Tests and reports in merge requests (FREE)

GitLab has the ability to test the changes included in a feature branch and display reports or link to useful information directly from merge requests:

Feature Description
Accessibility Testing Automatically report A11y violations for changed pages in merge requests.
Browser Performance Testing Quickly determine the browser performance impact of pending code changes.
Load Performance Testing Quickly determine the server performance impact of pending code changes.
Code Quality Analyze your source code quality using the Code Climate analyzer and show the Code Climate report right in the merge request widget area.
Display arbitrary job artifacts Configure CI pipelines with the artifacts:expose_as parameter to directly link to selected artifacts in merge requests.
GitLab CI/CD Build, test, and deploy your code in a per-branch basis with built-in CI/CD.
Unit test reports Configure your CI jobs to use Unit test reports, and let GitLab display a report on the merge request so that it's easier and faster to identify the failure without having to check the entire job log.
License Compliance Manage the licenses of your dependencies.
Metrics Reports Display the Metrics Report on the merge request so that it's fast and easy to identify changes to important metrics.
Multi-Project pipelines When you set up GitLab CI/CD across multiple projects, you can visualize the entire pipeline, including all cross-project interdependencies.
Merge request pipelines Customize a specific pipeline structure for merge requests in order to speed the cycle up by running only important jobs.
Pipeline Graphs View the status of pipelines within the merge request, including the deployment process.
Test Coverage visualization See test coverage results for merge requests, within the file diff.

Security Reports (ULTIMATE)

In addition to the reports listed above, GitLab can do many types of Security reports, generated by scanning and reporting any vulnerabilities found in your project:

Feature Description
Container Scanning Analyze your Docker images for known vulnerabilities.
Dynamic Application Security Testing (DAST) Analyze your running web applications for known vulnerabilities.
Dependency Scanning Analyze your dependencies for known vulnerabilities.
Static Application Security Testing (SAST) Analyze your source code for known vulnerabilities.