We performed a comparison between GitLab and Mend based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It pinpoints the errors. Its accuracy is very interesting. It also elaborates on flaws, meaning it provides you with details about what is valid or not and how something can be fixed."
"It's comprehensive from a feature standpoint."
"The Veracode technical support is very good. They are responsive and very knowledgeable."
"The findings of their security analysis are wonderful. You can easily go through all the analyses done by Veracode. You can see what are the flaws and what could be the best possible resolution to minimize those flaws in the application. When an application is being used by the public, security is a challenge. Veracode helps us to analyze all the security flaws, discrepancies, and vulnerabilities inside the application. It provides good reports."
"Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool."
"Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."
"Good static analysis and dynamic analysis."
"Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful."
"GitLab is kind of an image of GitHub, so it gives us the flexibility to monitor our changes in the repos."
"CI/CD is very good. The version control system is also good. These are the two features that we use."
"The solution has an established roadmap that lays out its plans for upgrades over the next two to three years."
"The most valuable features of Gitlab are integration with CIE and the ability to rapidly deploy solutions, projects, and applications. It is very easy to use, and there are no complaints."
"I have found the most valuable feature is security control. I also like the branching and cloning software."
"The most valuable feature of GitLab is its security."
"The most valuable feature of GitLab is the automatic merging of code."
"I like that you can use GitLab as a double-sided solution for both DevOps and version management. It's a good product for working in these two areas, and the user interface makes it easy to understand."
"The solution is scalable."
"The dashboard view and the management view are most valuable."
"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"We set the solution up and enabled it and we had everything running pretty quickly."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"We are testing Veracode's software composition analysis, but we're having trouble integrating it with SVN. It works out of the box when you use Git but doesn't work as well with other tools like SVN. It's more geared toward Git"
"There are many times when their product goes to check my code and it dies, and I don't know why. I've contacted support and they're not really helpful with this particular problem. I go to the logs and I look at what I can but I can't tell why the check process has essentially just died in the middle of checking."
"The ideal situation in terms of putting the results in front of the developers would be with Veracode integration into the developer environment (IDE). They do have a plugin, which we've used in the past, but we were not as positive about it."
"In the next release, I would like a proper way of packaging files for scanning and the packing of IOS apps and API Dynamic scan methodology."
"The solution could improve the Dynamic Analysis Security Testing(DAST)."
"The product has issues with scanning."
"I do expect large applications with millions of lines of code to take a while, but it would be nice if there was a possibility to be able to have a baseline initial scan. I know that Veracode touts that there are Pipeline Scans that are supposed to take 90 seconds or less, and we've tried to do that ourselves with our ERP application. However, it actually times out after two hours of scanning. If the static scan itself or another option to run a lower tier scan can be integrated earlier on into our SDLC, it would be great. Right now, it takes so long that we usually leave it till a bit later in the cycle, whereas if it ran faster, we could push it to the time when a developer will be checking in code. That would make us feel a lot more confident that we'd be able to catch things almost instantaneously."
"The sandbox could use some improvement; when creating a sandbox, it requires us to put the application name in twice, which seems unnecessary."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"It should be used by a larger number of people. They should raise awareness."
"GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package."
"The price of GitLab could improve, it is high."
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"This solution could be improved by adding modifications such as slack notifications."
"I'm new to GitLab, so I would appreciate more documentation about the code and commands."
"For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"The only thing that I don't find support for on Mend Prioritize is C++."
"The initial setup could be simplified."
"I would like to see the static analysis included with the open-source version."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
GitLab is ranked 3rd in Application Security Tools with 50 reviews while Mend is ranked 4th in Application Security Tools with 13 reviews. GitLab is rated 8.4, while Mend is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Mend writes "Easy to use, great for finding vulnerabilities, and simple to set up". GitLab is most compared with Microsoft Azure DevOps, TeamCity, AWS CodePipeline, Tekton and Polarion ALM, whereas Mend is most compared with SonarQube, Black Duck, Snyk and Checkmarx. See our GitLab vs. Mend report.
See our list of best Application Security Tools vendors and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.