No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx Software Composition Analysis vs GitLab comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx Software Composit...
Ranking in Software Composition Analysis (SCA)
12th
Average Rating
9.0
Reviews Sentiment
7.6
Number of Reviews
13
Ranking in other categories
No ranking in other categories
GitLab
Ranking in Software Composition Analysis (SCA)
4th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
91
Ranking in other categories
Application Security Tools (6th), Build Automation (1st), Release Automation (2nd), Static Application Security Testing (SAST) (4th), Rapid Application Development Software (11th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (1st)
 

Mindshare comparison

As of July 2026, in the Software Composition Analysis (SCA) category, the mindshare of Checkmarx Software Composition Analysis is 2.7%, up from 2.5% compared to the previous year. The mindshare of GitLab is 3.6%, down from 4.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA) Mindshare Distribution
ProductMindshare (%)
GitLab3.6%
Checkmarx Software Composition Analysis2.7%
Other93.7%
Software Composition Analysis (SCA)
 

Featured Reviews

Tharindu Malwenna - PeerSpot reviewer
Senior Application Security Engineer at a newspaper with 5,001-10,000 employees
Efficient library identification and upgrade suggestions improve application security
We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the application Checkmarx Software Composition Analysis provides identification of libraries and…
BasilJiji - PeerSpot reviewer
System engineer at a retailer with 10,001+ employees
Role-based workflows have transformed daily deployments and improve team collaboration
GitLab has role-based access control, so when a team member needs to make a code change, they cannot directly apply it to the environment but must put in a merge request. Once a senior reviews the code and approves it, then it is implemented across the environment, making it safer and allowing everyone to experience the process. The best features GitLab offers are version control and automation, which are the major things that stand out to me. When it comes to access, the login is very smooth, with just one login integrated with our Okta, allowing everyone to log in easily. Deployments become much easier, and that is how GitLab helps. The automation features make my work easier because we use a tool called AWX, which is connected to GitLab. Whenever we run a job on AWX, it directly checks the code and uses it. Since the code is not preserved locally but kept in the cloud, it is safe and nobody can tamper with it. When it comes to safety, that is a major thing. Automation features allow the code to be accessed from any tools we use, so the jobs we run are helping tremendously and doing their work perfectly. For pipeline tasks, we have created a significant amount of pipelines, which are all hosted in GitLab. Running the pipelines has become much easier, and they are doing a perfect job, helping tremendously in our day-to-day activities. GitLab has positively impacted my organization because previously we stored code locally on servers, leading to many risks. Since GitLab came into our environment, our integration and deployments became much easier, helping our work become much smoother. Improvements from GitLab have led to better team collaboration because when several people are working, they can all edit the code and submit it as a merge request, and once approved, it reflects directly to the main branch. Many can work at the same time. When it comes to deployments, deploying has become much faster since we started using GitLab, and even if errors occur, we can spot them easily and troubleshoot, which has helped tremendously.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is a stable solution...It is a scalable solution."
"We were able to reduce the number of vulnerable libraries by 50%, leading to significant operational improvement."
"The customer service and support were good."
"One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take two hours to do the initial scan. The subsequent scans, as people are making changes to the app, scan the Delta and are very fast. That's a really nice implementation. The way they have incorporated the functionality of the incremental scans is something to be aware of. It is quite good. It has been very solid. We haven't really had any issues, and it does what it advertises to do very nicely."
"What's most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in open-source components, especially if some critical issues exist."
"Checkmarx unifies all the features in its service."
"The product is stable and scalable."
"Checkmarx Software Composition Analysis is one of the most important products in the IT security market."
"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"The stability of GitLab is impressive."
"I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."
"A user friendly solution."
"The dashboard and interface make it easy to use."
"GitLab has impacted my organization positively in terms of version control systems, providing many smart features and reducing the sharing of dependencies compared to what we used to do previously."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"Continuous integration with deployment is very powerful, which is a significant reason for migrating from TFS to GitLab."
 

