Black Duck vs GitLab comparison

Black Duck and GitLab are both solutions in the Software Composition Analysis (SCA) category. Black Duck is ranked #1 with an average rating of 7.8, while GitLab is ranked #5 with an average rating of 8.3. Black Duck holds a 23.0% mindshare in SCA, compared to GitLab’s 4.8% mindshare. Additionally, 83% of Black Duck users are willing to recommend the solution, compared to 97% of GitLab users who would recommend it.

Black Duck

Read 20 Black Duck reviews

12,891 Views
8,529 Comparison Views

83% willing to recommend

GitLab

Read 75 GitLab reviews

2,526 Views
1,945 Comparison Views

97% willing to recommend

Black Duck

GitLab

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Nov 5, 2024

Black Duck and GitLab are key players in software development security and management. GitLab is favored for its extensive feature set, while Black Duck is notable for its effective support.

Features: Black Duck offers comprehensive open source vulnerability scanning, detailed risk reporting, and license compliance management. GitLab provides a robust CI/CD pipeline, efficient version control, and comprehensive DevOps tools.

Room for Improvement: Black Duck could enhance its user interface and streamline integration with newer platforms. More frequent updates and enhanced automation capabilities are desirable. GitLab may improve its documentation for beginners and could expand its feature set for more advanced uses. There may also be a need to enhance the freemium tier features.

Ease of Deployment and Customer Service: Black Duck offers seamless integration with existing workflows and effective customer support. GitLab's straightforward deployment capitalizes on its unified platform, providing intuitive tools for collaboration and development.

Pricing and ROI: Black Duck's pricing is competitive with effective returns in security management. GitLab, while having a higher initial investment, offers substantial ROI through enhanced development productivity and long-term value.

To learn more, read our detailed Black Duck vs. GitLab Report (Updated: October 2024).

Buyer's Guide

Black Duck vs. GitLab

October 2024

Download the complete report

Helped 815,854 peers since 2012

Categories and Ranking

Black Duck

Ranking in Software Composition Analysis (SCA)

1st

Average Rating

7.6

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

No ranking in other categories

GitLab

Ranking in Software Composition Analysis (SCA)

5th

Average Rating

8.4

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Application Security Tools (11th), Build Automation (1st), Release Automation (2nd), Static Application Security Testing (SAST) (10th), Rapid Application Development Software (12th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (3rd)

Mindshare comparison

As of November 2024, in the Software Composition Analysis (SCA) category, the mindshare of Black Duck is 23.0%, down from 23.3% compared to the previous year. The mindshare of GitLab is 4.8%, down from 5.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Software Composition Analysis (SCA)

Featured Reviews

Saravanan_Radhakrishnan

Senior Manager at Happiest Minds Technologies

Mar 5, 2024

Enables applications to be secure, but it must provide more open APIs

We use the solution for open-source security management. The product connects the entire customer entity into DevOps and DevSecOps. Solutions like Black Duck and Code Dx enable application testing and onboarding of different applications from entities for security. All the users in different…

Read full review

Corné den Hollander

Product Owner at a financial services firm with 1,001-5,000 employees

Sep 15, 2022

Powerful, mature, and easy to set up and manage

It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful. In terms of additional features, nothing comes to mind. One of the potential pitfalls is to keep adding new features and functionalities. They can just improve some of the existing features to make it high-end, top-quality. I don't have any substantial experience with agile planning. I don't know the industries GitLab is in, and I don't know why they make decisions like this, but as a customer, I would rather see them invest in improving the basic agile planning functionalities rather than adding, for example, portfolio planning features. That's because if I'm going to do portfolio planning, I probably will also need a lot of business users. I'm not sure if I want them in GitLab, I'd rather have them in Jira collaborating with me on portfolio planning. That's way better fitted for that type of work.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The cloud option of the product is always available and a positive aspect of the solution."

"The solution is stable."

"The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."

"I like the fact that the product auto analyzes components."

"The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach."

"The product enables other applications to be secure."

"The solution works well on Mac products."

"Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it."

More Black Duck pros

"The merging feature makes it easy later on for the deployment."

"This is a scalable solution. We had around 200 users working with it."

"The most valuable feature of GitLab is the ability to upload scripts and make changes when needed and then reupload them. Additionally, the solution is user-friendly."

