We performed a comparison between GitLab and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitLab is a solution for source code management, container registry, pipelines, testing, and deployment."
"I have had no problem with the stability of the solution."
"The most valuable feature of GitLab is its security."
"The most valuable feature of GitLab is its convenience. I am able to trace back most of my changes up to a far distance in time and it helps me to analyze and see the older version of the code."
"CI/CD and GitLab scanning are the most valuable features."
"Key features allow creation of well-presented Wiki that includes ideas, development, and domains."
"Of all available products, it was the easiest to use and easy to install."
"CI/CD is valuable for me."
"The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production."
"What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"I rate the support from GitLab a four out of five."
"We do face issues in our company when we run out of disk space."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"I'm new to GitLab, so I would appreciate more documentation about the code and commands."
"The solution does not have many built-in functions or variables so scripting is required."
"Expand features to match other tools such as a static code analysis tool so third-party integrations are not required."
"It is a little complex to set up the pipelines within the solution."
"We'd like to see better integration with the Atlassian ecosystem."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"Make the product available in a very stable way for other web browsers."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
GitLab is ranked 6th in Software Composition Analysis (SCA) with 70 reviews while Mend.io is ranked 4th in Software Composition Analysis (SCA) with 29 reviews. GitLab is rated 8.6, while Mend.io is rated 8.4. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk and Veracode. See our GitLab vs. Mend.io report.
See our list of best Software Composition Analysis (SCA) vendors and best Application Security Tools vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.