No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx Software Composition Analysis vs GitLab comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx Software Composit...
Ranking in Software Composition Analysis (SCA)
12th
Average Rating
9.0
Reviews Sentiment
7.6
Number of Reviews
13
Ranking in other categories
No ranking in other categories
GitLab
Ranking in Software Composition Analysis (SCA)
4th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
91
Ranking in other categories
Application Security Tools (6th), Build Automation (1st), Release Automation (2nd), Static Application Security Testing (SAST) (4th), Rapid Application Development Software (11th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (1st)
 

Mindshare comparison

As of July 2026, in the Software Composition Analysis (SCA) category, the mindshare of Checkmarx Software Composition Analysis is 2.7%, up from 2.5% compared to the previous year. The mindshare of GitLab is 3.6%, down from 4.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA) Mindshare Distribution
ProductMindshare (%)
GitLab3.6%
Checkmarx Software Composition Analysis2.7%
Other93.7%
Software Composition Analysis (SCA)
 

Featured Reviews

Tharindu Malwenna - PeerSpot reviewer
Senior Application Security Engineer at a newspaper with 5,001-10,000 employees
Efficient library identification and upgrade suggestions improve application security
We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the application Checkmarx Software Composition Analysis provides identification of libraries and…
BasilJiji - PeerSpot reviewer
System engineer at a retailer with 10,001+ employees
Role-based workflows have transformed daily deployments and improve team collaboration
GitLab has role-based access control, so when a team member needs to make a code change, they cannot directly apply it to the environment but must put in a merge request. Once a senior reviews the code and approves it, then it is implemented across the environment, making it safer and allowing everyone to experience the process. The best features GitLab offers are version control and automation, which are the major things that stand out to me. When it comes to access, the login is very smooth, with just one login integrated with our Okta, allowing everyone to log in easily. Deployments become much easier, and that is how GitLab helps. The automation features make my work easier because we use a tool called AWX, which is connected to GitLab. Whenever we run a job on AWX, it directly checks the code and uses it. Since the code is not preserved locally but kept in the cloud, it is safe and nobody can tamper with it. When it comes to safety, that is a major thing. Automation features allow the code to be accessed from any tools we use, so the jobs we run are helping tremendously and doing their work perfectly. For pipeline tasks, we have created a significant amount of pipelines, which are all hosted in GitLab. Running the pipelines has become much easier, and they are doing a perfect job, helping tremendously in our day-to-day activities. GitLab has positively impacted my organization because previously we stored code locally on servers, leading to many risks. Since GitLab came into our environment, our integration and deployments became much easier, helping our work become much smoother. Improvements from GitLab have led to better team collaboration because when several people are working, they can all edit the code and submit it as a merge request, and once approved, it reflects directly to the main branch. Many can work at the same time. When it comes to deployments, deploying has become much faster since we started using GitLab, and even if errors occur, we can spot them easily and troubleshoot, which has helped tremendously.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product is stable and scalable."
"What's most valuable in Checkmarx Software Composition Analysis is that it provides security from the start. In the traditional approach, an enterprise or company validates the solution before launching to a production environment, but in the modern approach, security must be checked and provided from the beginning and from the design, and this is where Checkmarx Software Composition Analysis comes in. The solution helps you make sure that every open-source application that you use is secure, and that there's no vulnerability inside that open-source application."
"It is a stable solution...It is a scalable solution."
"The tool's visual scan analysis shows me all the libraries' vulnerabilities and license types. It helps identify the most complex issues with licenses. It provides good visibility. SCA shows me all libraries that are vulnerable and the extent of their vulnerability."
"I appreciate the user-friendly interface. The GUI is excellent, providing detailed information on outdated versions, including version numbers and the flow of library calls. This allows me to plan and prioritize library changes based on potential vulnerabilities, even if the affected library is indirectly used in my project. The tool offers specific guidance on addressing these issues."
"What's most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in open-source components, especially if some critical issues exist."
"We were able to reduce the number of vulnerable libraries by 50%, leading to significant operational improvement."
"The customer service and support were good."
"The most valuable features of Gitlab are integration with CIE and the ability to rapidly deploy solutions, projects, and applications. It is very easy to use, and there are no complaints."
"Overall, it's a great product and it does a good job."
"The feature I appreciate the most about GitLab is its ease of use and compatibility, which allows for straightforward building and deployment processes."
"I like that it's easy to deploy our services over GitLab; the customer support is also good with a really active community, and you have a lot of support that you can get online with your stack, which is probably one of the benefits of using GitLab, and it's also really fast."
"The most valuable aspects of GitLab are the ability to create branches, merge branches, and compare branches to resolve code conflicts."
"The solution is valuable for developers because it includes version controlling, pipelines, CI/CD, and integrations."
"Previously we used Team Foundation Server, but GitLab is better for local cloud deployment."
"It is user-friendly, easy to use, and easy to administer."
 

