No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx Software Composition Analysis vs GitLab comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx Software Composit...
Ranking in Software Composition Analysis (SCA)
12th
Average Rating
9.0
Reviews Sentiment
7.6
Number of Reviews
13
Ranking in other categories
No ranking in other categories
GitLab
Ranking in Software Composition Analysis (SCA)
4th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
91
Ranking in other categories
Application Security Tools (6th), Build Automation (1st), Release Automation (2nd), Static Application Security Testing (SAST) (4th), Rapid Application Development Software (11th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (1st)
 

Mindshare comparison

As of July 2026, in the Software Composition Analysis (SCA) category, the mindshare of Checkmarx Software Composition Analysis is 2.7%, up from 2.5% compared to the previous year. The mindshare of GitLab is 3.6%, down from 4.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA) Mindshare Distribution
ProductMindshare (%)
GitLab3.6%
Checkmarx Software Composition Analysis2.7%
Other93.7%
Software Composition Analysis (SCA)
 

Featured Reviews

Tharindu Malwenna - PeerSpot reviewer
Senior Application Security Engineer at a newspaper with 5,001-10,000 employees
Efficient library identification and upgrade suggestions improve application security
We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the application Checkmarx Software Composition Analysis provides identification of libraries and…
BasilJiji - PeerSpot reviewer
System engineer at a retailer with 10,001+ employees
Role-based workflows have transformed daily deployments and improve team collaboration
GitLab has role-based access control, so when a team member needs to make a code change, they cannot directly apply it to the environment but must put in a merge request. Once a senior reviews the code and approves it, then it is implemented across the environment, making it safer and allowing everyone to experience the process. The best features GitLab offers are version control and automation, which are the major things that stand out to me. When it comes to access, the login is very smooth, with just one login integrated with our Okta, allowing everyone to log in easily. Deployments become much easier, and that is how GitLab helps. The automation features make my work easier because we use a tool called AWX, which is connected to GitLab. Whenever we run a job on AWX, it directly checks the code and uses it. Since the code is not preserved locally but kept in the cloud, it is safe and nobody can tamper with it. When it comes to safety, that is a major thing. Automation features allow the code to be accessed from any tools we use, so the jobs we run are helping tremendously and doing their work perfectly. For pipeline tasks, we have created a significant amount of pipelines, which are all hosted in GitLab. Running the pipelines has become much easier, and they are doing a perfect job, helping tremendously in our day-to-day activities. GitLab has positively impacted my organization because previously we stored code locally on servers, leading to many risks. Since GitLab came into our environment, our integration and deployments became much easier, helping our work become much smoother. Improvements from GitLab have led to better team collaboration because when several people are working, they can all edit the code and submit it as a merge request, and once approved, it reflects directly to the main branch. Many can work at the same time. When it comes to deployments, deploying has become much faster since we started using GitLab, and even if errors occur, we can spot them easily and troubleshoot, which has helped tremendously.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of Checkmarx Software Composition Analysis is the comprehensive security scan."
"I appreciate the user-friendly interface. The GUI is excellent, providing detailed information on outdated versions, including version numbers and the flow of library calls. This allows me to plan and prioritize library changes based on potential vulnerabilities, even if the affected library is indirectly used in my project. The tool offers specific guidance on addressing these issues."
"Checkmarx Software Composition Analysis is one of the most important products in the IT security market."
"What's most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in open-source components, especially if some critical issues exist."
"It is a stable solution...It is a scalable solution."
"One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take two hours to do the initial scan. The subsequent scans, as people are making changes to the app, scan the Delta and are very fast. That's a really nice implementation. The way they have incorporated the functionality of the incremental scans is something to be aware of. It is quite good. It has been very solid. We haven't really had any issues, and it does what it advertises to do very nicely."
"We were able to reduce the number of vulnerable libraries by 50%, leading to significant operational improvement."
"The customer service and support were good."
"We use GitLab in the new project for CI/CD, integration, and deployment."
"We like the automatic deployment for different environments."
"I like GitLab's security and SAS tools."
"It is scalable."
"In our software development lifecycle, GitLab is used as a component for code repository management. We use GitLab for several projects to handle code repositories. For other software projects, we use Bitbucket, but the use case for both is very similar."
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"The CI/CD pipeline with Helm has significantly improved deployment speed and efficiency."
"The solution's most valuable features are pipelines."
 

