Try our new research platform with insights from 80,000+ expert users

Checkmarx Software Composition Analysis vs GitLab comparison

Checkmarx and GitLab are both solutions in the Software Composition Analysis (SCA) category. Checkmarx is ranked #8 with an average rating of 9.1, while GitLab is ranked #5 with an average rating of 8.3. Checkmarx holds a 2.6% mindshare in SCA, compared to GitLab’s 4.8% mindshare. Additionally, 100% of Checkmarx users are willing to recommend the solution, compared to 97% of GitLab users who would recommend it.
Checkmarx Software Composit...
Read 12 Checkmarx Software Composition Analysis reviews
  • 1,504 Views
  • 1,126 Comparison Views
100% willing to recommend
GitLab
Read 75 GitLab reviews
  • 2,526 Views
  • 1,945 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Nov 5, 2024

GitLab and Checkmarx Software Composition Analysis are strong contenders in the DevOps and security scanning categories, respectively. GitLab has the upper hand in repository management and CI/CD capabilities, while Checkmarx excels in security scanning and comprehensive vulnerability assessments.

Features: GitLab is renowned for repository management, CI/CD pipelines, and integration flexibility, enabling effective software development. Its unified platform supports code reviews, deployments, and various DevOps activities. Checkmarx Software Composition Analysis is recognized for its security scanning, identifying open-source vulnerabilities, and providing comprehensive security assessments.

Room for Improvement: GitLab needs better integration with container platforms and third-party tools like AWS and Jira. Improved metrics, testing capabilities, and documentation are also needed. Checkmarx could improve by reducing false positives, offering better pricing, and enhancing configurability and dynamic analysis support.

Ease of Deployment and Customer Service: GitLab offers versatile deployment options such as public, private, hybrid clouds, and on-premises, adaptable to organizational needs. Support varies with licensing, with community forums for free users. Checkmarx supports on-premises and public cloud deployments, with support dependent on licensing, highlighting system stability.

Pricing and ROI: GitLab's pricing includes free and paid tiers, with the open-source model appealing despite costly premium transitions. Users value its feature richness. Checkmarx has a complex, costly licensing model, yet its robust security benefits justify the expense for users needing strong security. Both provide significant ROI, appealing based on specific needs and budgets.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Checkmarx Software Composition Analysis vs. GitLab Report (Updated: October 2024).
Buyer's Guide
Checkmarx Software Composition Analysis vs. GitLab
October 2024
Download the complete report
Helped 814,649 peers since 2012
 

Categories and Ranking

Checkmarx Software Composit...
Ranking in Software Composition Analysis (SCA)
8th
Average Rating
9.2
Number of Reviews
12
Ranking in other categories
No ranking in other categories
GitLab
Ranking in Software Composition Analysis (SCA)
5th
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
75
Ranking in other categories
Application Security Tools (11th), Build Automation (1st), Release Automation (2nd), Static Application Security Testing (SAST) (10th), Rapid Application Development Software (12th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (3rd)
 

Mindshare comparison

As of November 2024, in the Software Composition Analysis (SCA) category, the mindshare of Checkmarx Software Composition Analysis is 2.6%, down from 3.1% compared to the previous year. The mindshare of GitLab is 4.8%, down from 5.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
 

