitHub and GitLab provide insights and security for projects that rely on open source dependencies.
| Feature | GitHub | GitLab |
|---|---|---|
| License Compliance | Yes | Yes |
| Dependency Risk Advisor | Yes | Yes |
| Open Source Dependency Overview/Summary Page | Yes | No |
| Automatic Dependency Risk Remediation | Yes (Dependabot) | Yes |
| Dependency Vulnerability Detection | Yes | Yes |
| Dependency Vulnerability Alerting | Yes | No |
| Curated List of Security Vulnerability | Yes | Yes |
| Compatibility Score (to determine if updating a vulnerability could cause a problems in your project) |
Yes | No |
| Vulnerability Description | Yes | Yes |
| Dependency Vulnerability Database | Yes | Yes |
| Create a Merge/Pull Request to fix Dependency Vulnerability | Yes | Yes |
| Create an Issue from a Dependency Vulnerability | No | Yes |
| View Dependency Vulnerabilities by Severity | Yes | Yes |
| Customize Dependency Scanning | No | Yes |
| Filter Dependency Vulnerability for easy viewing | Yes | Yes |
