Black Duck vs GitLab comparison

Black Duck and GitLab are both solutions in the Software Composition Analysis (SCA) category. Black Duck is ranked #1 with an average rating of 7.5, while GitLab is ranked #5 with an average rating of 8.6. Black Duck holds a 19.7% mindshare in SCA, compared to GitLab’s 4.4% mindshare. Additionally, 84% of Black Duck users are willing to recommend the solution, compared to 97% of GitLab users who would recommend it.

Black Duck

Read 21 Black Duck reviews

11,362 Views
7,170 Comparison Views

84% willing to recommend

GitLab

Read 82 GitLab reviews

1,946 Views
1,633 Comparison Views

97% willing to recommend

Black Duck

GitLab

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Nov 5, 2024

Black Duck and GitLab are key players in software development security and management. GitLab is favored for its extensive feature set, while Black Duck is notable for its effective support.

Features: Black Duck offers comprehensive open source vulnerability scanning, detailed risk reporting, and license compliance management. GitLab provides a robust CI/CD pipeline, efficient version control, and comprehensive DevOps tools.

Room for Improvement: Black Duck could enhance its user interface and streamline integration with newer platforms. More frequent updates and enhanced automation capabilities are desirable. GitLab may improve its documentation for beginners and could expand its feature set for more advanced uses. There may also be a need to enhance the freemium tier features.

Ease of Deployment and Customer Service: Black Duck offers seamless integration with existing workflows and effective customer support. GitLab's straightforward deployment capitalizes on its unified platform, providing intuitive tools for collaboration and development.

Pricing and ROI: Black Duck's pricing is competitive with effective returns in security management. GitLab, while having a higher initial investment, offers substantial ROI through enhanced development productivity and long-term value.

To learn more, read our detailed Black Duck vs. GitLab Report (Updated: March 2025).

Buyer's Guide

Black Duck vs. GitLab

March 2025

Download the complete report

Helped 845,485 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Black Duck

Ranking in Software Composition Analysis (SCA)

1st

Average Rating

7.6

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

No ranking in other categories

GitLab

Ranking in Software Composition Analysis (SCA)

5th

Average Rating

8.6

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Application Security Tools (9th), Build Automation (1st), Release Automation (2nd), Static Application Security Testing (SAST) (7th), Rapid Application Development Software (12th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (3rd)

Mindshare comparison

As of April 2025, in the Software Composition Analysis (SCA) category, the mindshare of Black Duck is 19.7%, down from 22.6% compared to the previous year. The mindshare of GitLab is 4.4%, down from 5.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Software Composition Analysis (SCA)

Featured Reviews

Saravanan_Radhakrishnan

Senior Manager at Happiest Minds Technologies

Enables applications to be secure, but it must provide more open APIs

The product enables other applications to be secure. We use it to onboard 400 to 500 applications into the DevOps platform, protect them, and have a secure environment. The tool integrates well with different technologies, application stacks, and databases. The APIs are available. We can read the blogs in the community for open-source compliance and security. The community feeds are important. Black Duck is a leader in Gartner. It is a reliable solution.

Read full review

Gaurav Chandel

AWS DevOps/ Site Reliability Engineer at Tata Consultancy

Boosted productivity with automated pipelines and seamless collaboration

There are some challenges with repository file management as GitLab may struggle to manage larger files. Improvements could be made regarding size management and file partitioning. Also, the UI has remained the same for a couple of years and could benefit from an update with AI features and better customization.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The solution works well on Mac products."

"The stability is okay."

"The most valuable feature of Black Duck is the composition analysis feature, which is effective for security risk management."

"It is able to drill down to the source level."

"The UI is the solution's most valuable feature since it allows for easy pipeline integration."

"The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."

"The automated code scanning feature and Black Duck's integration with our development tools have enhanced our software compliance process and overall audit readiness."

"The most valuable feature is the vulnerability scanning, and that it's easy to use."

More Black Duck pros

"The tool helps to integrate CI/CD pipeline deployments. It is very easy to learn. Its security model is good."

"I like that it's easy to deploy our services over GitLab. The customer support is also good with a really active community. You have a lot of support that you can get online with your stack. That is probably one of the benefits of using GitLab. It's also really fast."

"It is a speedy platform compared to the others I have used. I have also enjoyed using the platform as this solution offers a good user experience."

