In July 2020, GitHub announced Dependency Insights for open source dependencies. The table below draws a comparison between how GitHub and GitLab provide insights and security for projects that rely on open source dependencies.
Feature | GitHub | GitLab |
---|---|---|
License Compliance | Yes | Yes |
Dependency Risk Advisor | Yes | Yes |
Open Source Dependency Overview/Summary Page | Yes | No |
Automatic Dependency Risk Remediation | Yes (Dependabot) | Yes |
Dependency Vulnerability Detection | Yes | Yes |
Dependency Vulnerability Alerting | Yes | No |
Curated List of Security Vulnerability | Yes | Yes |
Compatibility Score (to determine if updating a vulnerability could cause a problems in your project) |
Yes | No |
Vulnerability Description | Yes | Yes |
Dependency Vulnerability Database | Yes | Yes |
Create a Merge/Pull Request to fix Dependency Vulnerability | Yes | Yes |
Create an Issue from a Dependency Vulnerability | No | Yes |
View Dependency Vulnerabilities by Severity | Yes | Yes |
Customize Dependency Scanning | No | Yes |
Filter Dependency Vulnerability for easy viewing | Yes | Yes |