Gitlab hero border pattern left svg Gitlab hero border pattern right svg
Decision Kit
Decision Kit

GitLab vs GitHub Insights and Security for Open Source Dependencies

In July 2020, GitHub announced Dependency Insights for open source dependencies. The table below draws a comparison between how GitHub and GitLab provide insights and security for projects that rely on open source dependencies.

Feature GitHub GitLab
License Compliance Yes Yes
Dependency Risk Advisor Yes Yes
Open Source Dependency Overview/Summary Page Yes No
Automatic Dependency Risk Remediation Yes (Dependabot) Yes
Dependency Vulnerability Detection Yes Yes
Dependency Vulnerability Alerting Yes No
Curated List of Security Vulnerability Yes Yes
Compatibility Score
(to determine if updating a vulnerability could cause a problems in your project)
Yes No
Vulnerability Description Yes Yes
Dependency Vulnerability Database Yes Yes
Create a Merge/Pull Request to fix Dependency Vulnerability Yes Yes
Create an Issue from a Dependency Vulnerability No Yes
View Dependency Vulnerabilities by Severity Yes Yes
Customize Dependency Scanning No Yes
Filter Dependency Vulnerability for easy viewing Yes Yes