"It speeds up our development, it's faster, safer, and more convenient."

"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."

"GitLab is being used as a repository for our codebase and it is a one stop DevOps tool we use in our team."

"The most valuable features of GitLab are the review, patch repo, and plans are in YAML."

"We use GitLab in the new project for CI/CD, integration, and deployment."

More GitLab pros

Cons

"The documentation is quite scattered."

"It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow."

"They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility."

"The tool needs to improve its pricing. Its configuration is complex and can be improved."

"The product's pricing is higher compared to other competitor products."

"The solution's pricing model and documentation areas of concern where improvement is needed."

"The scanner client is limited by the size of software it can handle."

"We're not too sure about the extension of the firewall. It never shows up in the Hub."

More Black Duck cons

"The integration and storage capabilities could be better."

"This solution could be improved by adding modifications such as slack notifications."

"As a partner, sometimes it's difficult to get support. They have a really complicated procedure for their support."

"We are having a few problems integrating with Jira at the moment, which is something that our IT department is investigating."

"GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package."

"There is a need to improve or adopt AI into the ecosystem like a co-pilot, which Microsoft has done with GitHub."

"GitLab's UI could be improved."

"I would like more Agile features in the Premium version. The Premium version should have all Agile features that exist in the Ultimate version. IBM AOM has a complete Agile implementation, but in GitLab, you only have these features if you buy the Ultimate version. It would be good if we can use these in the Premium version."

More GitLab cons

Pricing and Cost Advice

"I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."

"The price charged by Black Duck is exorbitant."

"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."

"It is expensive."

"The pricing is a little high."

"The price is low. It's not an expensive solution."

"The price is quite high because the behavior of the software during the scan is similar to competing products."

"Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."

"As I work in a vast enterprise, I'm unsure about the licensing cost for GitLab. It's the management team that takes care of that."

"The initial setup cost is excellent and you can add the premium features later."

"There are different licensing options available, including a free limited-user license."

"We are using the free version of GitLab."

"The price is okay."

"We are currently using the open-source version."

"In terms of the pricing for GitLab, on a scale of one to five, with one being expensive and five being cheap, I'm rating pricing for the solution a four. It could still be cheaper because right now, my company has a small team, and sometimes it's difficult to use a paid product for a small team. You'd hope the team will grow and scale, but currently, you're paying a high license fee for a small team. I'm referring to the GitLab license that has premium features and will give you all features. This can be a problem for management to approve the high price of the license for a team this small."

"I'm not sure if they have some kind of discount. I've been negotiating with them on prices before, and I believe they weren't too happy to give discounts, but list prices are $19 per user, per month for Premium and $99 per user, per month for Ultimate. So, the difference between Premium and Ultimate is a bit bigger, and in most companies, you need to build some type of business case."

More GitLab pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.

See recommendations

815,854 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

21%

Manufacturing Company

16%

Computer Software Company

14%

Healthcare Company

Educational Organization

29%

Computer Software Company

11%

Financial Services Firm

11%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

How does WhiteSource compare with Black Duck?

We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...

See all answers

What do you like most about Black Duck?

The cloud option of the product is always available and a positive aspect of the solution.

See all answers

What is your experience regarding pricing and costs for Black Duck?

The price charged by Black Duck is exorbitant. For the features provided by the product, I would not want to pay a high price. There are many other products in the market that offer better features...

See all answers

What do you like most about GitLab?

I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.

See all answers

What is your experience regarding pricing and costs for GitLab?

Pricing is relatively expensive.

See all answers

What needs improvement with GitLab?

The pricing has been substantially increased, which is a major concern. While GitLab has a lot of documentation, the complexity and volume can be overwhelming, especially for new learners. Structur...