Featured Reviews

Sujata Sujata Ghadage - PeerSpot reviewer
Mar 14, 2024
Offers great security in the area of vulnerability detection
I am more into the SAST side, which is related to Checkmarx Software Composition Analysis. Checkmarx recently introduced DAST and software composition analysis, but I am not aware much about it. Checkmarx Software Composition Analysis is a good tool with many rules, ensuring that the product offers vulnerability detection and provides good coverage. Though my company has not integrated Checkmarx Software Composition Analysis into SDLC, we do plan to do it in the future. The product helped our company deal with a major security breach when we had to deal with a lot of SQL-related issues stemming from some of the codes, which were written earlier not using a proper framework, owing to which there were many vulnerabilities in respect to LDAP, cross-site attacks and SQL injection. The product's most effective part for identifying vulnerabilities stems from the tool's SAST capabilities. The product's dashboard has improved our company's vulnerability management processes. The tool shows a proper dashboard and offers frequent remediation options and proper compliance status, which helps to know about the number of vulnerabilities and the dashboards. The accuracy of the product's vulnerability detection is 95 percent. At an organizational level, the product is hosted on the cloud. In my company, we use the product to scan reports. I don't see anything complex in the solution from the maintenance point of view. The product is deployed in a single location where multiple people use it. The product can be described as an access-based solution. For a particular project or depending on an assignment, access is given to certain people for a month or two. After the completion of a project or assignment, the product's access to a person is removed and given to another person who needs the solution for another project. I recommend the product to those who plan to use it. It is one of the best tools in the market. The product provides good coverage and ensures that the users experience a return on investment from its use in their environment. The tool is also helpful in dealing with vulnerabilities and false positives. I rate the overall tool a nine out of ten.
Read full review
Corné den Hollander - PeerSpot reviewer
Sep 15, 2022
Powerful, mature, and easy to set up and manage
It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful. In terms of additional features, nothing comes to mind. One of the potential pitfalls is to keep adding new features and functionalities. They can just improve some of the existing features to make it high-end, top-quality. I don't have any substantial experience with agile planning. I don't know the industries GitLab is in, and I don't know why they make decisions like this, but as a customer, I would rather see them invest in improving the basic agile planning functionalities rather than adding, for example, portfolio planning features. That's because if I'm going to do portfolio planning, I probably will also need a lot of business users. I'm not sure if I want them in GitLab, I'd rather have them in Jira collaborating with me on portfolio planning. That's way better fitted for that type of work.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is a stable solution...It is a scalable solution."
"The most valuable feature of Checkmarx Software Composition Analysis is the comprehensive security scan."
"Checkmarx unifies all the features in its service."
"The product is stable and scalable."
"The tool's visual scan analysis shows me all the libraries' vulnerabilities and license types. It helps identify the most complex issues with licenses. It provides good visibility. SCA shows me all libraries that are vulnerable and the extent of their vulnerability."
"One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take two hours to do the initial scan. The subsequent scans, as people are making changes to the app, scan the Delta and are very fast. That's a really nice implementation. The way they have incorporated the functionality of the incremental scans is something to be aware of. It is quite good. It has been very solid. We haven't really had any issues, and it does what it advertises to do very nicely."
"The integration part is easy...It's a stable solution right now."
"What's most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in open-source components, especially if some critical issues exist."
More Checkmarx Software Composition Analysis pros
"Everything is easy to configure and easy to work with."
"The code merging capability is something that we use very frequently."
"The scalability is good."
"The SaaS setup is impressive, and it has DAST solutioning."
"The solution's most valuable features are pipelines."
"GitLab integrates well with other platforms."
"I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."
"This is a scalable solution. We had around 200 users working with it."
More GitLab pros
 

Cons

"Some of the recommendations provided by the product are generic. Even if the recommendations provided by the product are of low level, the appropriate ones can help users deal with vulnerabilities."
"Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive. It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx."
"The quality of technical support has decreased over time, and it is not as good as it used to be."
"Instant updates for end users to identify vulnerabilities as soon as possible will make Checkmarx Software Composition Analysis better. The UI of the solution could also be improved."
"I would rate the scalability a seven out of ten."
"Checkmarx Software Composition Analysis should improve dynamic analysis."
"In terms of areas for improvement, what could be improved in Checkmarx Software Composition Analysis is pricing because customers always compare the pricing among secure DevOps solutions in the market. Checkmarx Software Composition Analysis has a lot of competitors yet its features aren't much different. Pricing is the first thing customers consider, and from a partner perspective, if you can offer affordable pricing to your customers, it's more likely you'll have a winning deal. The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours."
"API security is an area with shortcomings that needs improvement."
More Checkmarx Software Composition Analysis cons
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"GitLab could improve by having more plugins and better user-friendliness."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
"GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package."
"GitLab doesn't have AWS integration. It would be better to have integration with other container management environments beyond Kubernetes. It has very good integration with Kubernetes, but it doesn't have good integration with, for example, AWS, ETS, etc."
"GitLab could consider introducing a code-scanning tool. Purchasing such tools from external markets can incur charges, which might not be favorable. Integrating these features into GitLab would streamline the pipeline and make it more convenient for users."
"I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository. Resolving that issue would make the product better. My team quickly fixed it by writing a small script, then double-clicking or enabling the script to take care of the issue. However, that quick fix was from my team and not the GitLab team, so in the next release, if an automatic deployment feature would be available in GitLab, then that would be good because, in Visual Studio, you can do that with just one click of a button."
"It could have more security integrations and the ability to check the vulnerability of the code. I don't think it is a responsibility of Gitlab, but it would be nice to have more options to integrate with."
More GitLab cons
 