Cons

"Personally, I currently use it as a standalone tool without integrating it with other systems, and it meets my needs adequately. As a suggestion, I request on considering to add a "what if" feature to the application. Currently, when the tool identifies issues and suggests updates, if I want to explore different scenarios, I need to prepare another file, turn it into a ZIP, and run the analysis again. It would be more convenient if there was a "what if" option in the GUI. This feature could simulate a run, allowing me to quickly check the impact of changing one or more files or versions without the need for a full rerun."
"I would rate the scalability a seven out of ten."
"An area for improvement in Checkmarx Software Composition Analysis is for the updates to be fast."
"Parts of the implementation process could improve by making it more user-friendly."
"Checkmarx Software Composition Analysis should improve dynamic analysis."
"I have received complaints from my customers that the pricing could be improved."
"Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive. It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx."
"In terms of time and quality of support, Checkmarx SCA needs improvement."
"We would like to have easier tutorials. Their tutorials are too technical for a user to understand. They should be more detailed but less technical."
"The price of GitLab could improve, it is high."
"We'd always like to see better pricing on the product."
"There are missing search features, particularly when searching repositories or applying filters. Additionally, I have encountered issues with the deployment of CI/CD pipelines, especially dealing with variable environments."
"It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful."
"I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository. Resolving that issue would make the product better. My team quickly fixed it by writing a small script, then double-clicking or enabling the script to take care of the issue. However, that quick fix was from my team and not the GitLab team, so in the next release, if an automatic deployment feature would be available in GitLab, then that would be good because, in Visual Studio, you can do that with just one click of a button."
"While GitLab is a great tool for developers, it lacks project planner features. Roadmaps and Gantt charts in GitLab are not as advanced as in Jira, and changing start and end dates is more laborious in GitLab."
"I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository."
 

Pricing and Cost Advice

"We don't have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage."
"It is a little bit high priced. It would be better if it was a little less expensive."
"My customers need to pay for the licensing part, and they need to opt for an annual subscription."
"The license model is somewhat perplexing as it comprises multiple aspects that can be confusing for customers. The model is determined by the number of registered users and the number of projects being scanned, along with a third component that adds to the complexity."
"Pricing for Checkmarx Software Composition Analysis needs to be competitive."
"We are using the free version of GitLab."
"The solution's pricing is acceptable."
"The price is okay."
"On a scale of one to ten, where one is cheap, and ten is expensive, I rate the pricing a five out of ten."
"GitLab is cheap."
"This product is not very expensive but the price can be better."
"I think that we pay approximately $100 USD per month."
"I don't mind the price because I use the free version."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
904,680 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Construction Company
9%
Manufacturing Company
8%
Insurance Company
6%
Financial Services Firm
14%
Manufacturing Company
11%
Government
9%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Large Enterprise8
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise10
Large Enterprise49
 

Questions from the Community

What is your experience regarding pricing and costs for Checkmarx Software Composition Analysis?
Pricing is complex and high for small organizations but offers great benefits for larger organizations. It is notably different compared to competitors like GitHub Advanced Security.
What needs improvement with Checkmarx Software Composition Analysis?
The solution could improve by determining the success factor of an upgrade, which is currently lacking.
What is your primary use case for Checkmarx Software Composition Analysis?
We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the ...
What is your experience regarding pricing and costs for GitLab?
The setup cost for GitLab is minimal since the team has its own minimal resource balancing. The costing falls into an intermediate stage and is impactful across all results within the team. It allo...
What needs improvement with GitLab?
There are many improvements that GitLab can implement, such as addressing the issue of caching. Currently, when I have multiple tasks to merge or attempt multiple merges, the CI/CD and overall GitL...
What is your primary use case for GitLab?
My main use case for GitLab is as a version control system that we are using. Currently, I am working on an end-to-end AI pipeline, and I have deployed my whole code using GitLab so that all things...
 

Also Known As

CxSCA
Fuzzit
 

Overview

 

Sample Customers

AXA, Liveperson, Aaron's, Playtech, Morningstar
1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Find out what your peers are saying about Checkmarx Software Composition Analysis vs. GitLab and other solutions. Updated: June 2026.
904,680 professionals have used our research since 2012.