Cons

"API security is an area with shortcomings that needs improvement."
"I have received complaints from my customers that the pricing could be improved."
"Instant updates for end users to identify vulnerabilities as soon as possible will make Checkmarx Software Composition Analysis better. The UI of the solution could also be improved."
"An area for improvement in Checkmarx Software Composition Analysis is for the updates to be fast."
"Checkmarx Software Composition Analysis should improve dynamic analysis."
"In terms of areas for improvement, what could be improved in Checkmarx Software Composition Analysis is pricing because customers always compare the pricing among secure DevOps solutions in the market. Checkmarx Software Composition Analysis has a lot of competitors yet its features aren't much different. Pricing is the first thing customers consider, and from a partner perspective, if you can offer affordable pricing to your customers, it's more likely you'll have a winning deal. The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours."
"Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive. It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx."
"The quality of technical support has decreased over time, and it is not as good as it used to be."
"We do face issues in our company when we run out of disk space."
"Currently, GitLab is not easy to scale because GitLab has specific deployment instructions. We deploy it on one of the VMs."
"There is room for improvement in GitLab Agents."
"While GitLab is a great tool for developers, it lacks project planner features. Roadmaps and Gantt charts in GitLab are not as advanced as in Jira, and changing start and end dates is more laborious in GitLab."
"GitLab can improve its user interface to make conflict resolution more user-friendly."
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"There are some challenges with repository file management as GitLab may struggle to manage larger files."
"The solution should again offer an on-premises deployment option."
 

Pricing and Cost Advice

"Pricing for Checkmarx Software Composition Analysis needs to be competitive."
"My customers need to pay for the licensing part, and they need to opt for an annual subscription."
"The license model is somewhat perplexing as it comprises multiple aspects that can be confusing for customers. The model is determined by the number of registered users and the number of projects being scanned, along with a third component that adds to the complexity."
"We don't have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage."
"It is a little bit high priced. It would be better if it was a little less expensive."
"The initial setup cost is excellent and you can add the premium features later."
"On a scale of one to ten, where one is cheap, and ten is expensive, I rate the pricing a five out of ten."
"I don't mind the price because I use the free version."
"There are different licensing options available, including a free limited-user license."
"As I work in a vast enterprise, I'm unsure about the licensing cost for GitLab. It's the management team that takes care of that."
"It is very expensive. We can't bear it now, and we have to find another solution. We have a yearly subscription in which we can increase the number of licenses, but we have to pay at the end of the year."
"My company uses the free version of GitLab, which is GitLab Community Edition. There is a licensed version also available for GitLab."
"GitLab is a free solution to use."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
904,899 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Construction Company
9%
Manufacturing Company
8%
Insurance Company
6%
Financial Services Firm
14%
Manufacturing Company
11%
Government
9%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Large Enterprise8
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise10
Large Enterprise49
 

Questions from the Community

What is your experience regarding pricing and costs for Checkmarx Software Composition Analysis?
Pricing is complex and high for small organizations but offers great benefits for larger organizations. It is notably different compared to competitors like GitHub Advanced Security.
What needs improvement with Checkmarx Software Composition Analysis?
The solution could improve by determining the success factor of an upgrade, which is currently lacking.
What is your primary use case for Checkmarx Software Composition Analysis?
We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the ...
What is your experience regarding pricing and costs for GitLab?
The setup cost for GitLab is minimal since the team has its own minimal resource balancing. The costing falls into an intermediate stage and is impactful across all results within the team. It allo...
What needs improvement with GitLab?
There are many improvements that GitLab can implement, such as addressing the issue of caching. Currently, when I have multiple tasks to merge or attempt multiple merges, the CI/CD and overall GitL...
What is your primary use case for GitLab?
My main use case for GitLab is as a version control system that we are using. Currently, I am working on an end-to-end AI pipeline, and I have deployed my whole code using GitLab so that all things...
 

Also Known As

CxSCA
Fuzzit
 

Overview

 

Sample Customers

AXA, Liveperson, Aaron's, Playtech, Morningstar
1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Find out what your peers are saying about Checkmarx Software Composition Analysis vs. GitLab and other solutions. Updated: June 2026.
904,899 professionals have used our research since 2012.