# JFrog, Mend.io vs GitLab Comparison | | JFrog | Mend.io | GitLab | |---|---|---|---| | **Star Rating** | 4.2 out of 5 | 4.3 out of 5 | 4.5 out of 5 | | **Total Reviews** | 135 | 112 | 893 | | **Largest Market Segment** | Enterprise (46.9% of reviews) | Small-Business (39.0% of reviews) | Small-Business (36.9% of reviews) | | **Entry Level Price** | Starting at $150.00 Per Month | $300.00 1 Contributing Developer (CDs) Per Year | No pricing available | --- ## Top Pros & Cons ### JFrog Pros: - Features (18 reviews) - Repository Management (14 reviews) Cons: - Complexity (9 reviews) - Expensive (8 reviews) ### Mend.io Pros: - Scanning Efficiency (8 reviews) - Ease of Use (7 reviews) Cons: - Integration Issues (6 reviews) - Limited Features (3 reviews) ### GitLab Pros: - Ease of Use (40 reviews) - Features (39 reviews) Cons: - Complexity (20 reviews) - Difficult Learning (19 reviews) --- ## Ratings Comparison | Rating | JFrog | Mend.io | GitLab | |---|---|---|---| | **Meets Requirements** | 8.6 (93 reviews) | 8.6 (81 reviews) | 9.1 (679 reviews) | | **Ease of Use** | 8.2 (95 reviews) | 8.3 (82 reviews) | 8.7 (683 reviews) | | **Ease of Setup** | 8.3 (61 reviews) | 8.1 (50 reviews) | 8.7 (242 reviews) | | **Ease of Admin** | 8.4 (40 reviews) | 8.2 (50 reviews) | 8.6 (173 reviews) | | **Quality of Support** | 8.3 (81 reviews) | 8.7 (67 reviews) | 8.5 (541 reviews) | | **Has the product been a good partner in doing business?** | 8.5 (39 reviews) | 8.8 (46 reviews) | 8.8 (148 reviews) | | **Product Direction (% positive)** | 8.5 (87 reviews) | 8.6 (75 reviews) | 8.8 (644 reviews) | --- ## Pricing ### JFrog #### Entry-Level Pricing Plan: PRO Price: Starting at $150.00 Per Month Description: Automated Artifact and Container Registry for Individuals & Small teams Key Features: - Universal Binary Repository - Release Lifecycle Management - Unlimited Docker Hub Pulls [Browse all 3 editions](https://www.g2.com/products/jfrog-2024-03-28/pricing) #### Free Trial Yes ### Mend.io #### Entry-Level Pricing Plan: Mend AI Premium Price: $300.00 1 Contributing Developer (CDs) Per Year Description: Secure AI powered applications.
 AI red teaming, prompt hardening & more Key Features: - AI component inventory - AI component risk insights - System Prompt Hardening [Browse all 3 editions](https://www.g2.com/products/mend-io/pricing) #### Free Trial Yes ### GitLab #### Entry-Level Pricing No pricing available #### Free Trial Yes --- ## Features Comparison By Category ### Application Release Orchestration | Product | Score | Reviews | |---|---|---| | **JFrog** | 7.7/10 | 9 | | **Mend.io** | N/A | N/A | | **GitLab** | 8.7/10 | 147 | #### Administration | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Configuration Management** | 7.1 (8 reviews) | Not enough data | 8.7 (125 reviews) | | **Access Control** | 6.9 (8 reviews) | Not enough data | 8.9 (131 reviews) | | **Dashboards** | 7.7 (8 reviews) | Not enough data | 8.6 (125 reviews) | #### Functionality | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Deployment Automation** | 7.5 (8 reviews) | Not enough data | 9.0 (132 reviews) | | **Process Analytics** | 7.5 (8 reviews) | Not enough data | 8.5 (115 reviews) | | **Plugins** | 8.1 (9 reviews) | Not enough data | 8.5 (109 reviews) | | **APIs / Integrations** | 8.5 (9 reviews) | Not enough data | 8.7 (114 reviews) | | **Feature Flags** | Feature Not Available | Not enough data | 8.6 (103 reviews) | #### Processes | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Pipelines** | 8.5 (9 reviews) | Not enough data | 9.1 (135 reviews) | | **Orchestration** | 7.4 (9 reviews) | Not enough data | 9.0 (122 reviews) | | **Workflow Visualization** | 7.3 (8 reviews) | Not enough data | 8.7 (122 reviews) | ### Static Application Security Testing (SAST) | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | 7.3/10 | 15 | | **GitLab** | 9.0/10 | 37 | #### Administration | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **API / Integrations** | Not enough data | 7.6 (7 reviews) | 9.3 (33 reviews) | | **Extensibility** | Not enough data | 7.7 (8 reviews) | 9.0 (29 reviews) | #### Analysis | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Reporting and Analytics** | Not enough data | 7.3 (11 reviews) | 8.8 (28 reviews) | | **Issue Tracking** | Not enough data | 7.6 (11 reviews) | 9.1 (30 reviews) | | **Static Code Analysis** | Not enough data | 8.2 (11 reviews) | 9.2 (28 reviews) | | **Code Analysis** | Not enough data | 7.6 (11 reviews) | 8.9 (28 reviews) | #### Testing | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Command-Line Tools** | Not enough data | 7.2 (10 reviews) | 8.8 (30 reviews) | | **Manual Testing** | Not enough data | Feature Not Available | 8.8 (27 reviews) | | **Test Automation** | Not enough data | 7.2 (9 reviews) | 9.2 (30 reviews) | | **Compliance Testing** | Not enough data | 7.7 (10 reviews) | 8.8 (26 reviews) | | **Black-Box Scanning** | Not enough data | Not enough data | 8.9 (25 reviews) | | **Detection Rate** | Not enough data | 7.4 (9 reviews) | 8.5 (25 reviews) | | **False Positives** | Not enough data | 5.0 (9 reviews) | 8.8 (24 reviews) | #### Agentic AI - Static Application Security Testing (SAST) | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | Not enough data | ### Dynamic Application Security Testing (DAST) | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | 9.0/10 | 27 | #### Administration | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **API / Integrations** | Not enough data | Not enough data | 9.2 (25 reviews) | | **Extensibility** | Not enough data | Not enough data | 8.9 (24 reviews) | #### Analysis | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Reporting and Analytics** | Not enough data | Not enough data | 8.5 (24 reviews) | | **Issue Tracking** | Not enough data | Not enough data | 9.2 (24 reviews) | | **Static Code Analysis** | Not enough data | Not enough data | 8.8 (24 reviews) | | **Vulnerability Scan** | Not enough data | Not enough data | 8.9 (24 reviews) | | **Code Analysis** | Not enough data | Not enough data | 9.0 (24 reviews) | #### Testing | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Manual Testing** | Not enough data | Not enough data | 8.6 (23 reviews) | | **Test Automation** | Not enough data | Not enough data | 9.1 (23 reviews) | | **Compliance Testing** | Not enough data | Not enough data | 8.9 (22 reviews) | | **Black-Box Scanning** | Not enough data | Not enough data | 9.0 (21 reviews) | | **Detection Rate** | Not enough data | Not enough data | 9.0 (20 reviews) | | **False Positives** | Not enough data | Not enough data | 9.1 (21 reviews) | ### Container Security | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | 8.3/10 | 14 | | **GitLab** | N/A | N/A | #### Administration | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Risk Scoring** | Not enough data | 8.3 (7 reviews) | Not enough data | | **Secrets Management** | Not enough data | Feature Not Available | Not enough data | | **Security Auditing** | Not enough data | 9.1 (9 reviews) | Not enough data | | **Configuration Management** | Not enough data | 8.0 (10 reviews) | Not enough data | #### Monitoring | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Continuous Image Assurance** | Not enough data | Feature Not Available | Not enough data | | **Behavior Monitoring** | Not enough data | Feature Not Available | Not enough data | | **Observability** | Not enough data | Feature Not Available | Not enough data | #### Protection | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Dynamic Image Scanning** | Not enough data | 7.9 (8 reviews) | Not enough data | | **Runtime Protection** | Not enough data | Feature Not Available | Not enough data | | **Workload Protection** | Not enough data | Feature Not Available | Not enough data | | **Network Segmentation** | Not enough data | Feature Not Available | Not enough data | ### Cloud Infrastructure Automation | Product | Score | Reviews | |---|---|---| | **JFrog** | 8.7/10 | 5 | | **Mend.io** | N/A | N/A | | **GitLab** | 8.8/10 | 92 | #### Administration | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Administration Console** | 8.7 (5 reviews) | Not enough data | 8.7 (77 reviews) | | **Task Management** | 8.7 (5 reviews) | Not enough data | 8.7 (78 reviews) | | **Dashboards and Visualizations** | 9.0 (5 reviews) | Not enough data | 8.7 (75 reviews) | | **Access Control** | 9.3 (5 reviews) | Not enough data | 8.8 (81 reviews) | #### Automation | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Test Automation** | Not enough data | Not enough data | 8.9 (79 reviews) | | **Intelligent Automation** | Feature Not Available | Not enough data | 8.4 (72 reviews) | | **Release Automation** | 8.7 (5 reviews) | Not enough data | 9.0 (80 reviews) | | **Automated Provisioning** | Feature Not Available | Not enough data | 8.7 (73 reviews) | #### IT Management | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Workflow Management** | Not enough data | Not enough data | 8.7 (75 reviews) | | **Infrastructure Management** | 7.7 (5 reviews) | Not enough data | 8.9 (74 reviews) | | **IT Discovery** | Not enough data | Not enough data | 8.6 (71 reviews) | ### MLOps Platforms | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | N/A | N/A | #### Deployment | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Language Flexibility** | Not enough data | Not enough data | Not enough data | | **Framework Flexibility** | Not enough data | Not enough data | Not enough data | | **Versioning** | Not enough data | Not enough data | Not enough data | | **Ease of Deployment** | Not enough data | Not enough data | Not enough data | | **Scalability** | Not enough data | Not enough data | Not enough