Black Duck vs GitLab comparison

Black Duck
Read 19 Black Duck reviews
  • 14,538 Views
  • 9,895 Comparison Views
82% willing to recommend
GitLab
Read 70 GitLab reviews
  • 2,922 Views
  • 2,333 Comparison Views
98% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Black Duck and GitLab based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Black Duck vs. GitLab Report (Updated: May 2024).
Buyer's Guide
Black Duck vs. GitLab
May 2024
Download the complete report
Helped 787,061 peers since 2012
 

Categories and Ranking

Black Duck
Ranking in Software Composition Analysis (SCA)
1st
Average Rating
7.8
Number of Reviews
19
Ranking in other categories
No ranking in other categories
GitLab
Ranking in Software Composition Analysis (SCA)
6th
Average Rating
8.6
Number of Reviews
70
Ranking in other categories
Application Security Tools (6th), Build Automation (1st), Release Automation (2nd), Static Application Security Testing (SAST) (7th), Rapid Application Development Software (10th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (3rd)
 

Market share comparison

As of June 2024, in the Software Composition Analysis (SCA) category, the market share of Black Duck is 28.8% and it increased by 10.4% compared to the previous year. The market share of GitLab is 4.4% and it decreased by 28.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
Unique Categories:
No other categories found
Application Security Tools
3.7%
Build Automation
24.4%
 

Featured Reviews

Sagar Mody - PeerSpot reviewer
Apr 12, 2024
Effectively flags operational vulnerabilities and recommendations for fixes are very helpful
It's still a bit inconsistent. For example, sometimes a scan might reveal components or vulnerabilities, and the next day they might not show up. There's a lack of consistency at times. Of course, this could sometimes be due to new vulnerabilities being identified in the public domain after a scan. So, consistent inputs and more streamlined dependency management are needed. It doesn’t clearly show whether vulnerabilities are from direct or transitive dependencies. A clear classification between direct and indirect vulnerabilities is crucial. If I'm looking to improve my product, I need to know out of 'x' vulnerabilities, how many are direct dependencies. With direct dependencies, I can take action, like replacing a component. But with transitive dependencies, we are helpless at times. Often, we have to raise exceptions and work around them. A clear classification between direct and indirect dependencies is something I'd like to see improved.
Read full review
MohamedElazzouzi - PeerSpot reviewer
Dec 20, 2022
I like the security features and SAS tools
I use GitLab to manage repository code sources, scanning code sources, and CI/CD. We have around 100 users GitLab helps us integrate with many types of software. You can deploy and integrate source code, various tools, webhooks, etc.  I like GitLab's security and SAS tools. GitLab could add a…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach."
"Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it."
"The solution works well on Mac products."
"I like the fact that the product auto analyzes components."
"The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view."
"The product enables other applications to be secure."
"The most valuable feature is the vulnerability scanning, and that it's easy to use."
More Black Duck pros
"The merging feature makes it easy later on for the deployment."
"GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"The most valuable functionality of GitLab, for me, is the DevOps. Besides the normal source control based on Git, I find the Auto DevOps features most important in the solution."
"The SaaS setup is impressive, and it has DAST solutioning."
"I like GitLab's security and SAS tools."
"The most valuable feature of GitLab is the ability to upload scripts and make changes when needed and then reupload them. Additionally, the solution is user-friendly."
"I have had no problem with the stability of the solution."
More GitLab pros
 

Cons

"The initial setup could be simplified. It was somewhat complex."
"It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance."
"The tool's documentation and support are areas of concern where improvements are required."
"The documentation is quite scattered."
"The scanner client is limited by the size of software it can handle."
"I would like to see improvements in Black Duck's reporting capabilities."
"The solution must provide more open APIs."
"The solution's pricing model and documentation areas of concern where improvement is needed."
More Black Duck cons
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"Expand features to match other tools such as a static code analysis tool so third-party integrations are not required."
"I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository. Resolving that issue would make the product better. My team quickly fixed it by writing a small script, then double-clicking or enabling the script to take care of the issue. However, that quick fix was from my team and not the GitLab team, so in the next release, if an automatic deployment feature would be available in GitLab, then that would be good because, in Visual Studio, you can do that with just one click of a button."
"It should be used by a larger number of people. They should raise awareness."
"The user interface could be more user-friendly. We do most of our operations through the website interface but it could be better."
"Their RBAC is role-based access, which is fine but not very good."
"It could have more security integrations and the ability to check the vulnerability of the code. I don't think it is a responsibility of Gitlab, but it would be nice to have more options to integrate with."
More GitLab cons
 

