We performed a comparison between GitLab and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitLab offers a good interface for doing code reviews between two colleagues."
"CI/CD and GitLab scanning are the most valuable features."
"It scales well."
"The user interface is really good so that helps with huge teams who need to collaborate."
"I like that you can use GitLab as a double-sided solution for both DevOps and version management. It's a good product for working in these two areas, and the user interface makes it easy to understand."
"I have found the most valuable feature is security control. I also like the branching and cloning software."
"The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI."
"GitLab is a solution for source code management, container registry, pipelines, testing, and deployment."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"We set the solution up and enabled it and we had everything running pretty quickly."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"The vulnerability analysis is the best aspect of the solution."
"Its ease of use and good results are the most valuable."
"The overall support that we receive is pretty good. "
"Some of the scripts that we encountered in GitLab were not fully functional and threw up errors."
"GitLab could improve by having more plugins and better user-friendliness."
"I would like to see better integration with project management tools such as Jira."
"I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository. Resolving that issue would make the product better. My team quickly fixed it by writing a small script, then double-clicking or enabling the script to take care of the issue. However, that quick fix was from my team and not the GitLab team, so in the next release, if an automatic deployment feature would be available in GitLab, then that would be good because, in Visual Studio, you can do that with just one click of a button."
"Even if I say I want some improvement, they will say it is already planned in the first quarter, second quarter, or third quarter. That said, most everything is quite improved already, and they're improving even further still."
"GitLab doesn't have AWS integration. It would be better to have integration with other container management environments beyond Kubernetes. It has very good integration with Kubernetes, but it doesn't have good integration with, for example, AWS, ETS, etc."
"I would like configuration of a YML file to be done via UI rather than a code file."
"The solution does not have many built-in functions or variables so scripting is required."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."
"The dashboard UI and UX are problematic."
GitLab is ranked 6th in Software Composition Analysis (SCA) with 70 reviews while Mend.io is ranked 4th in Software Composition Analysis (SCA) with 29 reviews. GitLab is rated 8.6, while Mend.io is rated 8.4. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas Mend.io is most compared with SonarQube, Black Duck, Veracode and Snyk. See our GitLab vs. Mend.io report.
See our list of best Software Composition Analysis (SCA) vendors and best Application Security Tools vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.