data | #### Deployment | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Language Flexibility** | Not enough data | Not enough data | Not enough data | | **Framework Flexibility** | Not enough data | Not enough data | Not enough data | | **Versioning** | Not enough data | Not enough data | Not enough data | | **Ease of Deployment** | Not enough data | Not enough data | Not enough data | | **Scalability** | Not enough data | Not enough data | Not enough data | #### Management | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Cataloging** | Not enough data | Not enough data | Not enough data | | **Monitoring** | Not enough data | Not enough data | Not enough data | | **Governing** | Not enough data | Not enough data | Not enough data | | **Model Registry** | Not enough data | Not enough data | Not enough data | #### Operations | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Metrics** | Not enough data | Not enough data | Not enough data | | **Infrastructure management** | Not enough data | Not enough data | Not enough data | | **Collaboration** | Not enough data | Not enough data | Not enough data | #### Management | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Cataloging** | Not enough data | Not enough data | Not enough data | | **Monitoring** | Not enough data | Not enough data | Not enough data | | **Governing** | Not enough data | Not enough data | Not enough data | #### Generative AI | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **AI Text Generation** | Not enough data | Not enough data | Not enough data | | **AI Text Summarization** | Not enough data | Not enough data | Not enough data | ### Vulnerability Scanner | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | N/A | N/A | #### Performance | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Issue Tracking** | Not enough data | Not enough data | Not enough data | | **Detection Rate** | Not enough data | Not enough data | Not enough data | | **False Positives** | Not enough data | Not enough data | Not enough data | | **Automated Scans** | Not enough data | Not enough data | Not enough data | #### Network | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Compliance Testing** | Not enough data | Not enough data | Not enough data | | **Perimeter Scanning** | Not enough data | Feature Not Available | Not enough data | | **Configuration Monitoring** | Not enough data | Not enough data | Not enough data | #### Application | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Manual Application Testing** | Not enough data | Feature Not Available | Not enough data | | **Static Code Analysis** | Not enough data | Not enough data | Not enough data | | **Black Box Testing** | Not enough data | Not enough data | Not enough data | #### Agentic AI - Vulnerability Scanner | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | Not enough data | | **Proactive Assistance** | Not enough data | Not enough data | Not enough data | ### Continuous Delivery | Product | Score | Reviews | |---|---|---| | **JFrog** | 8.3/10 | 14 | | **Mend.io** | N/A | N/A | | **GitLab** | 8.3/10 | 249 | #### Functionality | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Deployment-Ready Staging** | 8.5 (12 reviews) | Not enough data | 8.8 (218 reviews) | | **Integration** | 8.3 (11 reviews) | Not enough data | 9.0 (223 reviews) | | **Extensible** | 8.6 (11 reviews) | Not enough data | 8.7 (204 reviews) | #### Management | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Processes and Workflow** | 8.7 (13 reviews) | Not enough data | 8.8 (207 reviews) | | **Reporting** | 7.4 (9 reviews) | Not enough data | 8.3 (194 reviews) | | **Automation** | 8.2 (12 reviews) | Not enough data | 8.9 (216 reviews) | #### Agentic AI - Continuous Delivery | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | 8.0 (9 reviews) | | **Cross-system Integration** | Not enough data | Not enough data | 8.3 (11 reviews) | | **Adaptive Learning** | Not enough data | Not enough data | 7.5 (10 reviews) | | **Natural Language Interaction** | Not enough data | Not enough data | 7.5 (10 reviews) | | **Proactive Assistance** | Not enough data | Not enough data | 7.2 (9 reviews) | ### Repository Management | Product | Score | Reviews | |---|---|---| | **JFrog** | 6.7/10 | 13 | | **Mend.io** | N/A | N/A | | **GitLab** | N/A | N/A | #### Functionality | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Package Management** | 7.2 (10 reviews) | Not enough data | Not enough data | | **Integration** | 6.7 (9 reviews) | Not enough data | Not enough data | | **Code Analysis** | 5.9 (9 reviews) | Not enough data | Not enough data | | **Vulnerability Checks** | 6.7 (8 reviews) | Not enough data | Not enough data | #### Management | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Package Access Control** | 8.3 (11 reviews) | Not enough data | Not enough data | | **Package Tracking** | 7.1 (8 reviews) | Not enough data | Not enough data | | **Automation** | 4.7 (6 reviews) | Not enough data | Not enough data | | **Rollback** | 6.7 (9 reviews) | Not enough data | Not enough data | ### Bug Tracking | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | 8.5/10 | 169 | #### Bug Reporting | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **User Reports & Feedback** | Not enough data | Not enough data | 8.6 (139 reviews) | | **Tester Reports & Feedback** | Not enough data | Not enough data | 8.5 (134 reviews) | | **Team Reports & Comments** | Not enough data | Not enough data | 8.6 (142 reviews) | #### Bug Monitoring | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Analytics** | Not enough data | Not enough data | 8.5 (139 reviews) | | **Bug History** | Not enough data | Not enough data | 8.8 (147 reviews) | | **Data Retention** | Not enough data | Not enough data | 8.8 (136 reviews) | #### Agentic AI - Bug Tracking | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Adaptive Learning** | Not enough data | Not enough data | 8.3 (9 reviews) | | **Natural Language Interaction** | Not enough data | Not enough data | 8.1 (9 reviews) | | **Proactive Assistance** | Not enough data | Not enough data | 8.3 (8 reviews) | ### Software Composition Analysis | Product | Score | Reviews | |---|---|---| | **JFrog** | 9.3/10 | 5 | | **Mend.io** | 8.5/10 | 53 | | **GitLab** | 8.9/10 | 78 | #### Functionality - Software Composition Analysis | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Language Support** | Not enough data | 8.5 (45 reviews) | 8.7 (66 reviews) | | **Integration** | Not enough data | 8.5 (47 reviews) | 8.8 (72 reviews) | | **Transparency** | Not enough data | 8.6 (44 reviews) | 8.7 (67 reviews) | #### Effectiveness - Software Composition Analysis | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Remediation Suggestions** | Not enough data | 8.2 (45 reviews) | 8.8 (64 reviews) | | **Continuous Monitoring** | 9.3 (5 reviews) | 8.8 (44 reviews) | 9.0 (64 reviews) | | **Thorough Detection** | Not enough data | 8.6 (45 reviews) | 9.0 (62 reviews) | ### IoT Device Management Platforms | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | N/A | N/A | #### Device Recognition | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Device Discovery** | Not enough data | Not enough data | Not enough data | | **Device Types** | Not enough data | Not enough data | Not enough data | | **Dashboard** | Not enough data | Not enough data | Not enough data | #### Monitoring | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Device Status** | Not enough data | Not enough data | Not enough data | | **Alerts & Notifications** | Not enough data | Not enough data | Not enough data | | **Analytics** | Not enough data | Not enough data | Not enough data | #### Provisioning | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Remote Configuration** | Not enough data | Not enough data | Not enough data | | **Event Triggering** | Not enough data | Not enough data | Not enough data | | **Device Diagnostics & Repair** | Not enough data | Not enough data | Not enough data | | **Firmware Updates** | Not enough data | Not enough data | Not enough data | ### DevOps Platforms | Product | Score | Reviews | |---|---|---| | **JFrog** | 7.7/10 | 26 | | **Mend.io** | N/A | N/A | | **GitLab** | 8.8/10 | 182 | #### Management | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Configuration Management** | 8.0 (18 reviews) | Not enough data | 8.8 (150 reviews) | | **Access Control** | 7.1 (13 reviews) | Not enough data | 8.8 (152 reviews) | | **Orchestration** | 7.9 (13 reviews) | Not enough data | 8.5 (139 reviews) | #### Functionality | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Automation** | 7.9 (18 reviews) | Not enough data | 8.8 (158 reviews) | | **Integrations** | 7.7 (16 reviews) | Not enough data | 8.8 (156 reviews) | | **Extensibility** | 6.2 (10 reviews) | Not enough data | 8.6 (141 reviews) | #### Processes | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Pipeline Control** | 8.6 (14 reviews) | Not enough data | 9.0 (162 reviews) | | **Workflow Visualization** | 7.0 (10 reviews) | Not enough data | 8.5 (144 reviews) | | **Continuous Deployment** | 8.9 (18 reviews) | Not enough data | 9.0 (162 reviews) | ### Continuous Integration | Product | Score | Reviews | |---|---|---| | **JFrog** | 7.7/10 | 11 | | **Mend.io** | N/A | N/A | | **GitLab** | 8.1/10 | 249 | #### Functionality | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Integrations** | 8.0 (10 reviews) | Not enough data | 8.9 (229 reviews) ✓ Verified | | **Extensibility** | 8.0 (10 reviews) | Not enough data | 8.6 (210 reviews) ✓ Verified | | **Test Customization** | 7.8 (9 reviews) | Not enough data | 8.4 (204 reviews) ✓ Verified | #### Management | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Automation** | 7.5 (10 reviews) | Not enough data | 8.9 (219 reviews) ✓ Verified | | **Processes and Workflow** | 7.8 (10 reviews) | Not enough data | 8.8 (217 reviews) ✓ Verified | | **Reporting** | 6.9 (9 reviews) | Not enough data | 8.4 (199 reviews) ✓ Verified | #### Agentic AI - Continuous Integration | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | 7.5 (12 reviews) | | **Cross-system Integration** | Not enough data | Not enough data | 7.8 (13 reviews) | | **Adaptive Learning** | Not enough data | Not enough data | 7.4 (11 reviews) | | **Natural Language Interaction** | Not enough data | Not enough data | 7.1 (11 reviews) | | **Proactive Assistance** | Not enough data | Not enough data | 7.6 (11 reviews) | ### Secure Code Review | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | 8.5/10 | 133 | #### Documentation | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Feedback** | Not enough data | Not enough data | 8.8 (117 reviews) | | **Prioritization** | Not enough data | Not enough data | 8.6 (112 reviews) | | **Remediation Suggestions** | Not enough data | Not enough data | 8.4 (112 reviews) | #### Security | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **False Positives** | Not enough data | Not enough data | 8.0 (101 reviews) | | **Custom Compliance** | Not enough data | Not enough data | 8.4 (101 reviews) | | **Agility** | Not enough data | Not enough data | 9.0 (110 reviews) | ### AI Code Generation | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | N/A | N/A | #### Functionality | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Accuracy** | Not enough data | Not enough data | Not enough data | | **Input processing** | Not enough data | Not enough data | Not enough data | | **Interface** | Not enough data | Not enough data | Not enough data | | **Code quality** | Not enough data | Not enough data | Not enough data | #### Support | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Community** | Not enough data | Not enough data | Not enough data | | **Update schedule** | Not enough data | Not enough data | Not enough data | | **Documentation** | Not enough data | Not enough data | Not enough data | #### Agentic AI - AI Code Generation | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Cross-system Integration** | Not enough data | Not enough data | Not enough data | | **Adaptive Learning** | Not enough data | Not enough data | Not enough data | | **Natural Language Interaction** | Not enough data | Not enough data | Not enough data | | **Proactive Assistance** | Not enough data | Not enough data | Not enough data | | **Decision Making** | Not enough data | Not enough data | Not enough data | ### Software Supply Chain Security Tools | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | N/A | N/A | #### Security | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Tampering** | Not enough data | Feature Not Available | Not enough data | | **Malicious Code** | Not enough data | Not enough data | Not enough data | | **Verification** | Not enough data | Feature Not Available | Not enough data | | **Security Risks** | Not enough data | Not enough data | Not enough data | #### Tracking | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Bill of Materials** | Not enough data | Not enough data | Not enough data | | **Audit Trails** | Not enough data | Not enough data | Not enough data | | **Monitoring** | Not enough data | Not enough data | Not enough data | ### Application Security Posture Management (ASPM) | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | N/A | N/A | #### Risk management - Application Security Posture Management (ASPM) | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Vulnerability Management** | Not enough data | Not enough data | Not enough data | | **Risk Assessment and Prioritization** | Not enough data | Not enough data | Not enough data | | **Compliance Management** | Not enough data | Not enough data | Not enough data | | **Policy Enforcement** | Not enough data | Not enough data | Not enough data | #### Integration and efficiency - Application Security Posture Management (ASPM) | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Integration with Development Tools** | Not enough data | Not enough data | Not enough data | | **Automation and Efficiency** | Not enough data | Not enough data | Not enough data | #### Reporting and Analytics - Application Security Posture Management (ASPM) | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Trend Analysis** | Not enough data | Not enough data | Not enough data | | **Risk Scoring** | Not enough data | Not enough data | Not enough data | | **Customizable Dashboards** | Not enough data | Not enough data | Not enough data | #### Agentic AI - Application Security Posture Management (ASPM) | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | Not