GitLab Reviews & Ratings 2026 | Gartner Peer Insights

Name: GitLab
Rating: 4.4 (1430 reviews)

Overview

Product Information on GitLab

Updated 22nd November 2023

What is GitLab?

GitLab is a comprehensive AI-powered DevSecOps platform for software innovation. The GitLab DevSecOps platform includes all capabilities required to deliver secure software faster with a unified data store, including source code management, continuous integration and delivery, agile project and portfolio planning, GitOps, software supply chain security, compliance management, and value stream management. GitLab empowers customers to improve operational efficiency, reduce security and compliance risk, build high-performing teams, and accelerate cloud transformation to maximize the overall return on software development.

Overall experience with GitLab

It Security & Risk Management Associate

50M - 250M USD, Consumer Goods

FAVORABLE

“The Definitive DevSecOps Platform for Securing the Supply Chain on the GCP”

5.0

Jan 27, 2026

Transitioning to GitLab Ultimate has fundamentally shifted our posture from "reactive patching" to "proactive supply chain security". As an organisation heavily invested in the Google ecosystem, the ability to consolidate source code management, CI/CD and security scanning into a single platform has significantly reduced our operational overhead.

IT ASSOCIATE

3B - 10B USD, Retail

CRITICAL

“Exploring Vulnerability Scanning and Resolution on GitLab”

3.0

Nov 15, 2024

GitLab has decent vulnerability scanning features by incorporating the functionality built-in Gitlab CI/CD job configurations. Helps scan container images, package dependencies, and licensed included programming code. Providing a vulnerability report, severity and also recommendations to resolve is pretty handy.

Badges

Gartner Peer Insights recognizes vendors who meet or exceed both the market average Overall Experience and the market average User Interest and Adoption score through a Customers’ Choice distinction.

For Market:
DevOps Platforms (Transitioning to DevSecOps Platforms)

For Market:
Application Security Posture Management (ASPM) Tools

About Company

Company Description

GitLab is a comprehensive AI-powered DevSecOps platform for software innovation. As a software delivery platform for development, security, and operations teams, GitLab brings security and compliance to AI-powered workflows throughout the software delivery lifecycle, helping customers deliver secure software faster. GitLab Duo, the company’s suite of AI capabilities, improves team collaboration and reduces the security and compliance risks of AI adoption by bringing the entire software development lifecycle into a single AI-powered application that is privacy-first. With GitLab, customers can visualize their end-to-end value streams, boost developer productivity with out-of-the-box analytics, and secure their software supply chain with SAST, DAST, secret detection, container scanning, and API testing. It enables organizations to increase developer productivity, improve operational efficiency, and accelerate cloud transformations to maximize the overall return on software development.

Company Details

Company type

Public

Year Founded

2014

Head office location

United States

Number of employees

1001 - 5000

Website

https://about.gitlab.com/

Do You Manage Peer Insights at GitLab?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

Reviewer Insights for: GitLab

Performance of GitLab Across Market Features

GitLab Likes & Dislikes

The integration between GitLab CI/CD and GCP via Workload Identity Federation is a game-changer for us. We no longer rotate static Service Account JSON keys; instead we rely on short-lived OICD tokens for our pipelines to authenticate with Google Cloud, which drastically reduces our attack surface. Furthermore, the automated SBOM generation and Dependency Scanning are exceptional.

Single UI solution to scan, report review and resolve.

its feasibility and we can organize our code or process in this evenly and that won't cause any problem and highly secured .

The cost jump from the Premium to Ultimate tier is high. It was a hard sell to the finance people, even if the value was there.

Maintenance of software compliance related cicd jobs is tricky. Require more granular level user permissions required to trigger the jobs across shared GitLab projects

There is no major dislike in this. The only thing is it may be tough while we are learning it for the first time .

Top GitLab Alternatives

4.4

(111 Ratings)

4.5

(16 Ratings)

(13 Ratings)

View All Alternatives

Peer Discussions

What Your Peers Are Saying About GitLab

Director of Information Security

Best Practices to create a SBOM with EOS/EOL Timeline to aid vulnerability remediation (currently use GitLab as our pipeline and Nexus repository).