Pricing and Cost Advice

"Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."
"The price is low. It's not an expensive solution."
"I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."
"The price is quite high because the behavior of the software during the scan is similar to competing products."
"It is expensive."
"The price charged by Black Duck is exorbitant."
"The pricing is a little high."
"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."
"The open-source version is very good and the commercial version is reasonably priced."
"GitLab is highly priced for smaller teams, but it's okay if considering a user base of thousands."
"The solution is based on a licensing model that includes technical support and is paid annually."
"My company uses the free version of GitLab, which is GitLab Community Edition. There is a licensed version also available for GitLab."
"Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
"In terms of the pricing for GitLab, on a scale of one to five, with one being expensive and five being cheap, I'm rating pricing for the solution a four. It could still be cheaper because right now, my company has a small team, and sometimes it's difficult to use a paid product for a small team. You'd hope the team will grow and scale, but currently, you're paying a high license fee for a small team. I'm referring to the GitLab license that has premium features and will give you all features. This can be a problem for management to approve the high price of the license for a team this small."
"I'm not aware of the licensing costs because those were covered by the customer."
"We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
More GitLab pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
See recommendations
787,061 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Manufacturing Company
15%
Computer Software Company
15%
Healthcare Company
4%
Educational Organization
26%
Computer Software Company
12%
Financial Services Firm
11%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
See all answers
What do you like most about Black Duck?
The cloud option of the product is always available and a positive aspect of the solution.
See all answers
What is your experience regarding pricing and costs for Black Duck?
The price charged by Black Duck is exorbitant. For the features provided by the product, I would not want to pay a high price. There are many other products in the market that offer better features...
See all answers
What do you like most about GitLab?
I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
See all answers
What is your experience regarding pricing and costs for GitLab?
For small-scale usage, GitLab offers a free tier. For enterprise pricing, GitLab is more expensive than GitHub, as it's not as widely adopted. GitLab is the preferred choice for many developers des...
See all answers
What needs improvement with GitLab?
I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities. Better integration and usability within the pipeline could make a significan...
See all answers
 

Comparisons

Snyk vs Black Duck Logo
Snyk vs Black Duck
Compared 23% of the time
Fortify Static Code Analyzer vs Black Duck Logo
Fortify Static Code Analyzer vs Black Duck
Compared 19% of the time
JFrog Xray vs Black Duck Logo
JFrog Xray vs Black Duck
Compared 12% of the time
Mend.io vs Black Duck Logo
Mend.io vs Black Duck
Compared 9% of the time
Semgrep Supply Chain vs Black Duck Logo
Semgrep Supply Chain vs Black Duck
Compared 1% of the time
More Black Duck Competitors
Microsoft Azure DevOps vs GitLab Logo
Microsoft Azure DevOps vs GitLab
Compared 50% of the time
SonarQube vs GitLab Logo
SonarQube vs GitLab
Compared 5% of the time
Bamboo vs GitLab Logo
Bamboo vs GitLab
Compared 5% of the time
AWS CodePipeline vs GitLab Logo
AWS CodePipeline vs GitLab
Compared 5% of the time
UrbanCode Deploy vs GitLab Logo
UrbanCode Deploy vs GitLab
Compared 1% of the time
More GitLab Competitors
 

Product Reports

Buyer's Guide
Black Duck
June 2024
Black Duck reportDownload Black Duck product report
Buyer's Guide
GitLab
June 2024
GitLab reportDownload GitLab product report
 

Also Known As

Blackduck Hub, Black Duck Protex, Black Duck Security Checker
Fuzzit
 

Learn More

Synopsys
GitLab
 

Overview

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster. 

It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring. 

With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

 

Sample Customers

Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeaf
1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Buyer's Guide
Black Duck vs. GitLab
May 2024
Free Report: Black Duck vs. GitLab
Find out what your peers are saying about Black Duck vs. GitLab and other solutions. Updated: May 2024.
DOWNLOAD NOW
787,061 professionals have used our research since 2012.
See our Black Duck vs. GitLab report.
See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.