Checkmarx One vs GitGuardian Public Monitoring comparison

Checkmarx and GitGuardian are both solutions in the Application Security Tools category. Checkmarx is ranked #3 with an average rating of 7.9, while GitGuardian is ranked #24 with an average rating of 9.0. Checkmarx holds a 12.5% mindshare in AS, compared to GitGuardian’s 0.1% mindshare. Additionally, 86% of Checkmarx users are willing to recommend the solution, compared to 100% of GitGuardian users who would recommend it.

Checkmarx One

Read 70 Checkmarx One reviews

26,051 Views
16,857 Comparison Views

86% willing to recommend

GitGuardian Public Monitoring

Read 2 GitGuardian Public Monitoring reviews

219 Views
101 Comparison Views

100% willing to recommend

Checkmarx One

GitGuardian Public Monitoring

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Checkmarx One and GitGuardian Public Monitoring compete in the security software market. Checkmarx One seems to have an edge due to strong user reviews on pricing and support, while GitGuardian's advanced features justify its cost for many.

Features: Checkmarx One offers extensive code scanning, integration across varied platforms, and comprehensive application security coverage. GitGuardian provides specialized secret detection, real-time alerting, and precision monitoring, which are highly valued by users focused on immediate threat detection.

Room for Improvement: Checkmarx One could enhance user training resources, expand language support, and improve user-friendliness. GitGuardian could enhance analytics and reporting for better insights and address feedback on these areas to maximize utility.

Ease of Deployment and Customer Service: Checkmarx One offers flexible deployment but requires initial configuration effort, praised for responsive support. GitGuardian provides a seamless deployment experience with straightforward configuration, helpful customer service beneficial if response times are faster.

Pricing and ROI: Checkmarx One is favored for reasonable pricing and strong ROI though setup costs can be high. GitGuardian's higher price is justified by advanced features delivering significant ROI for users needing high-security monitoring.

To learn more, read our detailed Checkmarx One vs. GitGuardian Public Monitoring Report (Updated: December 2024).

Buyer's Guide

Checkmarx One vs. GitGuardian Public Monitoring

December 2024

Download the complete report

Helped 824,053 peers since 2012

Categories and Ranking

Checkmarx One

Ranking in Application Security Tools

3rd

Ranking in Static Application Security Testing (SAST)

3rd

Average Rating

7.6

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Vulnerability Management (20th), Static Code Analysis (2nd), API Security (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (6th)

GitGuardian Public Monitoring

Ranking in Application Security Tools

24th

Ranking in Static Application Security Testing (SAST)

20th

Average Rating

9.0

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Data Loss Prevention (DLP) (22nd), Threat Intelligence Platforms (18th)

Mindshare comparison

As of December 2024, in the Application Security Tools category, the mindshare of Checkmarx One is 12.5%, down from 15.2% compared to the previous year. The mindshare of GitGuardian Public Monitoring is 0.1%, down from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Featured Reviews

Rohit Kesharwani

Manager, Engineering at 7-Eleven.

Provides good security analysis and security identification within the source code

We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.

Read full review

Theo Cusnir

Application Security Engineer at PayFit

Detects and alerts us about leaks quickly, and enables us to filter and prioritize occurrences

One thing I really like about it is the fact that we can add search words or specific payloads inside the tool, and GitGuardian will look into GitHub and alert us if any of these words is found in a repository. For example, if I put "Payfit" in the tool, I will be alerted every time someone is committing with that word in the code. It's really useful for internal domain names, to detect if someone is leaking internal code. With this capability in the tool, we have good surveillance over our potential blind spots. It can detect a leak in 10 minutes. We had an experience with one of our engineers who had leaked a secret, and 10 minutes afterward we had a warning from GitGuardian about the leak. It's very effective. We looked at the commit date and the current date with hours and minutes and we could see that the commit had been made 10 minutes ago. As a result, we are sure it is pretty fast. Another feature, one that helps prioritize remediation, is that you can filter the findings by criticality. That definitely helps us to prioritize which secrets we should rotate and delete.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We use the solution for dynamic application testing."

"The most valuable features of Checkmarx are the automation and information that it provides in the reports."

"The setup is fairly easy. We didn't struggle with the process at all."

"The UI is user-friendly."

"It shows in-depth code of where actual vulnerabilities are."

"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."

"The UI is very intuitive and simple to use."

"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."

More Checkmarx One pros

"The Explore function is valuable for finding specific things I'm looking for."

"One thing I really like about it is the fact that we can add search words or specific payloads inside the tool, and GitGuardian will look into GitHub and alert us if any of these words is found in a repository... With this capability in the tool, we have good surveillance over our potential blind spots."

