You'd be surprised how easy it is to self-host GitLab with Docker Compose, GitLab has an official "Omnibus" Docker image. No need to handicap yourself with Gitea/Forgejo/whatever, you can just use an industry-standard platform without much effort.

Hardware requirements are nowhere close to high either.

Spinning up a docker image with GitLab is easy indeed, but the installation is huge and you can feel it doing weird stuff (and it keeps doing "stuff" all the time even if nobody does anything - before you even bother to create extra users or repositories or whatever). The whole setup seems to be designed to be opaque.

Forgejo is a single self-contained ~110MB binary (it contains all assets) you can drop anywhere and it'll just work - depending on your needs you most likely wont even need to bother with a DB server as it can use SQLite (my local install is doing that).

Also FWIW personally i find Forgejo's UX much better compared to GitLab.

What makes GitLab "industry-standard" and Forgejo not?

one reason (among others) — compliance.

a corporate/b2b saas environment without stuff like this is often a non starter.

- SOC2

- ISO/IEC 27001:2022

- ISO/IEC 27017:2015

- ISO/IEC 27018:2019

- VPAT 508

https://about.gitlab.com/security/

no mention of these on the forejo site, so i can’t put “our internal software is all SOC2/ISO NUMBER compliant” as a bullet point on a slide deck.

it is theatre. but it’s industry theatre.

Aren't those about organizational processes instead of just specific software features? For example, I don't think self-hosting gitlab is enough to claim ISO/IEC 27001, just based on this snippet from wikipedia:

> ISO/IEC 27001 requires that management:

> Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts;

> Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and

> Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.

> I don't think self-hosting gitlab is enough to claim ISO/IEC 27001

probably not. but it does mean you can focus on the rest of your stack rather than having to go through every single process from the ground up.

I don’t know if Gitlab is an industry standard, but I’ve never heard of Forgejo. I worked for a headless CMS company and the only three providers we ever had requests for were GitHub, Bitbucket, and Gitlab. Gitlab is big enough to be generally adopted by governments. I think it’s fair to say it’s at least a lot closer to being an industry standard then Forgejo.

(Aside: I would likely never use Gitlab by choice, and would consider looking into Forgejo)

Probably because those are service providers and Forgejo is software. Same reason people ask for Microsoft account and Google account integration, but nobody ever asks for Linux account integration in your cloud software.

Forgejo is mention in the article, it powers Codeberg. I agree it doesn't have high adoption, but the news is that it is growing.

Popularity.

It's also easy without Docker. apt install gitlab-ee