Black Duck SCA and GitLab are competing products in the software development and security tools category. GitLab seems to have the upper hand, with users generally more satisfied due to its features, even though Black Duck SCA offers favorable pricing and support.
Features: Black Duck SCA offers valuable features like seamless integration for scanning Docker binary files, robust open-source license compliance, and effective vulnerability detection. GitLab provides a comprehensive suite with features such as CI/CD pipelines, code collaboration, and version control integration. The emphasis of Black Duck is more on security and compliance, while GitLab focuses on development workflow integration.
Room for Improvement: Black Duck SCA could improve in identifying vulnerabilities more accurately and enhancing the robustness of its security features. Its UI and scalability could also be refined. GitLab could benefit from expanding its feature set further, addressing some performance issues, and exploring ways to enhance the user interface responsiveness.
Ease of Deployment and Customer Service: Black Duck SCA offers effective deployment and notably prompt customer support. On the other hand, GitLab provides a streamlined deployment process that integrates smoothly into workflows. However, its customer service has been noted for slower response times compared to Black Duck.
Pricing and ROI: Black Duck SCA's competitive pricing structure delivers good ROI for security-focused teams. Although GitLab might be potentially more expensive, it offers substantial ROI through its extensive features, providing greater value for teams looking for an all-in-one development tool.
If you're using it on critical external programs where there is regulatory compliance on ensuring that the source code is clean from open-source, there's substantial ROI.
Migrating to GitLab is bringing time-saving benefits, and everything is easier to automate.
We have saved time significantly, reducing deployment time from four hours to five minutes per deployment.
There are some pain points with the response time and first-level support quality.
We have rarely needed to escalate issues to technical support since GitLab usually runs seamlessly.
I have interacted with architects for some advice during the implementation, and they were prompt in their response.
I have had meetings where they taught me, explained things, and provided guidance for starting from scratch.
I would rate the scalability of Black Duck 8 or 9.
It has all the features required for our coding and deployment needs, which makes it scalable to our changing requirements.
We're transitioning to OpenShift for future scalability with increased user numbers.
For scaling, other deployment options from GitLab's side need to be adopted.
I have not encountered any performance or stability issues with GitLab so far.
The updates are frequent and demanding, happening at least once a week due to security reasons.
We raised a request with GitLab support, but they were unable to help because they could not find the root cause of what went wrong.
It can improve on the security side of it, specifically vulnerabilities identification.
There are areas for improvement such as false positives and the scanning of containers.
Black Duck does not have the SBOM management part.
It would be beneficial to have a user-friendly interface for setting up these configurations, instead of just writing YAML files.
It is essential to conduct proper testing, such as unit tests and code coverage, within the SDLC pipelines.
GitLab can improve its user interface to make conflict resolution more user-friendly.
Even when working in other small organizations, we opted for GitLab as it was cost-efficient.
The pricing of GitLab is reasonable, aligning with what I consider to be average compared to competitors.
The price is high, and it limits user accessibility.
The most valuable feature of Black Duck is the composition analysis feature, which is effective for security risk management.
Black Duck's ability to identify dependencies very accurately has been most valuable in identifying and mitigating risks.
The software composition analysis is most effective for security risk management.
As we implement automated testing and DevSecOps, it speeds up the process by forty to sixty percent.
The Ultimate version offers enhanced features for security scanning through DAST and SAST analysis, which have greatly benefitted our project workflow.
By integrating GitLab as a DevOps platform, we have enhanced agility, improved our time to market, and different teams can work collaboratively on various projects.
| Product | Market Share (%) |
|---|---|
| Black Duck SCA | 15.7% |
| GitLab | 4.2% |
| Other | 80.1% |
| Company Size | Count |
|---|---|
| Small Business | 6 |
| Large Enterprise | 16 |
| Company Size | Count |
|---|---|
| Small Business | 35 |
| Midsize Enterprise | 9 |
| Large Enterprise | 42 |
Black Duck is an essential tool for software composition analysis and license compliance. It identifies vulnerabilities effectively and supports security management in DevOps environments, offering integration, performance stability, and community support.
Organizations rely on Black Duck for seamless integration in CI/CD pipelines, thorough scanning of source and binary codes, and management of operational risks associated with open-source and commercial licenses. It plays a crucial role in security risk management and delivers a robust policy management framework. Users value its ease of use and reliable community support while benefiting from its comprehensive dependency visualization capabilities. Despite its strengths, there is room for enhancement in integration with other tools, UI friendliness, and reporting features.
What are Black Duck's key features?
What should users look for in ROI?
Enterprise environments use Black Duck extensively for security, compliance, and risk management, ensuring software meets regulatory standards and mitigates vulnerabilities. Its implementation in specific industries aids in controlled and secure software development processes, underlining its role in maintaining rigorous security standards while delivering dependable performance.
GitLab offers a secure and user-friendly platform for CI/CD pipeline management, code repository control, and collaboration, enhancing development speed and efficiency. It facilitates automation with extensive customization and tool integration, ideal for DevOps processes.
GitLab supports source code management, version control, and collaborative development. It's frequently used in CI/CD processes to automate builds and deployments while integrating DevOps practices. GitLab allows companies to manage repositories, automate pipelines, conduct code reviews, and maintain development lifecycles. The platform supports infrastructure and configuration management, enabling efficient code collaboration, deployment automation, and comprehensive repository handling. Many organizations commit and deploy developed code using GitLab's capabilities.
What are GitLab's most valuable features?In specific industries, GitLab serves as a backbone for source code management and CI/CD implementation. Companies leverage its capabilities for infrastructure management and deployment automation, thus streamlining project delivery timelines. Its ability to handle configuration management and code repositories effectively aids in maintaining development lifecycles, making it a preferred choice for organizations committed to enhancing their DevOps practices.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
