ETR Insights presents a panel discussion between GitLab users, who position it favorably against GitHub for comprehensive DevSecOps workflows. Despite GitLab’s aspirations to be a unified solution, these IT leaders do still use complementary best-of-breed tools like JFrog, Snyk, Jenkins, and Bitbucket, though some subscribe to GitLab Ultimate to consolidate application security and compliance. GitLab’s AI coding assistant, while helpful, offers only limited integration with third-party systems like Atlassian Jira and Bitbucket; its value largely depends on how embedded GitLab’s other products are within a company’s tech stack. Panelists suggest that GitLab develop better internal developer portals and feature toggling, in particular for mobile apps. Learn more about improving continuous deployment through advanced observability; automated rollbacks; Infrastructure-as-Code integration; and opportunity for GitLab within small language models.

Vendors Mentioned: Amazon | Argo | Atlassian (Bitbucket, Jira) | Checkmarx | Cisco (Splunk) | Datadog | Dynatrace | GitLab | Google | Harness | HashiCorp (Terraform) | IBM | Jenkins | JFrog | Kubernetes | Maven | Microsoft (Copilot, GitHub) | New Relic | Salesforce (Tableau) | Selenium | ServiceNow | Snyk | Synopsys | Tabnine | Veracode

Watch the full panel recording then read the summary below.

GitLab’s Place in the Tech Stack and its AI Aspirations

Our panelists speak in detail about automated testing, deployment, and security, and GitLab’s robust pipeline management and integration capabilities. By consensus, GitLab here has a leg up on Microsoft’s GitHub. “We can build in CI/CD in GitLab, but we can't do this with GitHub, and we can do self-hosting with GitLab, but not with GitHub, because this is limited.” That said, despite GitLab “trying to be your main DevSecOps tooling,” our guests use it as part of a wider toolset—JFrog, Snyk, Jenkins, and Atlassian’s Bitbucket—bundled for comprehensive secure development operations. “Of course we are using Maven, and we are using Jenkins. We have Argo and Harness, for example, in the CI/CD space. GitLab is trying to [position itself] as the main cornerstone for all the components. But the reality is, based on mergers and acquisitions, based on different trajectory, and based on what is the best-of-the-breed type of capabilities, we select some of the tooling that is enabling us to deliver those kinds of things.”

One panelist describes GitLab as leading AI-enabled DevSecOps automation and overall developer productivity. “I would expect our investments in GitLab to be higher, primarily because of the benefits it can provide from a developer-productivity perspective.” Another senior engineer agrees; GitLab simplifies software management and increases developer efficiency. “GitLab [is] one-stop shopping, where one application and one toolset is able to integrate and provide a pretty seamless source management, continuous deployment, and continuous integration. Your builds, your testing, your automation deployment—it's sort of working out very nicely.” Their firm found measurable productivity gains switching from multiple fragmented tools to GitLab’s unified platform.

These executives are increasingly opting for GitLab’s highest-tier subscription, “Ultimate,” for its advanced security features, compliance tools, and AI-driven productivity. One Senior Director of IT Architecture hopes to integrate essential security functions into one platform for regulatory reasons. “We have some specific security controls that we need to go in and have. [GitLab] Ultimate brings many of the application security features that you can get from other vendors. That means consolidated from Checkmarx, Veracode, and Synopsys, at least the static testing and dynamic testing, the basic type of application security type of capabilities that you need to go in and get.” For them, however, GitLab’s AI-driven code generation is limited, particularly because it cannot integrate with multiple source control systems such as Bitbucket. Another executive mentions GitLab’s robust cybersecurity protection as key, cybersecurity mandate to make sure whatever we're putting out is secure. Every day more and more vulnerabilities are coming out, so we're able to use some of the security features to help remediate those vulnerabilities.”