See all answers

Comparisons

Snyk vs Black Duck

Compared 22% of the time

Fortify Static Code Analyzer vs Black Duck

Compared 19% of the time

JFrog Xray vs Black Duck

Compared 14% of the time

Mend.io vs Black Duck

Compared 9% of the time

FlexNet Code Insight vs Black Duck

Compared 2% of the time

More Black Duck Competitors

Microsoft Azure DevOps vs GitLab

Compared 41% of the time

SonarQube Server (formerly SonarQube) vs GitLab

Compared 8% of the time

GitHub CoPilot vs GitLab

Compared 7% of the time

AWS CodePipeline vs GitLab

Compared 5% of the time

Sonatype Lifecycle vs GitLab

Compared 1% of the time

More GitLab Competitors

Product Reports

Buyer's Guide

Black Duck

November 2024

Download Black Duck product report

Buyer's Guide

GitLab

November 2024

Download GitLab product report

Also Known As

Blackduck Hub, Black Duck Protex, Black Duck Security Checker

Fuzzit

Learn More

Black Duck

GitLab

Overview

Organizations use Black Duck for compliance, internal audits, license management, and security, scanning software to identify vulnerabilities, non-compliant code, and dependencies in open-source projects.

Black Duck integrates into CI/CD pipelines and DevSecOps processes, helping multiple industries detect and handle risks associated with open-source usage. Users leverage it for source and binary analysis to ensure security and compliance before software release. Automatic component analysis, effective vulnerability scanning, and a comprehensive knowledge base are some of its valuable features. Despite needing improvements in scanning speed, UI, and documentation, Black Duck remains crucial for ensuring open-source security and compliance.

What are Black Duck's most important features?

Automatic Component Analysis: Provides automatic identification and analysis of open-source components.
Effective Vulnerability Scanning: Scans for vulnerabilities in both source code and binary files.
Comprehensive Knowledge Base: Offers expansive information on open-source components.
Policy Management: Enables the creation and enforcement of security and compliance policies.
Binary File Scanning: Capable of scanning binary files for in-depth security checks.
Ease of Use: Demonstrates ease of use, particularly on Mac products.
Stability: Known for its stable performance.
Docker Integration: Smooth integration with Docker for enhanced deployment.
Open-source Evaluation: Excellent evaluation capabilities for open-source software.
License Management: Manages open-source licenses effectively.
Easy Installation: Simple installation process.
Secure Onboarding: Ensures secure application onboarding.
API Availability: Provides APIs for custom integrations.
Community Support: Backed by an active community.
Dependency Tree Visualization: Visualizes dependencies for better management.

What benefits or ROI should users look for in reviews?

Improved Compliance: Helps maintain compliance with legal and regulatory requirements.
Risk Mitigation: Reduces risks associated with open-source vulnerabilities.
Enhanced Security: Strengthens software security by identifying and addressing potential issues early.
Time-saving: Automates many aspects of vulnerability scanning and analysis, saving valuable time.
Cost Efficiency: Detects issues early, potentially saving costs related to compliance breaches and security incidents.
Integration Ease: Seamlessly integrates with existing CI/CD pipelines and DevSecOps practices.
Knowledge Resource: Access to comprehensive information aiding better decision-making.

Black Duck is implemented by industries ranging from finance to healthcare, addressing security and compliance in open-source usage. Financial institutions employ it to manage license risks and ensure audit readiness. Healthcare organizations use it to comply with stringent data protection regulations, ensuring patient data security and privacy. Tech companies integrate Black Duck within CI/CD pipelines to maintain the security and compliance of software products before release. Its deployment varies, tailored to meet the specific risk management and compliance needs dictated by each sector's regulatory environment.

GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster.

It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring.

With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

Sample Customers

Samsung, Siemens, ScienceLogic, BryterCX, Dynatrace

1. NASA 2. IBM 3. Sony 4. Alibaba 5. CERN 6. Siemens 7. Volkswagen 8. ING 9. Ticketmaster 10. SpaceX 11. Adobe 12. Intuit 13. Autodesk 14. Rakuten 15. Unity Technologies 16. Pandora 17. Electronic Arts 18. Nordstrom 19. Verizon 20. Comcast 21. Philips 22. Deutsche Telekom 23. Orange 24. Fujitsu 25. Ericsson 26. Nokia 27. General Electric 28. Cisco 29. Accenture 30. Deloitte 31. PwC 32. KPMG

Buyer's Guide

Black Duck vs. GitLab

October 2024

Free Report: Black Duck vs. GitLab

Find out what your peers are saying about Black Duck vs. GitLab and other solutions. Updated: October 2024.

DOWNLOAD NOW

815,854 professionals have used our research since 2012.

See our Black Duck vs. GitLab report.

See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.