No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx Software Composition Analysis vs GitLab comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx Software Composit...
Ranking in Software Composition Analysis (SCA)
12th
Average Rating
9.0
Reviews Sentiment
7.6
Number of Reviews
13
Ranking in other categories
No ranking in other categories
GitLab
Ranking in Software Composition Analysis (SCA)
4th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
91
Ranking in other categories
Application Security Tools (6th), Build Automation (1st), Release Automation (2nd), Static Application Security Testing (SAST) (4th), Rapid Application Development Software (11th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (1st)
 

Mindshare comparison

As of July 2026, in the Software Composition Analysis (SCA) category, the mindshare of Checkmarx Software Composition Analysis is 2.7%, up from 2.5% compared to the previous year. The mindshare of GitLab is 3.6%, down from 4.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA) Mindshare Distribution
ProductMindshare (%)
GitLab3.6%
Checkmarx Software Composition Analysis2.7%
Other93.7%
Software Composition Analysis (SCA)
 

Featured Reviews

Tharindu Malwenna - PeerSpot reviewer
Senior Application Security Engineer at a newspaper with 5,001-10,000 employees
Efficient library identification and upgrade suggestions improve application security
We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the application Checkmarx Software Composition Analysis provides identification of libraries and…
BasilJiji - PeerSpot reviewer
System engineer at a retailer with 10,001+ employees
Role-based workflows have transformed daily deployments and improve team collaboration
GitLab has role-based access control, so when a team member needs to make a code change, they cannot directly apply it to the environment but must put in a merge request. Once a senior reviews the code and approves it, then it is implemented across the environment, making it safer and allowing everyone to experience the process. The best features GitLab offers are version control and automation, which are the major things that stand out to me. When it comes to access, the login is very smooth, with just one login integrated with our Okta, allowing everyone to log in easily. Deployments become much easier, and that is how GitLab helps. The automation features make my work easier because we use a tool called AWX, which is connected to GitLab. Whenever we run a job on AWX, it directly checks the code and uses it. Since the code is not preserved locally but kept in the cloud, it is safe and nobody can tamper with it. When it comes to safety, that is a major thing. Automation features allow the code to be accessed from any tools we use, so the jobs we run are helping tremendously and doing their work perfectly. For pipeline tasks, we have created a significant amount of pipelines, which are all hosted in GitLab. Running the pipelines has become much easier, and they are doing a perfect job, helping tremendously in our day-to-day activities. GitLab has positively impacted my organization because previously we stored code locally on servers, leading to many risks. Since GitLab came into our environment, our integration and deployments became much easier, helping our work become much smoother. Improvements from GitLab have led to better team collaboration because when several people are working, they can all edit the code and submit it as a merge request, and once approved, it reflects directly to the main branch. Many can work at the same time. When it comes to deployments, deploying has become much faster since we started using GitLab, and even if errors occur, we can spot them easily and troubleshoot, which has helped tremendously.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We were able to reduce the number of vulnerable libraries by 50%, leading to significant operational improvement."
"The most valuable feature of Checkmarx Software Composition Analysis is the comprehensive security scan."
"It is a stable solution...It is a scalable solution."
"Checkmarx Software Composition Analysis is one of the most important products in the IT security market."
"The software is very stable and works very well."
"It is very easy and user friendly. It never requires any kind of technical support. You can do everything on your own."
"What's most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in open-source components, especially if some critical issues exist."
"It has improved identification capabilities, scalability, and integration with AI, such as the AI-powered suggestions."
"It is very useful for reviews. We are using branch merging operations and full reset operations. It is also very useful for merging our code and tracking another branch. The graph diagrams of Git are very useful. Its interface is straightforward and not too complex for us."
"GitLab is being used as a repository for our codebase and it is a one stop DevOps tool we use in our team."
"In our software development lifecycle, GitLab is used as a component for code repository management. We use GitLab for several projects to handle code repositories. For other software projects, we use Bitbucket, but the use case for both is very similar."
"The user interface is really good so that helps with huge teams who need to collaborate."
"GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable."
"We compared this solution with Atlassian, which has Bitbucket, and we felt GitLab is a little easier to use."
"GitLab is comparatively expensive, but it provides value because it's feature-rich."
"It streamlines our DevOps processes with automated CI/CD pipelines."
 