enough data | | **Multi-step Planning** | Not enough data | Not enough data | Not enough data | ### Software Bill of Materials (SBOM) | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | N/A | N/A | #### Functionality - Software Bill of Materials (SBOM) | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Format Support** | Not enough data | Not enough data | Not enough data | | **Annotations** | Not enough data | Not enough data | Not enough data | | **Attestation** | Not enough data | Not enough data | Not enough data | #### Management - Software Bill of Materials (SBOM) | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Monitoring** | Not enough data | Not enough data | Not enough data | | **Dashboards** | Not enough data | Not enough data | Not enough data | | **User Provisioning** | Not enough data | Not enough data | Not enough data | ### Static Code Analysis | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | N/A | N/A | #### Agentic AI - Static Code Analysis | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Adaptive Learning** | Not enough data | Not enough data | Not enough data | | **Natural Language Interaction** | Not enough data | Not enough data | Not enough data | | **Proactive Assistance** | Not enough data | Not enough data | Not enough data | ### AI Security Solutions | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | N/A | N/A | #### Model Protection - AI Security Solutions | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Input Hardening** | Not enough data | Feature Not Available | Not enough data | | **Input/Output Inspection** | Not enough data | Feature Not Available | Not enough data | | **Integrity Monitoring** | Not enough data | Feature Not Available | Not enough data | | **Model Access Control** | Not enough data | Feature Not Available | Not enough data | #### Runtime Monitoring - AI Security Solutions | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **AI Behavior Anomaly Detection** | Not enough data | Feature Not Available | Not enough data | | **Audit Trail** | Not enough data | Feature Not Available | Not enough data | #### Policy Enforcement and Compliance - AI Security Solutions | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Scalable Governance** | Not enough data | Not enough data | Not enough data | | **Integrations** | Not enough data | Feature Not Available | Not enough data | | **Shadow AI** | Not enough data | Not enough data | Not enough data | | **Policy‑as‑Code for AI Assets** | Not enough data | Not enough data | Not enough data | ### Cloud Security | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | N/A | N/A | #### Cloud Visibility | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Data Discovery** | Not enough data | Not enough data | Not enough data | | **Cloud Registry** | Not enough data | Not enough data | Not enough data | | **Cloud Gap Analytics** | Not enough data | Not enough data | Not enough data | #### Security | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Data Security** | Not enough data | Not enough data | Not enough data | | **Data loss Prevention** | Not enough data | Not enough data | Not enough data | | **Security Auditing** | Not enough data | Not enough data | Not enough data | #### Identity | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **SSO** | Not enough data | Not enough data | Not enough data | | **Governance** | Not enough data | Not enough data | Not enough data | | **User Analytics** | Not enough data | Not enough data | Not enough data | ### Value Stream Management | Product | Score | Reviews | |---|---|---| | **JFrog** | N/A | N/A | | **Mend.io** | N/A | N/A | | **GitLab** | 8.8/10 | 49 | #### Value Analysis | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Metric Relevance** | Not enough data | Not enough data | 8.9 (40 reviews) | | **Insight** | Not enough data | Not enough data | 8.7 (41 reviews) | | **Impact Predictions** | Not enough data | Not enough data | 8.6 (36 reviews) | | **Report Generation** | Not enough data | Not enough data | 8.9 (38 reviews) | #### Value Management | Feature | JFrog | Mend.io | GitLab | |---|---|---|---| | **Planning Tools** | Not enough data | Not enough data | 9.0 (39 reviews) | | **Communication Tools** | Not enough data | Not enough data | 8.7 (42 reviews) | | **Control** | Not enough data | Not enough data | 8.9 (40 reviews) | --- ## Categories **Shared Categories (2):** [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis), [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) **Unique to JFrog (12):** [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom), [DevOps Platforms](https://www.g2.com/categories/devops-platforms), [Repository Management Software](https://www.g2.com/categories/repository-management), [MLOps Platforms](https://www.g2.com/categories/mlops-platforms), [IoT Device Management