We performed a comparison between Black Duck and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is able to drill down to the source level."
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view."
"The most valuable feature is the vulnerability scanning, and that it's easy to use."
"The installation is very easy."
"Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it."
"The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."
"The product enables other applications to be secure."
"The stability is okay."
"I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently."
"It is scalable."
"As a developer, this solution is useful as a repository holder because most of the POC projects that we have are on GitLab."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"I like GitLab's security and SAS tools."
"I like that it's easy to deploy our services over GitLab. The customer support is also good with a really active community. You have a lot of support that you can get online with your stack. That is probably one of the benefits of using GitLab. It's also really fast."
"Key features allow creation of well-presented Wiki that includes ideas, development, and domains."
"This is a scalable solution. We had around 200 users working with it."
"The tool needs to improve its pricing. Its configuration is complex and can be improved."
"The solution's pricing model and documentation areas of concern where improvement is needed."
"It needs to be more user-friendly for developers and in general, to ensure compliance."
"We're not too sure about the extension of the firewall. It never shows up in the Hub."
"They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility."
"Black Duck can improve the time it takes for a scan. Most of the time it's not ideal when integrated with the live DevSecOps pipeline. We have to create a separate job to scan the library because it takes a couple of hours to scan all those libraries. The scanning could be faster."
"The product's pricing is higher compared to other competitor products."
"It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow."
"The solution should be more cloud-native and have more cloud-native capabilities and features."
"Their RBAC is role-based access, which is fine but not very good."
"The user interface could be more user-friendly. We do most of our operations through the website interface but it could be better."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"We would like to generate document pages from the sources."
"There is room for improvement in GitLab Agents."
"I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository. Resolving that issue would make the product better. My team quickly fixed it by writing a small script, then double-clicking or enabling the script to take care of the issue. However, that quick fix was from my team and not the GitLab team, so in the next release, if an automatic deployment feature would be available in GitLab, then that would be good because, in Visual Studio, you can do that with just one click of a button."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
Black Duck is ranked 1st in Software Composition Analysis (SCA) with 19 reviews while GitLab is ranked 6th in Software Composition Analysis (SCA) with 70 reviews. Black Duck is rated 7.8, while GitLab is rated 8.6. The top reviewer of Black Duck writes "Enables applications to be secure, but it must provide more open APIs". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Black Duck is most compared with Snyk, Fortify Static Code Analyzer, JFrog Xray, Mend.io and Semgrep Supply Chain, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and UrbanCode Deploy. See our Black Duck vs. GitLab report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
