GitLab Reviews & Ratings 2026 | Gartner Peer Insights

Name: GitLab
Rating: 4.4 (1439 reviews)

Overview

Product Information on GitLab

Updated 22nd November 2023

What is GitLab?

GitLab is a comprehensive AI-powered DevSecOps platform for software innovation. The GitLab DevSecOps platform includes all capabilities required to deliver secure software faster with a unified data store, including source code management, continuous integration and delivery, agile project and portfolio planning, GitOps, software supply chain security, compliance management, and value stream management. GitLab empowers customers to improve operational efficiency, reduce security and compliance risk, build high-performing teams, and accelerate cloud transformation to maximize the overall return on software development.

Overall experience with GitLab

CLOUD APPLICATION SECURITY ENGINEER

Gov't/PS/ED <5,000 Employees, Education

FAVORABLE

“Comprehensive Security Scanning and Governance Tools Noted in GitLab ASPM Experience”

4.0

Oct 17, 2025

Overall my experience with using GitLab's ASPM functionality has come from being in their Ultimate tier and it has pros and cons, but has been mostly positive. The integration into your pipelines and code is excellent. I did run into issues with noise and DAST authentication issues, but the platform helped us empower developers to handle security issues early on in their workflows.

There are no reviews in this category.

CRITICAL

Badges

Gartner Peer Insights recognizes vendors who meet or exceed both the market average Overall Experience and the market average User Interest and Adoption score through a Customers’ Choice distinction.

For Market:
Application Security Posture Management (ASPM) Tools

About Company

Company Description

GitLab is a comprehensive AI-powered DevSecOps platform for software innovation. As a software delivery platform for development, security, and operations teams, GitLab brings security and compliance to AI-powered workflows throughout the software delivery lifecycle, helping customers deliver secure software faster. GitLab Duo, the company’s suite of AI capabilities, improves team collaboration and reduces the security and compliance risks of AI adoption by bringing the entire software development lifecycle into a single AI-powered application that is privacy-first. With GitLab, customers can visualize their end-to-end value streams, boost developer productivity with out-of-the-box analytics, and secure their software supply chain with SAST, DAST, secret detection, container scanning, and API testing. It enables organizations to increase developer productivity, improve operational efficiency, and accelerate cloud transformations to maximize the overall return on software development.

Company Details

Company type

Public

Year Founded

2014

Head office location

United States

Number of employees

1001 - 5000

Website

https://about.gitlab.com/

Do You Manage Peer Insights at GitLab?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About GitLab

Reviewer Insights for: GitLab

Deciding Factors: GitLab Vs. Market Average

Performance of GitLab Across Market Features

GitLab Likes & Dislikes

1. Native DevSecOps Integration: With the ASPM functionality natively embedded in the Ultimate tier, you can tie it directly into your CI/CD pipelines, merge request workflows, and the scanning tools that come along with it (SAST, DAST, dependency scanning) as well as some excellent dashboards with reduced context switching. 2. Comprehensive scan coverage & release gates: The ability to have multiple scanners, both those provided by GitLab and ones I choose to bring in, and to have all of those give guardrails like blocking merge results if certain findings are detected all within one pipeline is a breath of coverage that is hard to find. 3. Security Dashboards, Visibility & Governance Features: The security dashboards that are visible at project and group level, as well as the overall vulnerability reports, compliance center, all provide the ability to see your security posture across multiple projects which is a must for any organization that is held to a compliance or governance standard.

What I like most about GitLab is its all in one platform that integrates code management, issue tracking, and CI/CD pipelines seamlessly. This helps our team efficiently validate releases, track bugs, and deploy updates without switching between multiple tools. The mearge requiest process provides excellent transparency in code change, making testing and verification much smoother. Its automation features save time and reduce manual effort, ensuring faster, more reliable releases and better collaboration between QA and developers teams.

Best part about gitlab is how much it consolidates into one platform. Instead of jumping between tools for code reviews, security scans and project tracking everything is right there in a single interface. Transparency in Gitlab is really good.

1. Noise and Duplicate Findings: Correlating findings across projects can be difficult if you don't have dedicated analysts, especially in the early onboarding phases when the scanners are being properly tuned. Duplicate findings can also be a problem when multiple branches of the same project are being scanned. 2. Customization & Filtering Limitations: When issues are filtered and scored there are too many limitations, specifically with refining dashboards as well as grouping vulnerabilities. 3. Lack of Contextual Prioritization: Unlike other ASPM tools, GitLab doesn't do the best job of explaining and understanding why a finding is prioritized and the actual exploitability of a vulnerability is minimal.

GitLab is a powerfull but has some challenges. It can slow down when handling large repositories or multiple pipelines, impacting testing speed. The interface is complex for new users, making navigation harder initially. Also notification for merge requests or pipeline updates are sometimes delayed, affecting timely coordination during release cycle.

Some features feel a bit heavy or overwhelming, especially for teams that don't use the full GitLab ecosystem. UI gets cluttred at times, and navigating certain settings. Upgrades on self hosted version also require careful planning as a single version jump can occasionally break older pipeline configurations. None of these are deal breakers but they do slow down things at times.

