Black Duck vs GitLab comparison

Black Duck
Read 19 Black Duck reviews
  • 14,236 Views
  • 9,573 Comparison Views
82% willing to recommend
GitLab
Read 74 GitLab reviews
  • 2,851 Views
  • 2,284 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Black Duck and GitLab based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Black Duck vs. GitLab Report (Updated: July 2024).
Buyer's Guide
Black Duck vs. GitLab
July 2024
Download the complete report
Helped 793,295 peers since 2012
 

Categories and Ranking

Black Duck
Ranking in Software Composition Analysis (SCA)
1st
Average Rating
7.8
Number of Reviews
19
Ranking in other categories
No ranking in other categories
GitLab
Ranking in Software Composition Analysis (SCA)
6th
Average Rating
8.4
Number of Reviews
74
Ranking in other categories
Application Security Tools (6th), Build Automation (1st), Release Automation (2nd), Static Application Security Testing (SAST) (6th), Rapid Application Development Software (10th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (3rd)
 

Mindshare comparison

As of July 2024, in the Software Composition Analysis (SCA) category, the mindshare of Black Duck is 26.0%, down from 27.9% compared to the previous year. The mindshare of GitLab is 6.5%, up from 5.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
Unique Categories:
No other categories found
Application Security Tools
3.9%
Build Automation
23.6%
 

Featured Reviews

Sagar Mody - PeerSpot reviewer
Apr 12, 2024
Effectively flags operational vulnerabilities and recommendations for fixes are very helpful
It's still a bit inconsistent. For example, sometimes a scan might reveal components or vulnerabilities, and the next day they might not show up. There's a lack of consistency at times. Of course, this could sometimes be due to new vulnerabilities being identified in the public domain after a scan. So, consistent inputs and more streamlined dependency management are needed. It doesn’t clearly show whether vulnerabilities are from direct or transitive dependencies. A clear classification between direct and indirect vulnerabilities is crucial. If I'm looking to improve my product, I need to know out of 'x' vulnerabilities, how many are direct dependencies. With direct dependencies, I can take action, like replacing a component. But with transitive dependencies, we are helpless at times. Often, we have to raise exceptions and work around them. A clear classification between direct and indirect dependencies is something I'd like to see improved.
Read full review
MohamedElazzouzi - PeerSpot reviewer
Dec 20, 2022
I like the security features and SAS tools
I use GitLab to manage repository code sources, scanning code sources, and CI/CD. We have around 100 users GitLab helps us integrate with many types of software. You can deploy and integrate source code, various tools, webhooks, etc.  I like GitLab's security and SAS tools. GitLab could add a…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach."
"The solution works well on Mac products."
"The product enables other applications to be secure."
"We accidentally use third-party library APIs, which may not be secure. Our technical team may not have the end time or expertise to figure it out. Black Duck helps us with that and saves us time."
"The UI is the solution's most valuable feature since it allows for easy pipeline integration."
"I like the fact that the product auto analyzes components."
"The most valuable feature is the vulnerability scanning, and that it's easy to use."
"The installation is very easy."
More Black Duck pros
"I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."
"I have found the most valuable feature is security control. I also like the branching and cloning software."
"The stability is good."
"The most valuable feature of GitLab is its security."
"When a developer checks in code, it is automatically built and deployed, and automated test cases are also run. We have extensive integration with GitLab, which helps us with source code management. We run the static code analysis using SonarQube."
"In our software development lifecycle, GitLab is used as a component for code repository management. We use GitLab for several projects to handle code repositories. For other software projects, we use Bitbucket, but the use case for both is very similar."
"The most valuable features of GitLab are the review, patch repo, and plans are in YAML."
"This is a scalable solution. We had around 200 users working with it."
More GitLab pros
 

Cons

"Black Duck can improve the time it takes for a scan. Most of the time it's not ideal when integrated with the live DevSecOps pipeline. We have to create a separate job to scan the library because it takes a couple of hours to scan all those libraries. The scanning could be faster."
"The tool's documentation and support are areas of concern where improvements are required."
"The documentation is quite scattered."
"It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance."
"The scanner client is limited by the size of software it can handle."
"The tool needs to improve its pricing. Its configuration is complex and can be improved."
"Due to the fact that, with our software developer life cycle, we don't need to scan our source code every day or every week. For that reason, we find the cost is too high. We might only actually use it five to ten times a year, which makes it expensive."
"They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility."
More Black Duck cons
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
"We'd always like to see better pricing on the product."
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"GitLab's Windows version is yet not available and having this would be an improvement."
"The solution should be more cloud-native and have more cloud-native capabilities and features."
"Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes."
"It is a little complex to set up the pipelines within the solution."
More GitLab cons
 