"This product is always evolving, and they listen to the customers."

"The most valuable feature of GitLab is its convenience. I am able to trace back most of my changes up to a far distance in time and it helps me to analyze and see the older version of the code."

"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."

"For us, Gitlab's most valuable feature is the integration with Cypress. We're using Cypress as an automation tool, so we're using GitLab as a tool for running in parallel."

"Git hosting has an integration with ACD which is why we liked this solution in the first place."

More GitLab pros

Cons

"Due to the fact that, with our software developer life cycle, we don't need to scan our source code every day or every week. For that reason, we find the cost is too high. We might only actually use it five to ten times a year, which makes it expensive."

"I would like to see improvements in Black Duck's reporting capabilities."

"The scanner client is limited by the size of software it can handle."

"It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports."

"Black Duck does not have the SBOM management part. I would like to see this feature added in the future."

"There are areas for improvement such as false positives and the scanning of containers."

"We're not too sure about the extension of the firewall. It never shows up in the Hub."

"There are areas for improvement such as false positives and the scanning of containers."

More Black Duck cons

"Technologies are always changing. Nowadays, new things like serverless computing and workload management have emerged. We have noticed a few gap items for faster service delivery. For example, we do user interface testing in the latest team and automate it using some tools. Recently, we integrated a tool with user interface testing, which can simulate a multi-user environment. So, we would like to see more integration with different platforms."

"There is a need to improve or adopt AI into the ecosystem like a co-pilot, which Microsoft has done with GitHub."

"We do face issues in our company when we run out of disk space."

"I would like to see better integration with project management tools such as Jira."

"I would like to see AI support in GitLab."

"It has fewer options, and its UI is not so user-friendly."

"The user interface could be more user-friendly. We do most of our operations through the website interface but it could be better."

"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."

More GitLab cons

Pricing and Cost Advice

"Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."

"It is expensive."

"I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."

"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."

"The pricing is a little high."

"The price charged by Black Duck is exorbitant."

"The price is quite high because the behavior of the software during the scan is similar to competing products."

"The price is low. It's not an expensive solution."

"The solution is based on a licensing model that includes technical support and is paid annually."

"We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."

"I'm not sure if they have some kind of discount. I've been negotiating with them on prices before, and I believe they weren't too happy to give discounts, but list prices are $19 per user, per month for Premium and $99 per user, per month for Ultimate. So, the difference between Premium and Ultimate is a bit bigger, and in most companies, you need to build some type of business case."

"The solution is based on a subscription model and is reasonably priced."

"It seems reasonable. Our IT team manages the licenses."

"There are different licensing options available, including a free limited-user license."

"The open-source version is very good and the commercial version is reasonably priced."

"GitLab's pricing is good compared to others on the market."

More GitLab pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.

See recommendations

845,485 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

20%

Manufacturing Company

17%

Computer Software Company

14%

Healthcare Company

Educational Organization

26%

Financial Services Firm

12%

Computer Software Company

11%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

How does WhiteSource compare with Black Duck?

We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...

See all answers

What do you like most about Black Duck?

The cloud option of the product is always available and a positive aspect of the solution.

See all answers

What is your experience regarding pricing and costs for Black Duck?

The price charged by Black Duck is exorbitant. For the features provided by the product, I would not want to pay a high price. There are many other products in the market that offer better features...

See all answers

What do you like most about GitLab?

I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.

See all answers

What is your experience regarding pricing and costs for GitLab?

The pricing of GitLab is reasonable, aligning with what I consider to be average compared to competitors.

See all answers

What needs improvement with GitLab?

Certain features in Jira are not available in GitLab, such as the functionality to have weights at the milestone and epic levels. Hopefully, these features will be resolved with work items in GitLa...