Top GitLab Alternatives

4.6

(84 Ratings)

4.6

(63 Ratings)

4.5

(56 Ratings)

View All Alternatives

Peer Discussions

What Your Peers Are Saying About GitLab

Director of Information Security

Best Practices to create a SBOM with EOS/EOL Timeline to aid vulnerability remediation (currently use GitLab as our pipeline and Nexus repository).

Group Director of Information Security

It's a 5-step process which you will need to correlate for your environment. 1. Integrate dependency scanners (e.g., GitLab's built-in scanner, Trivy, Snyk, OWASP Dependency-Check or your existing Nexus repo) to flag outdated dependencies and use GitLab’s security dashboard to monitor deprecated packages. 2. Set up GitLab CI/CD rules to fail builds if EOL/EOS dependencies are detected and enforce allow/block lists for dependencies using GitLab’s security policies. 3. Configure GitLab to generate reports when a dependency is approaching its EOL and see if you can use GitLab’s webhook integrations to notify security teams via Slack, email, or Jira. 4. Implement dependency auto-updating tools (e.g., Renovate, Dependabot) to replace (identified & manually verified) EOL/EOS components. If no direct upgrade path exists, isolate the outdated component via containerization or sandboxing. 5. Maintain a historical record of all SBOMs and EOL/EOS alerts for compliance audits (ISO 27001, NIST, etc.). Regularly conduct security reviews using GitLab’s security reports.

See Full Discussion

22 Feb 2025465 Views1 Comment

IT Analyst

What has been your experience utilizing GITLAB (not GITHUB) to implement CI/CD for Athena and AWS GLUE, specifically for a process to transfer changes in Athena Views from the development environment to production?

CTO

We have used gitlab CI CD pipelines using terraform for all AWS resources, not athena or glue specifically though.

See Full Discussion

18 May 20231.1k Views1 Comment

GitLab Reviews and Ratings

Showing data for 36 ratings and reviews for Application Security Posture Management (ASPM) Tools market. View all 1439 ratings and reviews across markets for a complete picture.

4.4

(36 Ratings)

Rating Distribution

5 Star: 44%
4 Star: 56%
3 Star: 0%
2 Star: 0%
1 Star: 0%

Customer Experience

Evaluation & Contracting

4.4

Integration & Deployment

4.6

Service & Support

4.5

Product Capabilities

4.5

Filter Reviews

Sort By:

Most helpful

Last 12 Months

Star Rating

Reviewer Type

Reviewer's Company Size

Reviewer's Industry

Reviewer's Region

Reviewer's Job Function

CLOUD APPLICATION SECURITY ENGINEER
Gov't/PS/Ed
Education
Review Source
Comprehensive Security Scanning and Governance Tools Noted in GitLab ASPM Experience
4.0
Oct 17, 2025
Overall my experience with using GitLab's ASPM functionality has come from being in their Ultimate tier and it has pros and cons, but has been mostly positive. The integration into your pipelines and code is excellent. I did run into issues with noise and DAST authentication issues, but the platform helped us empower developers to handle security issues early on in their workflows.
IT MANAGER
<50M USD
IT Services
Review Source
GitLab Enhances Collaboration Yet Faces Performance and Usability Challenges for Teams
4.0
Nov 8, 2025
My overall experience with GitLab has been excellent. it plays a crucial role in managing our product lifecycle. GitLab makes it easy to track issues, validate release builds, and collaboration efficiently with developers. The CI/CD pipelines save time during development on customer setups, while merge requests help maintain code quality. It has improved our testing visibilty and release accuracy. Overall, GitLab has enhanced productivity, teamwoprk and the overall efficiency of our QA and development processes.
TSE
50M-1B USD
IT Services
Review Source
Reliable DevOps Platform with great visibility over the development cycle
4.0
Nov 28, 2025
Gitlab is one of the most reliable parts of my development workflow. I started using it just for source control but over time we have shift most of our CI/CD and project tracking into it. Platform stays consistent, runs without needing constant fixes. Helped a lot in bringing clarity to release process.
MANAGER
1B-10B USD
Miscellaneous
Review Source
Open Platform Features Make GitLab Accessible and Versatile for Developers Worldwide
5.0
Nov 27, 2025
GitLab is truly a diverse platform that lets you input, keep, review and share programming pieces on the spot. Since it is an open platform, anyone can access it. That is what makes it versatile and very user-friendly, smooth and widely accessible. It also stands out as the library is very well distributed across the web - if you are unsure and are looking for a piece of advice on programming, you will find this platform taking most of your headaches away. Created to be shared with and by professionals in the field, it benefits both the professionals and newbies in programming.
ENGINEER
<50M USD
IT Services
Review Source
GitLab Integrates Security Tools Seamlessly But Advanced Features Require Ultimate Tier
4.0
Dec 1, 2025
For organizations, GitLab offers a highly comprehensive and automated security experience. Its core strength lies in its "Single Application" architecture, which tightly integrates security, CI/CD, and version control.

...

Showing Result 1-5 of 36

GitLab