Pricing and Cost Advice

"The price charged by Black Duck is exorbitant."
"Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."
"The price is quite high because the behavior of the software during the scan is similar to competing products."
"The pricing is a little high."
"The price is low. It's not an expensive solution."
"I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."
"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."
"It is expensive."
"We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
"This product is not very expensive but the price can be better."
"We are using the open-source version."
"In terms of the pricing for GitLab, on a scale of one to five, with one being expensive and five being cheap, I'm rating pricing for the solution a four. It could still be cheaper because right now, my company has a small team, and sometimes it's difficult to use a paid product for a small team. You'd hope the team will grow and scale, but currently, you're paying a high license fee for a small team. I'm referring to the GitLab license that has premium features and will give you all features. This can be a problem for management to approve the high price of the license for a team this small."
"This is an open-source solution."
"It seems reasonable. Our IT team manages the licenses."
"The initial setup cost is excellent and you can add the premium features later."
"Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
More GitLab pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
See recommendations
793,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Manufacturing Company
16%
Computer Software Company
15%
Healthcare Company
5%
Educational Organization
27%
Computer Software Company
12%
Financial Services Firm
11%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
See all answers
What do you like most about Black Duck?
The cloud option of the product is always available and a positive aspect of the solution.
See all answers
What is your experience regarding pricing and costs for Black Duck?
The price charged by Black Duck is exorbitant. For the features provided by the product, I would not want to pay a high price. There are many other products in the market that offer better features...
See all answers
What do you like most about GitLab?
I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
See all answers
What is your experience regarding pricing and costs for GitLab?
For small-scale usage, GitLab offers a free tier. For enterprise pricing, GitLab is more expensive than GitHub, as it's not as widely adopted. GitLab is the preferred choice for many developers des...
See all answers
What needs improvement with GitLab?
I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities. Better integration and usability within the pipeline could make a significan...
See all answers
 

Comparisons

Snyk vs Black Duck Logo
Snyk vs Black Duck
Compared 23% of the time
Fortify Static Code Analyzer vs Black Duck Logo
Fortify Static Code Analyzer vs Black Duck
Compared 19% of the time
JFrog Xray vs Black Duck Logo
JFrog Xray vs Black Duck
Compared 12% of the time
Mend.io vs Black Duck Logo
Mend.io vs Black Duck
Compared 9% of the time
Semgrep vs Black Duck Logo
Semgrep vs Black Duck
Compared 2% of the time
More Black Duck Competitors
Microsoft Azure DevOps vs GitLab Logo
Microsoft Azure DevOps vs GitLab
Compared 49% of the time
SonarQube vs GitLab Logo
SonarQube vs GitLab
Compared 6% of the time
AWS CodePipeline vs GitLab Logo
AWS CodePipeline vs GitLab
Compared 5% of the time
Bamboo vs GitLab Logo
Bamboo vs GitLab
Compared 5% of the time
SonarCloud vs GitLab Logo
SonarCloud vs GitLab
Compared 1% of the time
More GitLab Competitors
 

Product Reports

Buyer's Guide
Black Duck
July 2024
Black Duck reportDownload Black Duck product report
Buyer's Guide
GitLab
July 2024
GitLab reportDownload GitLab product report
 

Also Known As

Blackduck Hub, Black Duck Protex, Black Duck Security Checker
Fuzzit
 

Learn More

Synopsys
GitLab
 

Overview

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster. 

It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring. 

With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

 

Sample Customers

Samsung, Siemens, ScienceLogic, BryterCX, Dynatrace
1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Buyer's Guide
Black Duck vs. GitLab
July 2024
Free Report: Black Duck vs. GitLab
Find out what your peers are saying about Black Duck vs. GitLab and other solutions. Updated: July 2024.
DOWNLOAD NOW
793,295 professionals have used our research since 2012.
See our Black Duck vs. GitLab report.
See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.