IT Central Station is now PeerSpot: Here's why

Black Duck vs GitLab comparison

Cancel
You must select at least 2 products to compare!
Synopsys Logo
18,553 views|13,497 comparisons
GitLab Logo
16,434 views|14,506 comparisons
Featured Review
Buyer's Guide
Black Duck vs. GitLab
July 2022
Find out what your peers are saying about Black Duck vs. GitLab and other solutions. Updated: July 2022.
610,229 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.""The solution works well on Mac products.""The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately.""The most valuable feature is the vulnerability scanning, and that it's easy to use.""It is able to drill down to the source level.""Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it.""The installation is very easy."

More Black Duck Pros →

"This product is always evolving, and they listen to the customers.""We like that we can have an all-encompassing product and don't have to implement different solutions.""The most valuable feature of GitLab is its security.""GitLab integrates well with other platforms.""The stability is good.""We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people.""Everything is easy to configure and easy to work with.""I have had no problem with the stability of the solution."

More GitLab Pros →

Cons
"We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck.""Due to the fact that, with our software developer life cycle, we don't need to scan our source code every day or every week. For that reason, we find the cost is too high. We might only actually use it five to ten times a year, which makes it expensive.""The initial setup could be simplified. It was somewhat complex.""Black Duck can improve the time it takes for a scan. Most of the time it's not ideal when integrated with the live DevSecOps pipeline. We have to create a separate job to scan the library because it takes a couple of hours to scan all those libraries. The scanning could be faster.""They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility.""It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports.""We're not too sure about the extension of the firewall. It never shows up in the Hub."

More Black Duck Cons →

"It would be really good if they integrated more features in application security.""It could have more security integrations and the ability to check the vulnerability of the code. I don't think it is a responsibility of Gitlab, but it would be nice to have more options to integrate with.""The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation.""Perhaps the integration could be better.""It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain.""We are having a few problems integrating with Jira at the moment, which is something that our IT department is investigating.""Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes.""The price of GitLab could improve, it is high."

More GitLab Cons →

Pricing and Cost Advice
  • "The price is low. It's not an expensive solution."
  • "Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."
  • "It is expensive."
  • More Black Duck Pricing and Cost Advice →

  • "I think that we pay approximately $100 USD per month."
  • "The price is okay."
  • "It seems reasonable. Our IT team manages the licenses."
  • "Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
  • "It is very expensive. We can't bear it now, and we have to find another solution. We have a yearly subscription in which we can increase the number of licenses, but we have to pay at the end of the year."
  • "I don't mind the price because I use the free version."
  • "We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
  • "The price of GitLab could be better, it is expensive."
  • More GitLab Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    610,229 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license… more »
    Top Answer:The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the… more »
    Top Answer:I can't speak to the exact cost or licensing structure. I don't deal with this aspect of the product.
    Top Answer:I'm not sure of the complete capabilities of the tool as I don't use it that much. Perhaps the integration could be better.
    Ranking
    Views
    18,553
    Comparisons
    13,497
    Reviews
    7
    Average Words per Review
    498
    Rating
    7.9
    Views
    16,434
    Comparisons
    14,506
    Reviews
    23
    Average Words per Review
    388
    Rating
    8.2
    Comparisons
    Also Known As
    Blackduck Hub, Black Duck Protex, Black Duck Security Checker
    Learn More
    Overview

    Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

    GitLab is a single application with features for the whole software development and operations (DevOps) lifecycle.

    Offer
    Learn more about Black Duck
    Learn more about GitLab
    Sample Customers
    Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeaf
    Siemens, University of Washington, Equinix, Paessler AG, CNCF, Ticketmaster, CERN, Vaadin
    Top Industries
    REVIEWERS
    Manufacturing Company71%
    Computer Software Company14%
    Financial Services Firm14%
    VISITORS READING REVIEWS
    Computer Software Company33%
    Financial Services Firm13%
    Comms Service Provider11%
    Manufacturing Company10%
    REVIEWERS
    Computer Software Company27%
    Mining And Metals Company13%
    Manufacturing Company13%
    Retailer13%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Comms Service Provider20%
    Government9%
    Financial Services Firm8%
    Company Size
    REVIEWERS
    Small Business30%
    Large Enterprise70%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise13%
    Large Enterprise72%
    REVIEWERS
    Small Business44%
    Midsize Enterprise8%
    Large Enterprise48%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise16%
    Large Enterprise65%
    Buyer's Guide
    Black Duck vs. GitLab
    July 2022
    Find out what your peers are saying about Black Duck vs. GitLab and other solutions. Updated: July 2022.
    610,229 professionals have used our research since 2012.

    Black Duck is ranked 6th in Software Composition Analysis (SCA) with 7 reviews while GitLab is ranked 3rd in Software Composition Analysis (SCA) with 23 reviews. Black Duck is rated 7.8, while GitLab is rated 8.2. The top reviewer of Black Duck writes "Good knowledge base and management system and helpful for discovering commercial and open-source licenses". On the other hand, the top reviewer of GitLab writes "A double-sided solution for both DevOps and version management". Black Duck is most compared with Snyk, Mend, Fortify Static Code Analyzer, Checkmarx Software Composition Analysis and FlexNet Code Insight, whereas GitLab is most compared with Microsoft Azure DevOps, TeamCity, Tekton, Sonatype Nexus Lifecycle and UrbanCode Deploy. See our Black Duck vs. GitLab report.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.