We performed a comparison between Black Duck and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is stable."
"The product enables other applications to be secure."
"It is able to drill down to the source level."
"The stability is okay."
"The cloud option of the product is always available and a positive aspect of the solution."
"The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view."
"We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it."
"I like GitLab's security and SAS tools."
"CI/CD and GitLab scanning are the most valuable features."
"The solution's service delivery model is fantastic."
"GitLab is kind of an image of GitHub, so it gives us the flexibility to monitor our changes in the repos."
"The solution has an established roadmap that lays out its plans for upgrades over the next two to three years."
"We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people."
"GitLab is a solution for source code management, container registry, pipelines, testing, and deployment."
"Key features allow creation of well-presented Wiki that includes ideas, development, and domains."
"The initial setup could be simplified. It was somewhat complex."
"The tool needs to improve its pricing. Its configuration is complex and can be improved."
"We're not too sure about the extension of the firewall. It never shows up in the Hub."
"The product's pricing is higher compared to other competitor products."
"I would like to see improvements in Black Duck's reporting capabilities."
"It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports."
"The solution must provide more open APIs."
"It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow."
"The documentation could be improved to help newcomers better understand things like creating new branches."
"As a partner, sometimes it's difficult to get support. They have a really complicated procedure for their support."
"It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful."
"Merge conflicts and repository maintenance could improve. If there is someone new to the system they would not know if there is a conflict."
"GitLab would be improved with the addition of templates for deployment on local PCs."
"GitLab could improve by having more plugins and better user-friendliness."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
"We'd always like to see better pricing on the product."
Black Duck is ranked 1st in Software Composition Analysis (SCA) with 19 reviews while GitLab is ranked 6th in Software Composition Analysis (SCA) with 70 reviews. Black Duck is rated 7.8, while GitLab is rated 8.6. The top reviewer of Black Duck writes "Enables applications to be secure, but it must provide more open APIs". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Black Duck is most compared with Snyk, Fortify Static Code Analyzer, JFrog Xray, Mend.io and Semgrep Supply Chain, whereas GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and UrbanCode Deploy. See our Black Duck vs. GitLab report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
