No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx Software Composition Analysis vs GitLab comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx Software Composit...
Ranking in Software Composition Analysis (SCA)
12th
Average Rating
9.0
Reviews Sentiment
7.6
Number of Reviews
13
Ranking in other categories
No ranking in other categories
GitLab
Ranking in Software Composition Analysis (SCA)
4th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
91
Ranking in other categories
Application Security Tools (6th), Build Automation (1st), Release Automation (2nd), Static Application Security Testing (SAST) (4th), Rapid Application Development Software (11th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (1st)
 

Mindshare comparison

As of July 2026, in the Software Composition Analysis (SCA) category, the mindshare of Checkmarx Software Composition Analysis is 2.7%, up from 2.5% compared to the previous year. The mindshare of GitLab is 3.6%, down from 4.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA) Mindshare Distribution
ProductMindshare (%)
GitLab3.6%
Checkmarx Software Composition Analysis2.7%
Other93.7%
Software Composition Analysis (SCA)
 

Featured Reviews

Tharindu Malwenna - PeerSpot reviewer
Senior Application Security Engineer at a newspaper with 5,001-10,000 employees
Efficient library identification and upgrade suggestions improve application security
We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the application Checkmarx Software Composition Analysis provides identification of libraries and…
BasilJiji - PeerSpot reviewer
System engineer at a retailer with 10,001+ employees
Role-based workflows have transformed daily deployments and improve team collaboration
GitLab has role-based access control, so when a team member needs to make a code change, they cannot directly apply it to the environment but must put in a merge request. Once a senior reviews the code and approves it, then it is implemented across the environment, making it safer and allowing everyone to experience the process. The best features GitLab offers are version control and automation, which are the major things that stand out to me. When it comes to access, the login is very smooth, with just one login integrated with our Okta, allowing everyone to log in easily. Deployments become much easier, and that is how GitLab helps. The automation features make my work easier because we use a tool called AWX, which is connected to GitLab. Whenever we run a job on AWX, it directly checks the code and uses it. Since the code is not preserved locally but kept in the cloud, it is safe and nobody can tamper with it. When it comes to safety, that is a major thing. Automation features allow the code to be accessed from any tools we use, so the jobs we run are helping tremendously and doing their work perfectly. For pipeline tasks, we have created a significant amount of pipelines, which are all hosted in GitLab. Running the pipelines has become much easier, and they are doing a perfect job, helping tremendously in our day-to-day activities. GitLab has positively impacted my organization because previously we stored code locally on servers, leading to many risks. Since GitLab came into our environment, our integration and deployments became much easier, helping our work become much smoother. Improvements from GitLab have led to better team collaboration because when several people are working, they can all edit the code and submit it as a merge request, and once approved, it reflects directly to the main branch. Many can work at the same time. When it comes to deployments, deploying has become much faster since we started using GitLab, and even if errors occur, we can spot them easily and troubleshoot, which has helped tremendously.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I appreciate the user-friendly interface. The GUI is excellent, providing detailed information on outdated versions, including version numbers and the flow of library calls. This allows me to plan and prioritize library changes based on potential vulnerabilities, even if the affected library is indirectly used in my project. The tool offers specific guidance on addressing these issues."
"We were able to reduce the number of vulnerable libraries by 50%, leading to significant operational improvement."
"The customer service and support were good."
"Checkmarx unifies all the features in its service."
"It is a stable solution...It is a scalable solution."
"What's most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in open-source components, especially if some critical issues exist."
"The software is very stable and works very well."
"It is very easy and user friendly. It never requires any kind of technical support. You can do everything on your own."
"The solution is similar to all the repository tools or the work tools on the market, and I like it and find it quite easy to use."
"As a developer, this solution is useful as a repository holder because most of the POC projects that we have are on GitLab."
"The solution is stable."
"If you want to maintain your issues in GitLab and raise your book of work and features, then GitLab is a great tool for collaboration and integration with code deployment and CICD pipelines."
"We like that we can have an all-encompassing product and don't have to implement different solutions."
"Because of the simplicity of the product, GitLab is better than Jenkins."
"In terms of impact from using GitLab as an all-in-one DevOps platform, it helped with my project development life cycle."
"GitLab is being used as a repository for our codebase and it is a one stop DevOps tool we use in our team."
 