Platforms](https://www.g2.com/categories/iot-device-management-platforms), [Cloud Infrastructure Automation Software](https://www.g2.com/categories/cloud-infrastructure-automation), [Application Release Orchestration (ARO) Tools](https://www.g2.com/categories/application-release-orchestration), [Container Registry Software](https://www.g2.com/categories/container-registry), [Version Control Hosting Software](https://www.g2.com/categories/version-control-hosting), [Continuous Delivery Tools](https://www.g2.com/categories/continuous-delivery-tools), [Continuous Integration Tools](https://www.g2.com/categories/continuous-integration), [Software Supply Chain Security Solutions](https://www.g2.com/categories/software-supply-chain-security-tools) **Unique to Mend.io (7):** [AI Security Solutions Software](https://www.g2.com/categories/ai-security-solutions), [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis), [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner), [Software Supply Chain Security Solutions](https://www.g2.com/categories/software-supply-chain-security-tools), [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom), [Application Security Posture Management (ASPM) Software](https://www.g2.com/categories/application-security-posture-management-aspm), [Container Security Tools](https://www.g2.com/categories/container-security-tools) **Unique to GitLab (12):** [Secure Code Review Software](https://www.g2.com/categories/secure-code-review), [DevOps Platforms](https://www.g2.com/categories/devops-platforms), [Value Stream Management Software](https://www.g2.com/categories/value-stream-management), [Cloud Infrastructure Automation Software](https://www.g2.com/categories/cloud-infrastructure-automation), [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast), [Application Release Orchestration (ARO) Tools](https://www.g2.com/categories/application-release-orchestration), [Version Control Hosting Software](https://www.g2.com/categories/version-control-hosting), [Peer Code Review Software](https://www.g2.com/categories/peer-code-review), [Continuous Delivery Tools](https://www.g2.com/categories/continuous-delivery-tools), [Bug Tracking Software](https://www.g2.com/categories/bug-tracking), [Continuous Integration Tools](https://www.g2.com/categories/continuous-integration), [AI Code Generation Software](https://www.g2.com/categories/ai-code-generation) --- ## Reviewer Demographics ### By Company Size | Segment | JFrog | Mend.io | GitLab | |---|---|---|---| | **Small-Business** | 23.8% | 39.0% | 36.9% | | **Mid-Market** | 29.2% | 34.3% | 36.5% | | **Enterprise** | 46.9% | 26.7% | 26.6% | ### By Industry #### JFrog - **Information Technology and Services:** 31.0% - **Computer Software:** 13.8% - **Financial Services:** 8.6% - **Computer & Network Security:** 6.0% - **Banking:** 3.4% - **Automotive:** 2.6% - **Hospital & Health Care:** 2.6% - **Insurance:** 2.6% - **Internet:** 2.6% - **Accounting:** 1.7% - **Other:** 25.0% #### Mend.io - **Computer Software:** 33.3% - **Information Technology and Services:** 14.3% - **Financial Services:** 6.7% - **Telecommunications:** 4.8% - **Computer & Network Security:** 4.8% - **Automotive:** 2.9% - **Education Management:** 1.9% - **Computer Games:** 1.9% - **Commercial Real Estate:** 1.9% - **Banking:** 1.9% - **Other:** 25.7% #### GitLab - **Computer Software:** 33.4% - **Information Technology and Services:** 24.4% - **Internet:** 3.9% - **Financial Services:** 3.4% - **Telecommunications:** 2.4% - **Computer & Network Security:** 2.2% - **Marketing and Advertising:** 1.9% - **Banking:** 1.8% - **Retail:** 1.8% - **Program Development:** 1.6% - **Other:** 23.1% --- ## Alternatives ### Alternatives to JFrog - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2363 reviews) - [Jenkins](https://www.g2.com/products/jenkins/reviews) — 4.4/5 stars (567 reviews) - [Red Hat Ansible Automation Platform](https://www.g2.com/products/red-hat-ansible-automation-platform/reviews) — 4.6/5 stars (377 reviews) - [CloudBees](https://www.g2.com/products/cloudbees/reviews) — 4.4/5 stars (621 reviews) - [CircleCI](https://www.g2.com/products/circleci/reviews) — 4.4/5 stars (509 reviews) - [Azure Pipelines](https://www.g2.com/products/azure-pipelines/reviews) — 4.3/5 stars (375 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (795 reviews) - [Bitbucket](https://www.g2.com/products/bitbucket/reviews) — 4.4/5 stars (1011 reviews) - [Harness Platform](https://www.g2.com/products/harness-platform/reviews) — 4.6/5 stars (281 reviews) - [Databricks](https://www.g2.com/products/databricks/reviews) — 4.6/5 stars (802 reviews) ### Alternatives to Mend.io - [Snyk](https://www.g2.com/products/snyk/reviews) — 4.5/5 stars (132 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (26 reviews) - [SonarQube](https://www.g2.com/products/sonarqube/reviews) — 4.4/5 