See all answers

Comparisons

Fortify Static Code Analyzer vs Black Duck

Compared 20% of the time

Snyk vs Black Duck

Compared 16% of the time

JFrog Xray vs Black Duck

Compared 15% of the time

Mend.io vs Black Duck

Compared 9% of the time

Checkmarx Software Composition Analysis vs Black Duck

Compared 3% of the time

More Black Duck Competitors

Microsoft Azure DevOps vs GitLab

Compared 29% of the time

GitHub CoPilot vs GitLab

Compared 13% of the time

SonarQube Server (formerly SonarQube) vs GitLab

Compared 8% of the time

AWS CodePipeline vs GitLab

Compared 6% of the time

UrbanCode Deploy vs GitLab

Compared 2% of the time

More GitLab Competitors

Product Reports

Buyer's Guide

Black Duck

March 2025

Download Black Duck product report

Buyer's Guide

GitLab

March 2025

Download GitLab product report

Also Known As

Blackduck Hub, Black Duck Protex, Black Duck Security Checker

Fuzzit

Overview

Organizations use Black Duck for compliance, internal audits, license management, and security, scanning software to identify vulnerabilities, non-compliant code, and dependencies in open-source projects.

Black Duck integrates into CI/CD pipelines and DevSecOps processes, helping multiple industries detect and handle risks associated with open-source usage. Users leverage it for source and binary analysis to ensure security and compliance before software release. Automatic component analysis, effective vulnerability scanning, and a comprehensive knowledge base are some of its valuable features. Despite needing improvements in scanning speed, UI, and documentation, Black Duck remains crucial for ensuring open-source security and compliance.

What are Black Duck's most important features?

Automatic Component Analysis: Provides automatic identification and analysis of open-source components.
Effective Vulnerability Scanning: Scans for vulnerabilities in both source code and binary files.
Comprehensive Knowledge Base: Offers expansive information on open-source components.
Policy Management: Enables the creation and enforcement of security and compliance policies.
Binary File Scanning: Capable of scanning binary files for in-depth security checks.
Ease of Use: Demonstrates ease of use, particularly on Mac products.
Stability: Known for its stable performance.
Docker Integration: Smooth integration with Docker for enhanced deployment.
Open-source Evaluation: Excellent evaluation capabilities for open-source software.
License Management: Manages open-source licenses effectively.
Easy Installation: Simple installation process.
Secure Onboarding: Ensures secure application onboarding.
API Availability: Provides APIs for custom integrations.
Community Support: Backed by an active community.
Dependency Tree Visualization: Visualizes dependencies for better management.

What benefits or ROI should users look for in reviews?

Improved Compliance: Helps maintain compliance with legal and regulatory requirements.
Risk Mitigation: Reduces risks associated with open-source vulnerabilities.
Enhanced Security: Strengthens software security by identifying and addressing potential issues early.
Time-saving: Automates many aspects of vulnerability scanning and analysis, saving valuable time.
Cost Efficiency: Detects issues early, potentially saving costs related to compliance breaches and security incidents.
Integration Ease: Seamlessly integrates with existing CI/CD pipelines and DevSecOps practices.
Knowledge Resource: Access to comprehensive information aiding better decision-making.

Black Duck is implemented by industries ranging from finance to healthcare, addressing security and compliance in open-source usage. Financial institutions employ it to manage license risks and ensure audit readiness. Healthcare organizations use it to comply with stringent data protection regulations, ensuring patient data security and privacy. Tech companies integrate Black Duck within CI/CD pipelines to maintain the security and compliance of software products before release. Its deployment varies, tailored to meet the specific risk management and compliance needs dictated by each sector's regulatory environment.

Black Duck

GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster.

It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring.

With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

GitLab

Sample Customers

Samsung, Siemens, ScienceLogic, BryterCX, Dynatrace

1. NASA 2. IBM 3. Sony 4. Alibaba 5. CERN 6. Siemens 7. Volkswagen 8. ING 9. Ticketmaster 10. SpaceX 11. Adobe 12. Intuit 13. Autodesk 14. Rakuten 15. Unity Technologies 16. Pandora 17. Electronic Arts 18. Nordstrom 19. Verizon 20. Comcast 21. Philips 22. Deutsche Telekom 23. Orange 24. Fujitsu 25. Ericsson 26. Nokia 27. General Electric 28. Cisco 29. Accenture 30. Deloitte 31. PwC 32. KPMG

Buyer's Guide

Black Duck vs. GitLab

March 2025

Free Report: Black Duck vs. GitLab

Find out what your peers are saying about Black Duck vs. GitLab and other solutions. Updated: March 2025.

DOWNLOAD NOW

845,485 professionals have used our research since 2012.

See our Black Duck vs. GitLab report.

See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.