GoCD, from ThoughtWorks in Chicago, is an application lifecycle management and development tool.
N/A
Tenable Vulnerability Management
Score 9.3 out of 10
N/A
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable Web App Scanning (formerly Tenable.io), a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicating a vulnerability.
N/A
Pricing
GoCD
Tenable Vulnerability Management
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
GoCD
Tenable Vulnerability Management
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
GoCD
Tenable Vulnerability Management
Features
GoCD
Tenable Vulnerability Management
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
GoCD
-
Ratings
Tenable Vulnerability Management
8.4
2 Ratings
4% above category average
Network Analytics
00 Ratings
10.02 Ratings
Threat Recognition
00 Ratings
10.02 Ratings
Vulnerability Classification
00 Ratings
10.02 Ratings
Automated Alerts and Reporting
00 Ratings
4.02 Ratings
Threat Analysis
00 Ratings
10.02 Ratings
Threat Intelligence Reporting
00 Ratings
5.02 Ratings
Automated Threat Identification
00 Ratings
10.02 Ratings
Vulnerability Management Tools
Comparison of Vulnerability Management Tools features of Product A and Product B
Previously, our team used Jenkins. However, since it's a shared deployment resource we don't have admin access. We tried GoCD as it's open source and we really like. We set up our deployment pipeline to run whenever codes are merged to master, run the unit test and revert back if it doesn't pass. Once it's deployed to the staging environment, we can simply do 1-click to deploy the appropriate version to production. We use this to deploy to an on-prem server and also AWS. Some deployment pipelines use custom Powershell script for.Net application, some others use Bash script to execute the docker push and cloud formation template to build elastic beanstalk.
I've been using this product since it began as an open source product, I really like it and for the money, I think it's probably the best choice for most companies who need a product like this. Over the years I've seen the interface change quite a bit and sometimes I think it's a bit unclear how to do certain things and the different packages can be confusing, these are the only reasons I'm giving it a 9 instead of a 10.
Pipeline-as-Code works really well. All our pipelines are defined in yml files, which are checked into SCM.
The ability to link multiple pipelines together is really cool. Later pipelines can declare a dependency to pick up the build artifacts of earlier ones.
Agents definition is really great. We can define multiple different kinds of environments to best suit our diverse build systems.
Expensive - You do pay a slight premium for the best product in the space.
Asset management is difficult to work with if you have a lot of asset turnover, the license can be ''held'' for 3-6 months after the asset is gone from your environment.
Support is usually really great at walking you through any steps you need to take when you get stuck on something. There are a few false positives and errors that have come up over the years that required their help to get through. Unfortunately, the steps required to diagnose some problems are more tedious than I think should be necessary. (IE: SQL instances can throw errors that clog up your logs because one plugin affects it in a certain way. The process to diagnose this is to watch timestamps of plugins in a log while monitoring the SQL logs at the same time and using your best guess as to what is causing it.)
GoCD is easier to setup, but harder to customize at runtime. There's no way to trigger a pipeline with custom parameters.
Jenkins is more flexible at runtime. You can define multiple user-provided parameters so when user needs to trigger a build, there's a form for him/her to input the parameters.
Tenable.io has a comparable set of features, with excellent support and a competitive price. After less than desirable experiences with another company, we moved to Tenable and haven't looked back since.
Settings.xml need to be backed up periodically. It contains all the settings for your pipelines! We accidentally deleted before and we have to restore and re-create several missing pipelines
More straight forward use of API and allows filtering e.g., pull all pipelines triggered after this date
Since this is a requirement for our PCI compliance and the cost is relatively low, the ROI isn't really something we need to think too much about, Tenable's pricing is fair and affordable.