Group Director of Information Security

It's a 5-step process which you will need to correlate for your environment. 1. Integrate dependency scanners (e.g., GitLab's built-in scanner, Trivy, Snyk, OWASP Dependency-Check or your existing Nexus repo) to flag outdated dependencies and use GitLab’s security dashboard to monitor deprecated packages. 2. Set up GitLab CI/CD rules to fail builds if EOL/EOS dependencies are detected and enforce allow/block lists for dependencies using GitLab’s security policies. 3. Configure GitLab to generate reports when a dependency is approaching its EOL and see if you can use GitLab’s webhook integrations to notify security teams via Slack, email, or Jira. 4. Implement dependency auto-updating tools (e.g., Renovate, Dependabot) to replace (identified & manually verified) EOL/EOS components. If no direct upgrade path exists, isolate the outdated component via containerization or sandboxing. 5. Maintain a historical record of all SBOMs and EOL/EOS alerts for compliance audits (ISO 27001, NIST, etc.). Regularly conduct security reviews using GitLab’s security reports.

See Full Discussion

22 Feb 2025457 Views1 Comment

IT Analyst

What has been your experience utilizing GITLAB (not GITHUB) to implement CI/CD for Athena and AWS GLUE, specifically for a process to transfer changes in Athena Views from the development environment to production?

CTO

We have used gitlab CI CD pipelines using terraform for all AWS resources, not athena or glue specifically though.

See Full Discussion

18 May 20231.1k Views1 Comment

GitLab Reviews and Ratings

Showing data for 9 ratings and reviews for Software Supply Chain Security market. View all 1430 ratings and reviews across markets for a complete picture.

4.2

(9 Ratings)

Rating Distribution

5 Star: 33%
4 Star: 33%
3 Star: 33%
2 Star: 0%
1 Star: 0%

Customer Experience

Evaluation & Contracting

3.6

Integration & Deployment

4.3

Service & Support

3.8

Product Capabilities

4.1

Filter Reviews

Sort By:

Most helpful

Last 12 Months

Star Rating

Reviewer Type

Reviewer's Company Size

Reviewer's Industry

Reviewer's Region

Reviewer's Job Function

It Security & Risk Management Associate
50M-1B USD
Consumer Goods
Review Source
The Definitive DevSecOps Platform for Securing the Supply Chain on the GCP
5.0
Jan 27, 2026
Transitioning to GitLab Ultimate has fundamentally shifted our posture from "reactive patching" to "proactive supply chain security". As an organisation heavily invested in the Google ecosystem, the ability to consolidate source code management, CI/CD and security scanning into a single platform has significantly reduced our operational overhead.
RPA DEVELOPER
50M-1B USD
IT Services
Review Source
Decoding the Assurance of Security in SAC Tool
4.0
Dec 8, 2024
I have been working on this tool for a few months SAC is nothing but a security certificate that assures this tool is very secure and protected to their users.
IT ASSOCIATE
1B-10B USD
Retail
Review Source
Exploring Vulnerability Scanning and Resolution on GitLab
3.0
Nov 15, 2024
GitLab has decent vulnerability scanning features by incorporating the functionality built-in Gitlab CI/CD job configurations. Helps scan container images, package dependencies, and licensed included programming code. Providing a vulnerability report, severity and also recommendations to resolve is pretty handy.
RPA Developer
50M-1B USD
IT Services
Review Source
Exploring the Challenges and Solutions of Overlapping Code Commits
5.0
Sep 16, 2024
very helpful in code management and very secure with the access for users and customers during project handover
IT Services Associate
<50M USD
IT Services
Review Source
Navigating Smoothly: Commits and Branch Management Features
5.0
May 22, 2024
Throughout the usage of this product, i have used numerous features that i found to be very useful. Fixing merge conflicts right on the website is very convenient. Also scouring through the commits and branches is very easy and overall, i find the UI/UX great.

Showing Result 1-5 of 10

Recommended Gartner Research

Market Guide for Software Supply Chain Security

GitLab