Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs GitLab comparison

Checkmarx and GitLab are both solutions in the Application Security Tools category. Checkmarx is ranked #3 with an average rating of 7.9, while GitLab is ranked #11 with an average rating of 8.3. Checkmarx holds a 12.9% mindshare in AS, compared to GitLab’s 3.0% mindshare. Additionally, 86% of Checkmarx users are willing to recommend the solution, compared to 97% of GitLab users who would recommend it.
Checkmarx One
Read 70 Checkmarx One reviews
  • 27,270 Views
  • 17,669 Comparison Views
86% willing to recommend
GitLab
Read 75 GitLab reviews
  • 4,211 Views
  • 3,409 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

Checkmarx One and GitLab compete in software security and development, each offering distinctive benefits. Checkmarx One leads in security features with comprehensive vulnerability assessments, while GitLab stands out for its DevOps integration, appealing to those valuing feature richness.

Features:Checkmarx One provides static application security testing, precise scanning, and detailed code analysis. GitLab offers complete DevOps lifecycle integration, source code management, and CI/CD capabilities.

Room for Improvement:Checkmarx One users suggest better integration with third-party tools, enhanced reporting, and increased user-friendliness. GitLab users seek improvements in security testing, more customization options, and advanced user training.

Ease of Deployment and Customer Service:Checkmarx One's deployment can be challenging, but it offers high-quality support. GitLab provides straightforward deployment and has mixed reviews on customer service responsiveness.

Pricing and ROI:Checkmarx One's higher pricing is seen as justified for its security capabilities, though opinions on ROI vary. GitLab provides substantial value with integrated features at competitive pricing, resulting in a favorable ROI perception.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Checkmarx One vs. GitLab Report (Updated: October 2024).
Buyer's Guide
Checkmarx One vs. GitLab
October 2024
Download the complete report
Helped 815,854 peers since 2012
 

Categories and Ranking

Checkmarx One
Ranking in Application Security Tools
3rd
Ranking in Static Application Security Testing (SAST)
3rd
Ranking in DevSecOps
2nd
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
70
Ranking in other categories
Vulnerability Management (16th), Static Code Analysis (2nd), API Security (2nd), Risk-Based Vulnerability Management (5th)
GitLab
Ranking in Application Security Tools
11th
Ranking in Static Application Security Testing (SAST)
10th
Ranking in DevSecOps
3rd
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
75
Ranking in other categories
Build Automation (1st), Release Automation (2nd), Rapid Application Development Software (12th), Software Composition Analysis (SCA) (5th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of Checkmarx One is 12.9%, down from 15.0% compared to the previous year. The mindshare of GitLab is 3.0%, up from 2.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
Read full review
Corné den Hollander - PeerSpot reviewer
Sep 15, 2022
Powerful, mature, and easy to set up and manage
It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful. In terms of additional features, nothing comes to mind. One of the potential pitfalls is to keep adding new features and functionalities. They can just improve some of the existing features to make it high-end, top-quality. I don't have any substantial experience with agile planning. I don't know the industries GitLab is in, and I don't know why they make decisions like this, but as a customer, I would rather see them invest in improving the basic agile planning functionalities rather than adding, for example, portfolio planning features. That's because if I'm going to do portfolio planning, I probably will also need a lot of business users. I'm not sure if I want them in GitLab, I'd rather have them in Jira collaborating with me on portfolio planning. That's way better fitted for that type of work.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The user interface is modern and nice to use."
"The SAST component was absolutely 100% stable."
"Both automatic and manual code review (CxQL) are valuable."
"The UI is very intuitive and simple to use."
"We use the solution to validate the source code and do SAST and security analysis."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"Our static operation security has been able to identify more security issues since implementing this solution."
More Checkmarx One pros
"The dashboard and interface make it easy to use."
"Of all available products, it was the easiest to use and easy to install."
"It is very flexible and easy because you can store data on cloud."
"It is scalable."
"Git hosting has an integration with ACD which is why we liked this solution in the first place."
"We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people."
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"The most valuable feature of GitLab is its security."
More GitLab pros
 

