We performed a comparison between Black Duck and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The stability is okay."
"The most valuable feature is the vulnerability scanning, and that it's easy to use."
"The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."
"Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it."
"The solution works well on Mac products."
"It is able to drill down to the source level."
"The solution is stable."
"The most valuable feature for me in Black Duck is its ability to scan binary files effectively."
"The dashboard and interface make it easy to use."
"I like that you can use GitLab as a double-sided solution for both DevOps and version management. It's a good product for working in these two areas, and the user interface makes it easy to understand."
"We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people."
"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable."
"This is a scalable solution. We had around 200 users working with it."
"GitLab integrates well with other platforms."
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"The product's pricing is higher compared to other competitor products."
"We're not too sure about the extension of the firewall. It never shows up in the Hub."
"The solution's pricing model and documentation areas of concern where improvement is needed."
"It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance."
"The initial setup could be simplified. It was somewhat complex."
"The solution must provide more open APIs."
"The tool's documentation and support are areas of concern where improvements are required."
"It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow."
"GitLab could add a plugin to integrate with Kubernetes stuff."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"I would like to have some features to support peer review."
"It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful."
"It should be used by a larger number of people. They should raise awareness."
"We would like to have easier tutorials. Their tutorials are too technical for a user to understand. They should be more detailed but less technical."
"The integration and storage capabilities could be better."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
Black Duck is ranked 1st in Software Composition Analysis (SCA) with 19 reviews while GitLab is ranked 6th in Software Composition Analysis (SCA) with 70 reviews. Black Duck is rated 7.8, while GitLab is rated 8.6. The top reviewer of Black Duck writes "Enables applications to be secure, but it must provide more open APIs". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Black Duck is most compared with Snyk, Fortify Static Code Analyzer, JFrog Xray, Mend.io and Semgrep Supply Chain, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and UrbanCode Deploy. See our Black Duck vs. GitLab report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