Cons

"Its pricing can be improved. It is a little bit high priced."
"The solution could improve by determining the success factor of an upgrade, which is currently lacking."
"The quality of technical support has decreased over time, and it is not as good as it used to be."
"Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive. It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx."
"API security is an area with shortcomings that needs improvement."
"I have received complaints from my customers that the pricing could be improved."
"Instant updates for end users to identify vulnerabilities as soon as possible will make Checkmarx Software Composition Analysis better. The UI of the solution could also be improved."
"Parts of the implementation process could improve by making it more user-friendly."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default."
"GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package."
"The licensing model could be improved to be more accommodating in terms of user numbers and costs."
"I would like more Agile features in the Premium version. The Premium version should have all Agile features that exist in the Ultimate version. IBM AOM has a complete Agile implementation, but in GitLab, you only have these features if you buy the Ultimate version. It would be good if we can use these in the Premium version."
"There are many improvements that GitLab can implement, such as addressing the issue of caching. Currently, when I have multiple tasks to merge or attempt multiple merges, the CI/CD and overall GitLab processes get slower."
"The only thing our company is really waiting on in terms of features is the development of metrics."
"There are some challenges with repository file management as GitLab may struggle to manage larger files."
"It could have more security integrations and the ability to check the vulnerability of the code. I don't think it is a responsibility of Gitlab, but it would be nice to have more options to integrate with."
 

Pricing and Cost Advice

"It is a little bit high priced. It would be better if it was a little less expensive."
"Pricing for Checkmarx Software Composition Analysis needs to be competitive."
"My customers need to pay for the licensing part, and they need to opt for an annual subscription."
"The license model is somewhat perplexing as it comprises multiple aspects that can be confusing for customers. The model is determined by the number of registered users and the number of projects being scanned, along with a third component that adds to the complexity."
"We don't have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage."
"I think that we pay approximately $100 USD per month."
"GitLab is comparatively expensive, but it provides value because it's feature-rich."
"As I work in a vast enterprise, I'm unsure about the licensing cost for GitLab. It's the management team that takes care of that."
"The solution is based on a subscription model and is reasonably priced."
"On a scale of one to ten, where one is cheap, and ten is expensive, I rate the pricing a five out of ten."
"There are different licensing options available, including a free limited-user license."
"The initial setup cost is excellent and you can add the premium features later."
"In terms of the pricing for GitLab, on a scale of one to five, with one being expensive and five being cheap, I'm rating pricing for the solution a four. It could still be cheaper because right now, my company has a small team, and sometimes it's difficult to use a paid product for a small team. You'd hope the team will grow and scale, but currently, you're paying a high license fee for a small team. I'm referring to the GitLab license that has premium features and will give you all features. This can be a problem for management to approve the high price of the license for a team this small."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
904,016 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Construction Company
9%
Manufacturing Company
8%
Insurance Company
6%
Financial Services Firm
14%
Manufacturing Company
11%
Government
9%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Large Enterprise8
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise10
Large Enterprise49
 

Questions from the Community

What is your experience regarding pricing and costs for Checkmarx Software Composition Analysis?
Pricing is complex and high for small organizations but offers great benefits for larger organizations. It is notably different compared to competitors like GitHub Advanced Security.
What needs improvement with Checkmarx Software Composition Analysis?
The solution could improve by determining the success factor of an upgrade, which is currently lacking.
What is your primary use case for Checkmarx Software Composition Analysis?
We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the ...
What is your experience regarding pricing and costs for GitLab?
The setup cost for GitLab is minimal since the team has its own minimal resource balancing. The costing falls into an intermediate stage and is impactful across all results within the team. It allo...
What needs improvement with GitLab?
There are many improvements that GitLab can implement, such as addressing the issue of caching. Currently, when I have multiple tasks to merge or attempt multiple merges, the CI/CD and overall GitL...
What is your primary use case for GitLab?
My main use case for GitLab is as a version control system that we are using. Currently, I am working on an end-to-end AI pipeline, and I have deployed my whole code using GitLab so that all things...
 

Also Known As

CxSCA
Fuzzit
 

Overview

 

Sample Customers

AXA, Liveperson, Aaron's, Playtech, Morningstar
1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Find out what your peers are saying about Checkmarx Software Composition Analysis vs. GitLab and other solutions. Updated: June 2026.
904,016 professionals have used our research since 2012.