このページの情報は古くなっている可能性があります。 最新の情報は 本家サイト でご確認ください。
Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review. The feature by feature comparison is below this table.
| Additional Context | Semmle | GitLab |
|---|---|---|
| Ease of Use | Has Variant Analysis, but first you have to manually define the problem before you can code a variant for future use. | Uses multiple pre-defined industry leading standards to identify vulnerabilities. |
| Breadth of Application | Highly customized standards that are specific to the enterprise/application. | Broad visibility into common security vulnerabilities |
| Coding Standards | Enforce compliance with internal coding standards | Enforce compliance with defined coding standards |
| Expertise Needed | For Variant Analysis, need specific knowledge of QL syntax to create any variant. Heavy use of custom regex mapped to internal coding standards | Uses multiple pre-defined industry leading standards to identify vulnerabilities |
| Pattern maintenance | One might need to further customize patterns for each application/scenario because the standards/taxonomy likely keeps changing from app to app and release to release | Not applicable. No custom pattern definiton |
| Dependency Analysis | Custom queries to ID dependencies | Basic analysis is automated |
| Dead Code Analysis | Basic dead code analysis has to be extended with domain specific knowledge | Not currently supported |
On September 18, 2019 GitHub acquired Semmle.