Pricing and Cost Advice

"My customers need to pay for the licensing part, and they need to opt for an annual subscription."
"The license model is somewhat perplexing as it comprises multiple aspects that can be confusing for customers. The model is determined by the number of registered users and the number of projects being scanned, along with a third component that adds to the complexity."
"Pricing for Checkmarx Software Composition Analysis needs to be competitive."
"We don't have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage."
"It is a little bit high priced. It would be better if it was a little less expensive."
"We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
"The solution is free."
"In terms of the pricing for GitLab, on a scale of one to five, with one being expensive and five being cheap, I'm rating pricing for the solution a four. It could still be cheaper because right now, my company has a small team, and sometimes it's difficult to use a paid product for a small team. You'd hope the team will grow and scale, but currently, you're paying a high license fee for a small team. I'm referring to the GitLab license that has premium features and will give you all features. This can be a problem for management to approve the high price of the license for a team this small."
"Regarding pricing, I would rate GitLab as moderately priced, maybe around a seven or eight out of ten. It could be more flexible for clients but generally offers good value."
"Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
"This product is not very expensive but the price can be better."
"GitLab's pricing is good compared to others on the market."
"GitLab is an open-source solution."
More GitLab pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
See recommendations
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
35%
Manufacturing Company
15%
Computer Software Company
11%
Logistics Company
4%
Educational Organization
28%
Computer Software Company
11%
Financial Services Firm
11%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Checkmarx Software Composition Analysis?
The tool's visual scan analysis shows me all the libraries' vulnerabilities and license types. It helps identify the most complex issues with licenses. It provides good visibility. SCA shows me all...
See all answers
What is your experience regarding pricing and costs for Checkmarx Software Composition Analysis?
We have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage.
See all answers
What needs improvement with Checkmarx Software Composition Analysis?
Checkmarx Software Composition Analysis should improve dynamic analysis.
See all answers
What do you like most about GitLab?
I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
See all answers
What is your experience regarding pricing and costs for GitLab?
The solution is free.
See all answers
What needs improvement with GitLab?
In the next release, I would like to see GitLab expand its integration capabilities to include platforms like DigitalOcean, which developers widely use for cloud infrastructure. Enhancing CI/CD aut...
See all answers
 

Comparisons

Black Duck vs Checkmarx Software Composition Analysis Logo
Black Duck vs Checkmarx Software Composition Analysis
Compared 34% of the time
JFrog Xray vs Checkmarx Software Composition Analysis Logo
JFrog Xray vs Checkmarx Software Composition Analysis
Compared 23% of the time
Semgrep vs Checkmarx Software Composition Analysis Logo
Semgrep vs Checkmarx Software Composition Analysis
Compared 12% of the time
Fortify Static Code Analyzer vs Checkmarx Software Composition Analysis Logo
Fortify Static Code Analyzer vs Checkmarx Software Composition Analysis
Compared 7% of the time
Polaris Software Integrity Platform vs Checkmarx Software Composition Analysis Logo
Polaris Software Integrity Platform vs Checkmarx Software Composition Analysis
Compared 6% of the time
More Checkmarx Software Composition Analysis Competitors
Microsoft Azure DevOps vs GitLab Logo
Microsoft Azure DevOps vs GitLab
Compared 41% of the time
SonarQube Server (formerly SonarQube) vs GitLab Logo
SonarQube Server (formerly SonarQube) vs GitLab
Compared 8% of the time
GitHub CoPilot vs GitLab Logo
GitHub CoPilot vs GitLab
Compared 7% of the time
AWS CodePipeline vs GitLab Logo
AWS CodePipeline vs GitLab
Compared 5% of the time
Bamboo vs GitLab Logo
Bamboo vs GitLab
Compared 4% of the time
More GitLab Competitors
 

Product Reports

Buyer's Guide
Checkmarx Software Composition Analysis
November 2024
Checkmarx Software Composition Analysis reportDownload Checkmarx Software Composition Analysis product report
Buyer's Guide
GitLab
October 2024
GitLab reportDownload GitLab product report
 

Also Known As

CxSCA
Fuzzit
 

Learn More

Checkmarx
GitLab
 

Overview

Checkmarx Software Composition Analysis (SCA) helps organizations manage the risks associated with open source and third-party components in their software applications. While leveraging open source libraries and third-party dependencies is common practice, it can also introduce security vulnerabilities and license risks.


Checkmarx SCA offers a multifaceted approach to managing these risks by:


  • Automatically scanning project repositories, build configurations, and manifests to create a comprehensive inventory of all components, including version information and associated licenses.

  • Performing vulnerability assessments on each component, including identifying and prioritizing actual exploitable or reachable vulnerabilities.

  • Protecting organizations from software supply chain attacks involving malicious packages, such as the XZ Utils backdoor.

  • Identifying licenses associated and providing insights into license obligations, restrictions, and potential conflicts.

  • Integrating seamlessly into existing development workflows and CI/CD pipelines.

  • Providing actionable remediation guidance to help organizations address identified vulnerabilities and compliance issues effectively.

GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster. 

It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring. 

With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

 

Sample Customers

AXA, Liveperson, Aaron's, Playtech, Morningstar
1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Buyer's Guide
Checkmarx Software Composition Analysis vs. GitLab
October 2024
Free Report: Checkmarx Software Composition Analysis vs. GitLab
Find out what your peers are saying about Checkmarx Software Composition Analysis vs. GitLab and other solutions. Updated: October 2024.
DOWNLOAD NOW
814,649 professionals have used our research since 2012.
See our Checkmarx Software Composition Analysis vs. GitLab report.
See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.