Cons

"I would rate the scalability a seven out of ten."
"API security is an area with shortcomings that needs improvement."
"It can have better licensing models."
"In terms of time and quality of support, Checkmarx SCA needs improvement."
"Personally, I currently use it as a standalone tool without integrating it with other systems, and it meets my needs adequately. As a suggestion, I request on considering to add a "what if" feature to the application. Currently, when the tool identifies issues and suggests updates, if I want to explore different scenarios, I need to prepare another file, turn it into a ZIP, and run the analysis again. It would be more convenient if there was a "what if" option in the GUI. This feature could simulate a run, allowing me to quickly check the impact of changing one or more files or versions without the need for a full rerun."
"Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive. It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx."
"Instant updates for end users to identify vulnerabilities as soon as possible will make Checkmarx Software Composition Analysis better. The UI of the solution could also be improved."
"Some of the recommendations provided by the product are generic. Even if the recommendations provided by the product are of low level, the appropriate ones can help users deal with vulnerabilities."
"It has fewer options, and its UI is not so user-friendly."
"It can be free for commercial use of project management and code integrity features."
"Its security features are very expensive. The Ultimate version is very expensive."
"The solution does not have many built-in functions or variables so scripting is required and that is a drawback."
"The self-hosted version of GitLab is not very stable when under load. It slows down and requires restarts every few days."
"There are missing search features, particularly when searching repositories or applying filters. Additionally, I have encountered issues with the deployment of CI/CD pipelines, especially dealing with variable environments."
"There are occasions where we usually see a lot of outages using GitLab; it happens at least once a week or something like that."
"There is room for improvement in GitLab Agents."
 

Pricing and Cost Advice

"Pricing for Checkmarx Software Composition Analysis needs to be competitive."
"My customers need to pay for the licensing part, and they need to opt for an annual subscription."
"The license model is somewhat perplexing as it comprises multiple aspects that can be confusing for customers. The model is determined by the number of registered users and the number of projects being scanned, along with a third component that adds to the complexity."
"It is a little bit high priced. It would be better if it was a little less expensive."
"We don't have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage."
"We are using the open-source version."
"As I work in a vast enterprise, I'm unsure about the licensing cost for GitLab. It's the management team that takes care of that."
"GitLab's pricing is good compared to others on the market."
"The solution's pricing is acceptable."
"The open-source version is very good and the commercial version is reasonably priced."
"On a scale of one to ten, where one is cheap, and ten is expensive, I rate the pricing a five out of ten."
"It seems reasonable. Our IT team manages the licenses."
"The price is okay."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
903,182 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Construction Company
9%
Manufacturing Company
8%
Insurance Company
6%
Financial Services Firm
14%
Manufacturing Company
11%
Government
9%
Computer Software Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Large Enterprise8
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise10
Large Enterprise49
 

Questions from the Community

What is your experience regarding pricing and costs for Checkmarx Software Composition Analysis?
Pricing is complex and high for small organizations but offers great benefits for larger organizations. It is notably different compared to competitors like GitHub Advanced Security.
What needs improvement with Checkmarx Software Composition Analysis?
The solution could improve by determining the success factor of an upgrade, which is currently lacking.
What is your primary use case for Checkmarx Software Composition Analysis?
We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the ...
What is your experience regarding pricing and costs for GitLab?
The setup cost for GitLab is minimal since the team has its own minimal resource balancing. The costing falls into an intermediate stage and is impactful across all results within the team. It allo...
What needs improvement with GitLab?
There are many improvements that GitLab can implement, such as addressing the issue of caching. Currently, when I have multiple tasks to merge or attempt multiple merges, the CI/CD and overall GitL...
What is your primary use case for GitLab?
My main use case for GitLab is as a version control system that we are using. Currently, I am working on an end-to-end AI pipeline, and I have deployed my whole code using GitLab so that all things...
 

Also Known As

CxSCA
Fuzzit
 

Overview

 

Sample Customers

AXA, Liveperson, Aaron's, Playtech, Morningstar
1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Find out what your peers are saying about Checkmarx Software Composition Analysis vs. GitLab and other solutions. Updated: June 2026.
903,182 professionals have used our research since 2012.