Cons

"We have received some feedback from our customers who are receiving a large number of false positives."

"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."

"The Dynamic Application Security Testing (DAST) feature should be better."

"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."

"Its user interface could be improved and made more friendly."

"The reports are good, but they still need to be improved considering what the UI offers."

"We can run only one project at a time."

"I would like to see the tool’s pricing improved."

More Checkmarx One cons

"I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems like a compelling approach to lure and identify attackers."

"I would like to see improvement in some of the user interface features... When one secret is leaked in multiple files or multiple repositories, it will appear on the dashboard. But when you click on that secret, all the occurrences will appear on the page. It would be better to have one secret per occurrence, directly, so that we don't have to click to get to the list of all the occurrences."

Pricing and Cost Advice

"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."

"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."

"Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."

"The solution is costly."

"This solution is expensive. The customized package allows you to buy additional users at any time."

"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."

More Checkmarx One pricing and cost advice

"It's a bit expensive, but it works well. You get what you pay for."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

824,053 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

22%

Computer Software Company

15%

Manufacturing Company

10%

Government

24%

Energy/Utilities Company

20%

Computer Software Company

16%

Comms Service Provider

13%

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

See all answers

What do you like most about GitGuardian Public Monitoring?

The Explore function is valuable for finding specific things I'm looking for.

See all answers

What needs improvement with GitGuardian Public Monitoring?

I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems...

See all answers

What is your primary use case for GitGuardian Public Monitoring?

We use GitGuardian Public Monitoring for code that is exposed in public.

See all answers

Comparisons

SonarQube Server (formerly SonarQube) vs Checkmarx One

Compared 48% of the time

Veracode vs Checkmarx One

Compared 13% of the time

Fortify on Demand vs Checkmarx One

Compared 5% of the time

Coverity vs Checkmarx One

Compared 4% of the time

Snyk vs Checkmarx One

Compared 4% of the time

More Checkmarx One Competitors

Snyk vs GitGuardian Public Monitoring

Compared 100% of the time

More GitGuardian Public Monitoring Competitors

Product Reports

Buyer's Guide

Checkmarx One

December 2024

Download Checkmarx One product report

Buyer's Guide

Application Security Tools

December 2024

Download GitGuardian Public Monitoring product report

Learn More

Checkmarx

Video not available

GitGuardian

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

GitGuardian Public Monitoring allows real-time GitHub scanning and alerting to uncover sensitive company information hiding in online repositories. It monitors both organization repositories and developers' personal repositories. The solution gives visibility to developers and security teams on this very critical blindspot that are the organization developers' personal repositories on GitHub (80% of leaked corporate secrets on public GitHub come from developers’ personal repositories).

GitGuardian Public Monitoring is particularly interesting for companies with large development teams (above 200 developers) and modern development practices.

GitGuardian Public Monitoring cover 350+ API providers, database connection strings, private keys, certificates, usernames and passwords and intellectual property. It uses sophisticated pattern matching techniques to detect credentials that cannot be strictly defined with a distinctive pattern (like unprefixed credentials). The algorithm has a high precision (91% “true positive” feedback following our alerts, as reported by our users.)

The alerting is done in real-time (a few seconds after the secret was publicly exposed) which allows fast remediation involving in a collaborative way developers, security teams and operations.

GitGuardian Public Monitoring also allows red teams and pentesters to proactively look for sensitive information by performing complex queries on 12 billion documents and metadata from more than 3 years of GitHub history.

GitGuardian Public Monitoring scans public GitHub activity in real-time, helping organizations detect sensitive information leaks in source code repositories. Our solution gives Threat Intelligence and Security teams full visibility over their organization’s public GitHub Attack Surface, by monitoring both organization-owned repositories and developers' personal repositories.

With 80% of secrets and credentials leaks on public GitHub finding their source in developers' personal repositories, GitGuardian for Public Monitoring helps organizations address a critical security blind spot.

With real-time incident notification, Threat Intelligence and Security teams are guaranteed to reach the incident scene before everyone else and take action to mitigate the threat of breaches and intrusions.

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

Align Technology, Automox, Fred Hutch, Instacart, Maven Wave, Mirantis, SafetyCulture, Snowflake, Talend

Buyer's Guide

Checkmarx One vs. GitGuardian Public Monitoring

December 2024

Free Report: Checkmarx One vs. GitGuardian Public Monitoring

Find out what your peers are saying about Checkmarx One vs. GitGuardian Public Monitoring and other solutions. Updated: December 2024.

DOWNLOAD NOW

824,053 professionals have used our research since 2012.

See our Checkmarx One vs. GitGuardian Public Monitoring report.

See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.