Black Duck and GitLab are key players in software development security and management. GitLab is favored for its extensive feature set, while Black Duck is notable for its effective support.
Features: Black Duck offers comprehensive open source vulnerability scanning, detailed risk reporting, and license compliance management. GitLab provides a robust CI/CD pipeline, efficient version control, and comprehensive DevOps tools.
Room for Improvement: Black Duck could enhance its user interface and streamline integration with newer platforms. More frequent updates and enhanced automation capabilities are desirable. GitLab may improve its documentation for beginners and could expand its feature set for more advanced uses. There may also be a need to enhance the freemium tier features.
Ease of Deployment and Customer Service: Black Duck offers seamless integration with existing workflows and effective customer support. GitLab's straightforward deployment capitalizes on its unified platform, providing intuitive tools for collaboration and development.
Pricing and ROI: Black Duck's pricing is competitive with effective returns in security management. GitLab, while having a higher initial investment, offers substantial ROI through enhanced development productivity and long-term value.
If you're using it on critical external programs where there is regulatory compliance on ensuring that the source code is clean from open-source, there's substantial ROI.
Migrating to GitLab is bringing time-saving benefits, and everything is easier to automate.
We have saved time significantly, reducing deployment time from four hours to five minutes per deployment.
There are some pain points with the response time and first-level support quality.
We have rarely needed to escalate issues to technical support since GitLab usually runs seamlessly.
I have interacted with architects for some advice during the implementation, and they were prompt in their response.
I have had meetings where they taught me, explained things, and provided guidance for starting from scratch.
I would rate the scalability of Black Duck 8 or 9.
It has all the features required for our coding and deployment needs, which makes it scalable to our changing requirements.
We're transitioning to OpenShift for future scalability with increased user numbers.
For scaling, other deployment options from GitLab's side need to be adopted.
I have not encountered any performance or stability issues with GitLab so far.
The updates are frequent and demanding, happening at least once a week due to security reasons.
It can improve on the security side of it, specifically vulnerabilities identification.
There are areas for improvement such as false positives and the scanning of containers.
Black Duck does not have the SBOM management part.
It would be beneficial to have a user-friendly interface for setting up these configurations, instead of just writing YAML files.
It is essential to conduct proper testing, such as unit tests and code coverage, within the SDLC pipelines.
GitLab can improve its user interface to make conflict resolution more user-friendly.
Even when working in other small organizations, we opted for GitLab as it was cost-efficient.
The pricing of GitLab is reasonable, aligning with what I consider to be average compared to competitors.
The price is high, and it limits user accessibility.
The most valuable feature of Black Duck is the composition analysis feature, which is effective for security risk management.
Black Duck's ability to identify dependencies very accurately has been most valuable in identifying and mitigating risks.
The software composition analysis is most effective for security risk management.
As we implement automated testing and DevSecOps, it speeds up the process by forty to sixty percent.
The Ultimate version offers enhanced features for security scanning through DAST and SAST analysis, which have greatly benefitted our project workflow.
By integrating GitLab as a DevOps platform, we have enhanced agility, improved our time to market, and different teams can work collaboratively on various projects.
Organizations use Black Duck for compliance, internal audits, license management, and security, scanning software to identify vulnerabilities, non-compliant code, and dependencies in open-source projects.
Black Duck integrates into CI/CD pipelines and DevSecOps processes, helping multiple industries detect and handle risks associated with open-source usage. Users leverage it for source and binary analysis to ensure security and compliance before software release. Automatic component analysis, effective vulnerability scanning, and a comprehensive knowledge base are some of its valuable features. Despite needing improvements in scanning speed, UI, and documentation, Black Duck remains crucial for ensuring open-source security and compliance.
What are Black Duck's most important features?
What benefits or ROI should users look for in reviews?
Black Duck is implemented by industries ranging from finance to healthcare, addressing security and compliance in open-source usage. Financial institutions employ it to manage license risks and ensure audit readiness. Healthcare organizations use it to comply with stringent data protection regulations, ensuring patient data security and privacy. Tech companies integrate Black Duck within CI/CD pipelines to maintain the security and compliance of software products before release. Its deployment varies, tailored to meet the specific risk management and compliance needs dictated by each sector's regulatory environment.
GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster.
It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring.
With GitLab, teams can streamline their workflows, automate processes, and improve productivity.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
