GitLab Commit Virtual is here. Register Now for our 24 hour immersive DevOps experience.
Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Prisma Cloud vs. GitLab

On this page

GitLab-Prisma Cloud Comparison Infographic

This summary infographic compares Prisma Cloud and GitLab across several DevOps Stages and Categories.

GitLab Prisma Cloud Comparison Chart

Summary

Twistlock was recently acquired by Palo Alto and subsequently rebranded as Prisma Cloud. Prisma Cloud plays in several categories that overlap with GitLab and can be positioned as both a partner and a competitor. Pricing is based on the number of “workload” (aka. pods) that are protected.

Software Composition Analysis

  • GitLab Direction
    • Strengths
      • Integrated security as part of DevOps workflow for all developers
      • High-quality container security by leveraging all the latest feeds for vulnerabilities
      • Security leadership by being a CVE Numbering Authority
      • End-to-end DevOps offering from SCM to CI to CD to Security and more
    • Gaps
      • Requires users to use GitLab for CI if they are not already
  • Prisma Cloud Details
    • Strenghts
      • Provides a basic analysis of installed packages vs. known CVEs
      • Nice, clean UX and design
    • Gaps
      • Does not provide a full suite of code scanning to adequately detect all vulnerabilities - no SAST or DAST
      • Shifting left and integrating with SCM tools requires an integration to be built with their APIs and does not exist natively

Vulnerability Management

  • GitLab
    • Strenghts
      • One tool - vulnerability management is integrated out-of-the-box
      • Visualizes data from all of GitLab’s scanning engines, including DAST, SAST, and SCA
    • Gaps
      • Current functionality is new and lacks features
      • Risk assessment capabilities do not exist and priorities do not take into context the configuration of the container, which could mitigate some vulnerabilities
  • Prisma Cloud
    • Strenghts
      • Capable of enforcing policy rules and preventing vulnerable code from running
      • Good visualization of a complex risk analysis
      • Capable of showing CVE severity together with the container’s actual exposure to the specific attack
    • Gaps
      • Lacks good scanners to identify vulnerabilities
      • Not natively integrated with SCM tools - an API is available but the integration has to be built into CI/CD
      • Limited to containerized applications

Container Security

  • GitLab Direction
    • Strengths
      • ICurrent functionality provides a respectable baseline of security (Web application firewall, container Network Policies, container host monitoring)
      • All capabilities are currently available in core (Note: future capabilities will likely be added in a paid tier)
    • Gaps
      • Ability to block/prevent activity is currently limited
      • Although the GitLab roadmap is robust, as of today there are several large feature/functionality gaps
  • Prisma Cloud Details
    • Strenghts
      • Extensive set of features and capabilities
      • “Radar” capability gives a wow factor in visualizing the network
      • Protection for serverless code
    • Gaps
      • Pricing model can get expensive fast with lots of containers
      • Behind the nice UX, the solution is hard to manage. One Prisma Cloud user reported needing a team of 4-5 to operate it running in production.

How to position GitLab

Prisma Cloud is a decent choice if the customer only needs basic vulnerability scanning; however, to properly secure their applications, they should consider a solution that includes good SAST and DAST scanners. Rather than using separate scanners to meet their needs, it will be much simpler and easier to use GitLab, which both has a wide range of scanning capabilities as well as a native integration with SCM. Additionally, GitLab is a Niche player in the Gartner Magic Quadrant for AST.

When positioning as a competitor, highlight that their vulnerability management tool only intakes data from a very limited source: known CVEs. This leaves them blind to other vulnerabilities that may be identified through SAST or DAST scans. Rather than integrating Prisma Cloud as a separate product into CI/CD pipeline jobs, it will be much easier for customers to just use the built-in vulnerability management capabilities of GitLab that come available out-of-the-box.

Prisma Cloud can be positioned as a partner with GitLab, as it is possible to feed their scan results into GitLab and combine them with the results from other GitLab scans.

Prisma Cloud is expensive, while much of the current feature set that GitLab provides is available for free. Additionally, the heavy operational maintenance burden of Prisma Cloud further adds to the cost. If what GitLab provides today can be considered ‘good enough’, then customers can potentially save a huge amount of money.

Comparison

FEATURES

Easy integration of existing Kubernetes clusters

Add your existing Kubernetes cluster to your project, and easily access it from your CI/CD pipelines to host Review Apps and to deploy your application.

Read more on the issue

Custom header and footer system message in web and email

Include custom header and footer system messages throughout GitLab and in emails.