stars (141 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2363 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (795 reviews) - [FortiCNAPP](https://www.g2.com/products/forticnapp/reviews) — 4.4/5 stars (386 reviews) - [Red Hat Ansible Automation Platform](https://www.g2.com/products/red-hat-ansible-automation-platform/reviews) — 4.6/5 stars (377 reviews) - [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) — 4.5/5 stars (302 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (310 reviews) - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) — 4.2/5 stars (40 reviews) ### Alternatives to GitLab - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2363 reviews) - [CloudBees](https://www.g2.com/products/cloudbees/reviews) — 4.4/5 stars (621 reviews) - [Red Hat Ansible Automation Platform](https://www.g2.com/products/red-hat-ansible-automation-platform/reviews) — 4.6/5 stars (377 reviews) - [Harness Platform](https://www.g2.com/products/harness-platform/reviews) — 4.6/5 stars (281 reviews) - [Jenkins](https://www.g2.com/products/jenkins/reviews) — 4.4/5 stars (567 reviews) - [CircleCI](https://www.g2.com/products/circleci/reviews) — 4.4/5 stars (509 reviews) - [Azure Pipelines](https://www.g2.com/products/azure-pipelines/reviews) — 4.3/5 stars (375 reviews) - [Copado DevOps](https://www.g2.com/products/copado-devops/reviews) — 4.4/5 stars (329 reviews) - [Azure DevOps Server](https://www.g2.com/products/azure-devops-server/reviews) — 4.2/5 stars (198 reviews) - [Bitbucket](https://www.g2.com/products/bitbucket/reviews) — 4.4/5 stars (1011 reviews) --- ## Top Discussions ### JFrog No discussions available for this product. ### Mend.io - Title: [Does the above pricing include all vulnerabilities sources?](https://www.g2.com/discussions/do-you-offer-an-on-premise-option) — 1 comment, 1 upvote *(includes official response)* > **Top comment:** "Yes. WhiteSource offering includes the full extent of our database, which supports over 200 programming languages. We aggregate vulnerabilities from the NVD,..." - Title: [What languages and platforms does your solution support?](https://www.g2.com/discussions/is-my-code-secure-with-your-cloud-based-service) — 1 comment, 1 upvote *(includes official response)* > **Top comment:** "WhiteSource supports more than 20 programming languages like Java, C++, .NET, PHP, python and more." - Title: [Why are you pricing per contributing developers?](https://www.g2.com/discussions/i-can-t-find-a-plugin-for-my-build-tool-server-does-that-mean-you-cannot-support) — 1 comment, 1 upvote *(includes official response)* > **Top comment:** "WhiteSource automates and manages open source components throughout the Software Development Life Cycle (SDLC). Therefore, pricing based on the number of..." - Title: [Do you offer an on-premise option?](https://www.g2.com/discussions/does-whitesource-work-with-all-languages-and-build-tools) — 1 comment, 1 upvote *(includes official response)* > **Top comment:** "WhiteSource is a cloud-based service, but we also offer an on-premise option, if necessary. It’s important to emphasize that we do not scan your code. We..." - Title: [What is a contributing developer?](https://www.g2.com/discussions/3104-how-does-whitesource-work) — 1 comment, 1 upvote *(includes official response)* > **Top comment:** "“Contributing Developer” means any employee or contractor who at any point (1) accesses or uses the WhiteSource product; (2) develops the code to be scanned..." ### GitLab - Title: [Is GitLab paid?](https://www.g2.com/discussions/is-gitlab-paid) — 5 comments, 2 upvotes > **Top comment:** "Yes, Gitlab is paid as it provides the flexibility to use all the features of the GitHub and Git as well as the freedom to use your own DataBase so that you..." - Title: [Is GitLab free software?](https://www.g2.com/discussions/is-gitlab-free-software) — 4 comments, 1 upvote > **Top comment:** "Yes most of the functinalities are" - Title: [What is GitLab used for?](https://www.g2.com/discussions/what-is-gitlab-used-for) — 2 comments > **Top comment:** "It is an alternative to GitHub or BitBucket, it handles code versioning and also deployments among other things" - Title: [What can GitLab do?](https://www.g2.com/discussions/what-can-gitlab-do) — 2 comments > **Top comment:** "Gitlab can keep your source on cloud, It can run continuous deployment, continuous integration pipelines, It can even track issues." - Title: [Why does GitLab Server goes down?](https://www.g2.com/discussions/why-does-gitlab-server-goes-down) — 2 comments, 1 upvote > **Top comment:** "-We determine if the GitLab server is returning an error message that indicates some sort of problem. These types of errors generally mean that a visitor --..." --- **Source:** [G2.com](https://www.g2.com) | [Comparison Page](https://www.g2.com/compare/jfrog-2024-03-28-vs-mend-io-vs-gitlab)