We performed a comparison between Black Duck and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."
"The product enables other applications to be secure."
"The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach."
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view."
"We accidentally use third-party library APIs, which may not be secure. Our technical team may not have the end time or expertise to figure it out. Black Duck helps us with that and saves us time."
"The solution is very good at scanning and evaluating open source software."
"The UI is the solution's most valuable feature since it allows for easy pipeline integration."
"Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it."
"GitLab is very well-organized and easy to use. Also, it offers most features that customers need."
"I like that it's easy to deploy our services over GitLab. The customer support is also good with a really active community. You have a lot of support that you can get online with your stack. That is probably one of the benefits of using GitLab. It's also really fast."
"The user interface is really good so that helps with huge teams who need to collaborate."
"The initial setup of GitLab is pretty simple, with no complications."
"The most valuable features of GitLab are ease of use and highly intuitive UI and performance."
"The solution makes the CI/CD pipelines easy to execute."
"CI/CD and GitLab scanning are the most valuable features."
"CI/CD is valuable for me."
"We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck."
"It needs to be more user-friendly for developers and in general, to ensure compliance."
"The tool needs to improve its pricing. Its configuration is complex and can be improved."
"The initial setup could be simplified. It was somewhat complex."
"It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance."
"Black Duck can improve the time it takes for a scan. Most of the time it's not ideal when integrated with the live DevSecOps pipeline. We have to create a separate job to scan the library because it takes a couple of hours to scan all those libraries. The scanning could be faster."
"I would like to see more integration with other solutions, such as IntelliJ IDEA."
"The solution's pricing model and documentation areas of concern where improvement is needed."
"GitLab doesn't have AWS integration. It would be better to have integration with other container management environments beyond Kubernetes. It has very good integration with Kubernetes, but it doesn't have good integration with, for example, AWS, ETS, etc."
"GitLab can improve the integration with third-party applications. It could be made easier. Additionally, having API control from my application could be helpful."
"As a partner, sometimes it's difficult to get support. They have a really complicated procedure for their support."
"The tool should include a feature that helps to edit the code directly."
"The only thing our company is really waiting on in terms of features is the development of metrics."
"I rate the support from GitLab a four out of five."
"For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better."
"Perhaps the integration could be better."
Black Duck is ranked 1st in Software Composition Analysis (SCA) with 16 reviews while GitLab is ranked 6th in Software Composition Analysis (SCA) with 70 reviews. Black Duck is rated 7.8, while GitLab is rated 8.6. The top reviewer of Black Duck writes "Enables applications to be secure, but it must provide more open APIs". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Black Duck is most compared with Snyk, Fortify Static Code Analyzer, JFrog Xray, Mend.io and Semgrep Supply Chain, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, SonarQube and UrbanCode Deploy. See our Black Duck vs. GitLab report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.