Cons

"An area for improvement in Checkmarx Software Composition Analysis is for the updates to be fast."
"Parts of the implementation process could improve by making it more user-friendly."
"API security is an area with shortcomings that needs improvement."
"I would rate the scalability a seven out of ten."
"It can have better licensing models."
"In terms of time and quality of support, Checkmarx SCA needs improvement."
"The solution could improve by determining the success factor of an upgrade, which is currently lacking."
"The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours."
"In my experience, GitLab is stable; however, sometimes it takes much time to start the runner and gets stuck in a pending situation, possibly due to traffic issues."
"Authentication can be a problem when you have an application and you want to configure it with them. I used Spring Cloud config and to connect that to GitLab was so hard."
"It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful."
"The user interface could be more user-friendly. We do most of our operations through the website interface but it could be better."
"I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities."
"Reporting could be improved."
"GitLab could improve by having more plugins and better user-friendliness."
"At this point, I think the features are declining."
 

Pricing and Cost Advice

"We don't have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage."
"The license model is somewhat perplexing as it comprises multiple aspects that can be confusing for customers. The model is determined by the number of registered users and the number of projects being scanned, along with a third component that adds to the complexity."
"It is a little bit high priced. It would be better if it was a little less expensive."
"Pricing for Checkmarx Software Composition Analysis needs to be competitive."
"My customers need to pay for the licensing part, and they need to opt for an annual subscription."
"In terms of the pricing for GitLab, on a scale of one to five, with one being expensive and five being cheap, I'm rating pricing for the solution a four. It could still be cheaper because right now, my company has a small team, and sometimes it's difficult to use a paid product for a small team. You'd hope the team will grow and scale, but currently, you're paying a high license fee for a small team. I'm referring to the GitLab license that has premium features and will give you all features. This can be a problem for management to approve the high price of the license for a team this small."
"The solution is based on a subscription model and is reasonably priced."
"This is an open-source solution."
"I'm not sure if they have some kind of discount. I've been negotiating with them on prices before, and I believe they weren't too happy to give discounts, but list prices are $19 per user, per month for Premium and $99 per user, per month for Ultimate. So, the difference between Premium and Ultimate is a bit bigger, and in most companies, you need to build some type of business case."
"My company uses the free version of GitLab, which is GitLab Community Edition. There is a licensed version also available for GitLab."
"Regarding pricing, I would rate GitLab as moderately priced, maybe around a seven or eight out of ten. It could be more flexible for clients but generally offers good value."
"We are currently using the open-source version."
"GitLab is a free solution to use."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
903,067 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Construction Company
9%
Manufacturing Company
8%
Insurance Company
6%
Financial Services Firm
14%
Manufacturing Company
11%
Government
9%
Computer Software Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Large Enterprise8
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise10
Large Enterprise49
 

Questions from the Community

What is your experience regarding pricing and costs for Checkmarx Software Composition Analysis?
Pricing is complex and high for small organizations but offers great benefits for larger organizations. It is notably different compared to competitors like GitHub Advanced Security.
What needs improvement with Checkmarx Software Composition Analysis?
The solution could improve by determining the success factor of an upgrade, which is currently lacking.
What is your primary use case for Checkmarx Software Composition Analysis?
We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the ...
What is your experience regarding pricing and costs for GitLab?
The setup cost for GitLab is minimal since the team has its own minimal resource balancing. The costing falls into an intermediate stage and is impactful across all results within the team. It allo...
What needs improvement with GitLab?
There are many improvements that GitLab can implement, such as addressing the issue of caching. Currently, when I have multiple tasks to merge or attempt multiple merges, the CI/CD and overall GitL...
What is your primary use case for GitLab?
My main use case for GitLab is as a version control system that we are using. Currently, I am working on an end-to-end AI pipeline, and I have deployed my whole code using GitLab so that all things...
 

Also Known As

CxSCA
Fuzzit
 

Overview

 

Sample Customers

AXA, Liveperson, Aaron's, Playtech, Morningstar
1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Find out what your peers are saying about Checkmarx Software Composition Analysis vs. GitLab and other solutions. Updated: June 2026.
903,067 professionals have used our research since 2012.