We performed a comparison between Black Duck and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The installation is very easy."
"The most valuable feature is the vulnerability scanning, and that it's easy to use."
"The solution is very good at scanning and evaluating open source software."
"Policy management is a valuable feature."
"The stability is okay."
"The product enables other applications to be secure."
"We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it."
"The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."
"This product is always evolving, and they listen to the customers."
"GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable."
"It is very flexible and easy because you can store data on cloud."
"Of all available products, it was the easiest to use and easy to install."
"GitLab's best features are maintenance, branch integration, and development infrastructure."
"Key features allow creation of well-presented Wiki that includes ideas, development, and domains."
"I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"The tool needs to improve its pricing. Its configuration is complex and can be improved."
"I would like to see more integration with other solutions, such as IntelliJ IDEA."
"The tool's documentation and support are areas of concern where improvements are required."
"The documentation is quite scattered."
"They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility."
"The solution's pricing model and documentation areas of concern where improvement is needed."
"Black Duck can improve the time it takes for a scan. Most of the time it's not ideal when integrated with the live DevSecOps pipeline. We have to create a separate job to scan the library because it takes a couple of hours to scan all those libraries. The scanning could be faster."
"It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow."
"The documentation is confusing."
"The solution should be more cloud-native and have more cloud-native capabilities and features."
"It should be used by a larger number of people. They should raise awareness."
"We'd always like to see better pricing on the product."
"I would like to see security increased in the future. A secure environment is very important."
"Atlassian offers more products than GitLab. GitLab offers source control management, version control and collaboration between developers. Atlassian offers features on top of this as well as more integration points for developers."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
"The integration and storage capabilities could be better."
Black Duck is ranked 1st in Software Composition Analysis (SCA) with 19 reviews while GitLab is ranked 6th in Software Composition Analysis (SCA) with 70 reviews. Black Duck is rated 7.8, while GitLab is rated 8.6. The top reviewer of Black Duck writes "Enables applications to be secure, but it must provide more open APIs". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Black Duck is most compared with Snyk, Fortify Static Code Analyzer, JFrog Xray, Mend.io and Semgrep Supply Chain, whereas GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and UrbanCode Deploy. See our Black Duck vs. GitLab report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.