Cons

"The validation process needs to be sped up."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"The reports are good, but they still need to be improved considering what the UI offers."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"The Dynamic Application Security Testing (DAST) feature should be better."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
More Checkmarx One cons
"I rate the support from GitLab a four out of five."
"The documentation could be improved to help newcomers better understand things like creating new branches."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
"The solution should again offer an on-premises deployment option."
"Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes."
"The pricing model of GitLab is an issue for me."
"Some of the scripts that we encountered in GitLab were not fully functional and threw up errors."
"Reporting could be improved."
More GitLab cons
 

Pricing and Cost Advice

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"The solution's price is high and you pay based on the number of users."
"The number of users and coverage for languages will have an impact on the cost of the license."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
More Checkmarx One pricing and cost advice
"My company uses the free version of GitLab, which is GitLab Community Edition. There is a licensed version also available for GitLab."
"We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
"On a scale of one to ten, where one is cheap, and ten is expensive, I rate the pricing a five out of ten."
"GitLab is highly priced for smaller teams, but it's okay if considering a user base of thousands."
"The solution is based on a licensing model that includes technical support and is paid annually."
"The initial setup cost is excellent and you can add the premium features later."
"I think that we pay approximately $100 USD per month."
"Regarding pricing, I would rate GitLab as moderately priced, maybe around a seven or eight out of ten. It could be more flexible for clients but generally offers good value."
More GitLab pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
815,854 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Educational Organization
29%
Computer Software Company
11%
Financial Services Firm
11%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
See all answers
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
See all answers
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
See all answers
What do you like most about GitLab?
I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
See all answers
What is your experience regarding pricing and costs for GitLab?
Pricing is relatively expensive.
See all answers
What needs improvement with GitLab?
The pricing has been substantially increased, which is a major concern. While GitLab has a lot of documentation, the complexity and volume can be overwhelming, especially for new learners. Structur...
See all answers
 

Comparisons

SonarQube Server (formerly SonarQube) vs Checkmarx One Logo
SonarQube Server (formerly SonarQube) vs Checkmarx One
Compared 49% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 13% of the time
Fortify on Demand vs Checkmarx One Logo
Fortify on Demand vs Checkmarx One
Compared 6% of the time
Coverity vs Checkmarx One Logo
Coverity vs Checkmarx One
Compared 4% of the time
Sonatype Lifecycle vs Checkmarx One Logo
Sonatype Lifecycle vs Checkmarx One
Compared 1% of the time
More Checkmarx One Competitors
Microsoft Azure DevOps vs GitLab Logo
Microsoft Azure DevOps vs GitLab
Compared 41% of the time
SonarQube Server (formerly SonarQube) vs GitLab Logo
SonarQube Server (formerly SonarQube) vs GitLab
Compared 8% of the time
GitHub CoPilot vs GitLab Logo
GitHub CoPilot vs GitLab
Compared 7% of the time
AWS CodePipeline vs GitLab Logo
AWS CodePipeline vs GitLab
Compared 5% of the time
Tekton vs GitLab Logo
Tekton vs GitLab
Compared 4% of the time
More GitLab Competitors
 

Product Reports

Buyer's Guide
Checkmarx One
November 2024
Checkmarx One reportDownload Checkmarx One product report
Buyer's Guide
GitLab
November 2024
GitLab reportDownload GitLab product report
 

Also Known As

No data available
Fuzzit
 

Learn More

Checkmarx
GitLab
 

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster. 

It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring. 

With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Buyer's Guide
Checkmarx One vs. GitLab
October 2024
Free Report: Checkmarx One vs. GitLab
Find out what your peers are saying about Checkmarx One vs. GitLab and other solutions. Updated: October 2024.
DOWNLOAD NOW
815,854 professionals have used our research since 2012.
See our Checkmarx One vs. GitLab report.
See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best DevSecOps vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.