On AI, several companies have already completed internal studies on how GitLab Duo improves coding efficiency; one director expects GitHub’s AI products will allow developers to identify and solve problems more proactively. However, GitLab Duo’s utility is contingent upon integration with GitLab's broader ecosystem, an issue for those using Atlassian Jira or ServiceNow. “It's around if you have the agile add-on from a GitLab—because it's an extra add-on that you need to pay for—then Duo is going to be bringing some value. If not, that is not the best option, or you're not going to be getting a lot of value out of that.” Another executive agrees, given their use of separate version control tools. “In my case, I will say one third of the value, I can get it, but the other two-thirds I am not going to be getting.”

ETR Data: In ETR’s February 2025 GitLab Drill Down survey (N=86), a fifth (21%) of respondents were currently using GitLab Duo and planned to continue its use, with another third (34%) indicating plans to evaluate or adopt the add-on subscription. However, 5% indicated they currently used Duo but planned to replace it, and another 39% either decided against adopting Duo following an evaluation period or had no plans to evaluate the feature at all.

Enterprise adoption of AI is hindered by fragmented tech stacks, and a sprawling history of mergers and acquisitions. Of technical note, GitLab did initially attempt to develop proprietary large language models, but reverted after six months to existing foundational models from the broader market. The differentiator, instead, lies in how smoothly these tools plug into development pipelines and support CI/CD. “The AI tool is an extra helper, a ‘copilot’ as we called it last year, and now ‘agentic.’ It is really an instrumental component, but it cannot be really the key driver for you to make a decision that you are going to be using GitLab, just because the AI tool is a little bit better. They have to be really great in the continuous integration, in the pipeline management and continuous deployment, in order for me to really entertain them. I never evaluate them really because of the AI capabilities itself.”

Comparing GitLab and GitHub

GitHub and GitLab are locked in a competitive battle within the DevOps landscape. GitHub, bolstered by Microsoft’s acquisition and its widely-adopted Copilot AI coding assistant, holds an edge on GitLab in ease of use, scalability, and its developer community, while GitLab offers a more unified approach, integrated source control, security, compliance, and continuous delivery in one comprehensive platform. This in contrast to “a bunch of different tools where you sort of have to niche and tie these things together,” says one executive “to make sure you're able to, at the end of the day, deliver code to [your] customers.” Another panelists says, “If the strategy is to get the core DevSecOps done correctly, I think GitLab is a better solution versus GitHub.” While GitLab continues to grow its footprint in the enterprise DevOps market, it must contend with GitHub’s deep integration and developer loyalty. “From a developer community, of course, GitHub, considering that you have an open-source, open Internet platform, you're going to be having more development community in that perspective.”

An opportunity for GitLab: better internal development portals, which could significantly improve collaboration, “not just provisioning that environment from a developer perspective and integrating with the IDE, but creating the entire knowledge and ecosystem.” One panelist recommended improvements in feature toggling for mobile app updates, specifically for streamlined A/B testing and blue-green deployments without requiring additional software releases. “That is really useful when you are talking about releasing, for example, to mobiles. Instead of getting into the approval process from Google or from Apple around new software that you need to release, you just toggle or feature flag that capability.” Here, GitLab is only in the early stages with advanced observability and continuous deployment features. “Having the ability to add my observability, my Infrastructure-as-Code, plus the software that I'm delivering, sandboxing and testing before going into production, and getting all those metrics to reduce the kind of errors that I can introduce into production. That's another area that is part of the software development life cycle, but they are not doing that much.”

Another panelist asks for better integration across multiple source code repositories. “Not every organization is able to consolidate all within GitLab.” A third suggests integration with observability platforms like Splunk, Dynatrace, New Relic, and Datadog to enable automated rollbacks of problematic code deployments. Finally, as using foundational LLMs is not a competitive differentiator, “Maybe the creation of small language models could be an interesting angle. It could be very interesting and very specific to coding, and that could be a competitive differentiator that customers could be willing to pay for.”

ETR Data: Respondents to the ETR GitLab Drill Down survey who used products from both GitLab and Microsoft GitHub (N=75) rated GitLab better to some degree than GitHub on its feature breadth, completeness as a DevSecOps platform, and security and compliance features. GitHub, on the other hand, received higher marks generally than GitLab in terms of its AI coding assistant (GitHub Copilot compared to GitLab Duo), its developer community, scalability, and value relative to cost.