On the penultimate day of the NCSC For Startups programme, there was an ad hoc discussion on code repositories and DevOps tooling. A couple of the cohort were long-time GitHub users, while we use a self-hosted version of GitLab. One of the teams had just moved from the latter to the former, while the final team used Azure DevOps. I thought it would be nice to write up an objective look at the first two options, along with alternatives, as well as summarise our decision. I didn’t want to cover Azure DevOps as I’ve just spent two years using it and I’m grateful to have escaped its clutches. Learn more here.

Introduction

When comparing SaaS (Software as a Service) GitHub with self-hosted GitLab, it’s important to consider various factors from different perspectives such as functionality, ease of use, cost, security, and customization options. Here’s a comprehensive analysis covering all angles.

Contents

SaaS GitHub

Pluses

1. Ease of Setup and Maintenance: Being a SaaS product, GitHub requires no installation or maintenance from the user’s end. This can be a significant advantage for teams without dedicated IT support.
2. Reliability and Uptime: GitHub, managed by a dedicated team, generally offers high reliability and uptime, which is crucial for continuous development and collaboration.
3. Community and Ecosystem: GitHub has a vast community, making it easier to find integrations, plugins, and community support. It’s also the de facto standard for open source projects, offering excellent visibility.
4. Continuous Updates: As a SaaS product, GitHub is continuously updated with the latest features and security patches without any effort required from the user.

Minuses

1. Cost: GitHub can be more expensive in the long run, especially for larger teams requiring advanced features.
2. Limited Control: Users have limited control over the infrastructure and deeper customization options.
3. Dependence on Internet Connectivity: Being cloud-based, GitHub requires a stable internet connection for access.
4. Data Privacy Concerns: Some organizations might have concerns about storing their code on external servers due to privacy and security regulations.

Self-Hosted GitLab

Pluses

1. Complete Control: Self-hosting GitLab provides full control over the server and infrastructure, allowing for extensive customization and integration with internal systems.
2. Enhanced Privacy and Security: Sensitive data stays within the organization’s controlled environment, which is crucial for compliance with certain privacy regulations.
3. Cost-Effective for Large Teams: For large organizations, self-hosting can be more cost-effective in the long run.
4. Offline Accessibility: Self-hosted solutions can be accessed without an internet connection, which can be beneficial in certain environments.

Minuses

1. Setup and Maintenance: Requires dedicated IT resources for setup, maintenance, and updating the server, which can be resource-intensive.
2. Scalability Challenges: Scaling the infrastructure as the team grows requires additional planning and resources.
3. Potentially Lower Uptime: Depending on the organization’s IT capability, uptime and reliability can be less than what’s offered by SaaS solutions.
4. Delayed Updates: Updates need to be manually implemented, which can delay access to new features and pose security risks if not managed promptly.

Table of Comparison

And here’s a comparison of SaaS GitHub and self-hosted GitLab in a tabular format for easy reference.

Comparison Criteria	SaaS GitHub	Self-Hosted GitLab
Setup and Maintenance	No installation or maintenance required.	Requires setup, maintenance, and updating by the organization’s IT team.
Cost	Can be expensive for larger teams and advanced features.	Potentially more cost-effective for large organizations in the long term.
Control and Customization	Limited control over infrastructure; limited customization options.	Full control over server and infrastructure; extensive customization options.
Reliability and Uptime	Generally high reliability and uptime, managed by a dedicated team.	Dependent on the organization’s IT capabilities; could have lower uptime.
Community and Ecosystem	Large community, easy to find support, plugins, and integrations. High visibility for open-source.	Smaller community compared to GitHub; depends on internal resources for support and integrations.
Updates	Continuous and automatic updates for features and security.	Updates need to be manually implemented, which can lead to delays.
Data Privacy and Security	Data stored on external servers, which might not comply with certain privacy regulations.	Enhanced data privacy as sensitive data stays within the organization’s environment.
Internet Dependency	Requires a stable internet connection for access.	Can be accessed offline, beneficial in certain environments.
Scalability	Scalability managed by GitHub, generally seamless for users.	Scaling requires additional planning and resources from the organization.
Ideal Use Case	Suited for small to medium-sized teams, open-source projects, and those requiring minimal maintenance.	Better for large organizations or those with specific needs for privacy, security, and customization.

This table provides a clear and concise comparison, helping you assess which platform better suits your specific needs and circumstances.

Alternative Approaches

When considering alternatives to either SaaS GitHub or self-hosted GitLab, it’s essential to explore different approaches that cater to diverse organizational needs. These alternatives can range from other SaaS solutions to self-hosted options, each with their unique features and trade-offs. Here’s an overview of some alternative approaches:

Other SaaS-Based Version Control Systems

Bitbucket (by Atlassian)

• Pluses: Offers deep integration with Jira and Trello, making it ideal for teams already using these tools. Often more cost-effective for small teams.
• Minuses: The interface and feature set might not be as extensive as GitHub.

Azure DevOps (by Microsoft)

• Pluses: Provides a comprehensive suite of tools for software development, including source control, CI/CD, and project management. Strong integration with other Microsoft products.
• Minuses: Can be complex to set up and may be more suited to enterprises or teams deeply integrated into the Microsoft ecosystem.

GitLab as a SaaS

• Pluses: Offers a similar feature set to its self-hosted counterpart but without the maintenance overhead.
• Minuses: Higher cost for larger teams and potential concerns over data privacy.

Self-Hosted Version Control Systems

Gitea

• Pluses: Lightweight and easy to install, Gitea is a great option for smaller teams or individual developers. It’s open-source and can run on minimal hardware.
• Minuses: Lacks some of the advanced features of GitLab and GitHub.

Subversion (SVN)

• Pluses: An alternative to Git-based systems, SVN is well-suited for certain types of projects, particularly where binary files are prevalent.
• Minuses: Less popular than Git, fewer community resources, and might not be ideal for modern agile workflows.

Redmine with Git integration

• Pluses: Offers project management features along with version control. It’s customizable and includes issue tracking capabilities.
• Minuses: Requires more effort to set up and integrate compared to out-of-the-box solutions.

Hybrid Solutions

Organizations can also consider hybrid solutions where sensitive projects are managed on self-hosted systems, while less sensitive projects are managed using SaaS solutions. This approach balances control with convenience.

Managed Hosting Services

For those who prefer self-hosting but lack the resources for setup and maintenance, managed hosting services for GitLab or other platforms can be a viable option. They offer the control of self-hosting with the convenience of a SaaS.

Conclusion

The choice between SaaS GitHub and self-hosted GitLab depends largely on the specific needs and capabilities of an organization. For small to medium-sized teams looking for ease of use, minimal maintenance, and a strong community, GitHub is often the preferred choice. In contrast, larger organizations or those with specific privacy, security, and customization needs might opt for self-hosted GitLab despite the higher initial setup and ongoing maintenance requirements. Ultimately, the decision should align with the organization’s size, technical expertise, privacy concerns, and budget. For us, at Cyber Tzar, the upside for using self hosted GitLab, in terms of flexibility and fine grained security, outweigh the downside, re: setup, configuration, and scaling, as our DevOps and Infrastructure teams easily mitigate these for us meaning we have all the upside with none of the downside, and this we like a lot. It’s a very good reason for keeping your Infrastructure and DevOps teams close to you and having a focus on “Engineering Excellence”.