Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review. The feature by feature comparison is below this table.

Additional Context Semmle GitLab
Ease of Use Has Variant Analysis, but first you have to manually define the problem before you can code a variant for future use. Uses multiple pre-defined industry leading standards to identify vulnerabilities.
Breadth of Application Highly customized standards that are specific to the enterprise/application. Broad visibility into common security vulnerabilities
Coding Standards Enforce compliance with internal coding standards Enforce compliance with defined coding standards
Expertise Needed For Variant Analysis, need specific knowledge of QL syntax to create any variant. Heavy use of custom regex mapped to internal coding standards Uses multiple pre-defined industry leading standards to identify vulnerabilities
Pattern maintenance One might need to further customize patterns for each application/scenario because the standards/taxonomy likely keeps changing from app to app and release to release Not applicable. No custom pattern definiton
Dependency Analysis Custom queries to ID dependencies Basic analysis is automated
Dead Code Analysis Basic dead code analysis has to be extended with domain specific knowledge Not currently supported

On September 18, 2019 GitHub acquired Semmle.