Read about Custom header and footer system message in web and email

Static Application Security Testing

GitLab allows easily running Static Application Security Testing (SAST) in CI/CD pipelines; checking for vulnerable source code or well known security bugs in the libraries that are included by the application. Results are then shown in the Merge Request and in the Pipeline view. This feature is available as part of Auto DevOps to provide security-by-default.

Learn more about Static Application Security Testing

supports 18 languages

Vulnerability Database available for viewing and is accepting contributions

Our vulnerability database project can now be viewed, and enhanced by anyone.

Learn more about contributing to the vulnerability database

Dependency Scanning

GitLab automatically detects well known security bugs in the libraries that are included by the application, protecting your application from vulnerabilities that affect dependencies that are used dynamically. Results are then shown in the Merge Request and in the Pipeline view. This feature is available as part of Auto DevOps to provide security-by-default.

Learn more about Dependency Scanning

Container Scanning

When building a Docker image for your application, GitLab can run a security scan to ensure it does not have any known vulnerability in the environment where your code is shipped. Results are then shown in the Merge Request and in the Pipeline view. This feature is available as part of Auto DevOps to provide security-by-default.

Learn more about container scanning

Dynamic Application Security Testing

Once your application is online, GitLab allows running Dynamic Application Security Testing (DAST) in CI/CD pipelines; your application will be scanned to ensure threats like XSS or broken authentication flaws are not affecting it. Results are then shown in the Merge Request and in the Pipeline view. This feature is available as part of Auto DevOps to provide security-by-default.

Learn more about application security for containers

Interactive Application Security Testing

IAST combines elements of static and dynamic application security testing methods to improve the overall quality of the results. IAST typically uses an agent to instrument the application to monitor library calls and more. GitLab does not yet offer this feature.

Cloud Native Network Firewall

Cloud native network firewall provides container-level network micro segmentation which isolates container network communications to limit the “blast radius” of compromise to a specific container or microservice. A container-aware virtual firewall that utilizes machine learning to automatically identify valid traffic flows between app components in your cluster. Limits damage by preventing attackers from moving through your environment when they have already compromised one part of it.

Vulnerability Management

GitLab’s vulnerability management is about ensuring assets and applications are scanned for vulnerabilities. It also includes the processes to record, manage, and mitigate those vulnerabilities.

Vulnerability management helps identify meaningful sets of vulnerabilities, in both your assets and application code, that can be mitigated, managed, and acted upon by your whole team—not just the security organization. It also provides a unified interface to the systems teams are already using for managing results from the ~”devops::secure” stage so there is always a single source of truth and single place for managing security results.

Learn more about Vulnerability Management

Automated Accessibility scanning of Review Apps

Performing accessibility testing is important in order to ensure you’re serving all the users who use your products. In GitLab you can generate Accessibility reports automatically prior to merging into master.

Learn more about Autoamted Accessibility scanning

License Compliance

Check that licenses of your dependencies are compatible with your application, and approve or deny them. Results are then shown in the Merge Request and in the Pipeline view.

Learn more about License Compliance

Web Application Firewall (WAF) Statistics Reporting

Enjoy better visibility of your WAF’s effectiveness with information about the total and blocked traffic amounts from a convenient new Threat Monitoring page under the Security & Compliance menu.

Learn more about WAF Statistics Reporting

Network Policies for Container Network Security

Network Policies can be installed into GitLab managed Kubernetes clusters to limit communication with Kubernetes pods and the Internet.

Learn more about Container Network Security

Compliance Dashboard

Compliance management within GitLab is easier with an aggregate view of all project activity. View the compliance status of your group in a fast, simple way. Easily spot when projects are out of compliance and take informed actions to remediate any issues.

Learn more about Compliance Dashboard

Container Host Monitoring and Blocking

“With Container Host Monitoring, you can monitor running containers for malicious or unusual activity. This includes process starts, file changes, or opened network ports. You can also block or prevent these activities from occurring.”

Learn more about Container Host Monitoring and Blocking

If you feel there are inaccurate statements in this comparison or a tool missing, please edit this page or propose edits by opening an issue. You can also send an email to devopstools@gitlab.com with your suggested edits if you're unable to open an issue or edit this page.

We strive for technical accuracy and will review and update this post for inaccuracies as quickly as possible.

GitLab is the trademark of GitLab, Inc. All other logos and trademarks are the logos and trademarks of their respective owners.

Try GitLab Ultimate risk-free for 30 days.

No credit card required. Have questions? Contact us.

Try GitLab risk-free for 30 days.

No credit card required. Have questions? Contact us.

Gitlab x icon svg