Try our new research platform with insights from 80,000+ expert users

Checkmarx Software Composition Analysis vs GitLab comparison

Checkmarx and GitLab are both solutions in the Software Composition Analysis (SCA) category. Checkmarx is ranked #8 with an average rating of 9.1, while GitLab is ranked #5 with an average rating of 8.3. Checkmarx holds a 2.6% mindshare in SCA, compared to GitLab’s 4.8% mindshare. Additionally, 100% of Checkmarx users are willing to recommend the solution, compared to 97% of GitLab users who would recommend it.
Checkmarx Software Composit...
Read 12 Checkmarx Software Composition Analysis reviews
  • 1,504 Views
  • 1,126 Comparison Views
100% willing to recommend
GitLab
Read 75 GitLab reviews
  • 2,526 Views
  • 1,945 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Nov 5, 2024

GitLab and Checkmarx Software Composition Analysis are strong contenders in the DevOps and security scanning categories, respectively. GitLab has the upper hand in repository management and CI/CD capabilities, while Checkmarx excels in security scanning and comprehensive vulnerability assessments.

Features: GitLab is renowned for repository management, CI/CD pipelines, and integration flexibility, enabling effective software development. Its unified platform supports code reviews, deployments, and various DevOps activities. Checkmarx Software Composition Analysis is recognized for its security scanning, identifying open-source vulnerabilities, and providing comprehensive security assessments.

Room for Improvement: GitLab needs better integration with container platforms and third-party tools like AWS and Jira. Improved metrics, testing capabilities, and documentation are also needed. Checkmarx could improve by reducing false positives, offering better pricing, and enhancing configurability and dynamic analysis support.

Ease of Deployment and Customer Service: GitLab offers versatile deployment options such as public, private, hybrid clouds, and on-premises, adaptable to organizational needs. Support varies with licensing, with community forums for free users. Checkmarx supports on-premises and public cloud deployments, with support dependent on licensing, highlighting system stability.

Pricing and ROI: GitLab's pricing includes free and paid tiers, with the open-source model appealing despite costly premium transitions. Users value its feature richness. Checkmarx has a complex, costly licensing model, yet its robust security benefits justify the expense for users needing strong security. Both provide significant ROI, appealing based on specific needs and budgets.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Checkmarx Software Composition Analysis vs. GitLab Report (Updated: October 2024).
Buyer's Guide
Checkmarx Software Composition Analysis vs. GitLab
October 2024
Download the complete report
Helped 816,406 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Customer Service

No sentiment score available
Checkmarx SCA provides 24/7 customer support with knowledgeable service and comprehensive documentation, though some note past service decline.
Sentiment score
8.2
GitLab support receives mixed feedback; while some find it helpful, others rely on community forums or internal resources.
 

Room For Improvement

Sentiment score
4.4
Checkmarx Software Composition Analysis requires price, UI, performance improvements, faster updates, stronger API security, and better support for enhancements.
Sentiment score
5.7
GitLab needs improved integrations, security, user-friendly interface, expanded capabilities, better CI/CD, project management, and simplified pricing and support.
 

Scalability Issues

Sentiment score
8.7
Checkmarx Software Composition Analysis is praised for its scalability, effectively handling multiple projects with high user satisfaction and efficiency.
Sentiment score
7.5
GitLab is praised for efficient scalability across environments and team sizes, with flexible configurations and cloud integration capabilities.
 

Setup Cost

No sentiment score available
Checkmarx Software Composition Analysis is costly and complex but valued, prompting many enterprise users to expand its use.
Sentiment score
5.7
GitLab pricing offers flexible plans with free tiers and paid options for enhanced features, considered competitive but sometimes costly.
 

Stability Issues

Sentiment score
8.1
Checkmarx Software Composition Analysis is stable and reliable, though occasional performance issues occur with geographical cloud usage impacting scan times.
Sentiment score
8.2
GitLab is praised for stability, with users experiencing rare minor issues, ensuring reliable performance and high user satisfaction.
 

Valuable Features

Sentiment score
8.2
Checkmarx SCA integrates with CICD pipelines to ensure security by identifying vulnerabilities and license issues with detailed analysis and guidance.
Sentiment score
8.2
GitLab offers comprehensive CI/CD, seamless merging, robust management, automation, scalability, and extensive integration for DevOps support.
 

Categories and Ranking

Checkmarx Software Composit...
Ranking in Software Composition Analysis (SCA)
8th
Average Rating
9.2
Reviews Sentiment
7.5
Number of Reviews
12
Ranking in other categories
No ranking in other categories
GitLab
Ranking in Software Composition Analysis (SCA)
5th
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
75
Ranking in other categories
Application Security Tools (11th), Build Automation (1st), Release Automation (2nd), Static Application Security Testing (SAST) (10th), Rapid Application Development Software (12th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (3rd)
 

Mindshare comparison

As of November 2024, in the Software Composition Analysis (SCA) category, the mindshare of Checkmarx Software Composition Analysis is 2.6%, down from 3.1% compared to the previous year. The mindshare of GitLab is 4.8%, down from 5.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
 

Featured Reviews

Sujata Sujata Ghadage - PeerSpot reviewer
Offers great security in the area of vulnerability detection
I am more into the SAST side, which is related to Checkmarx Software Composition Analysis. Checkmarx recently introduced DAST and software composition analysis, but I am not aware much about it. Checkmarx Software Composition Analysis is a good tool with many rules, ensuring that the product offers vulnerability detection and provides good coverage. Though my company has not integrated Checkmarx Software Composition Analysis into SDLC, we do plan to do it in the future. The product helped our company deal with a major security breach when we had to deal with a lot of SQL-related issues stemming from some of the codes, which were written earlier not using a proper framework, owing to which there were many vulnerabilities in respect to LDAP, cross-site attacks and SQL injection. The product's most effective part for identifying vulnerabilities stems from the tool's SAST capabilities. The product's dashboard has improved our company's vulnerability management processes. The tool shows a proper dashboard and offers frequent remediation options and proper compliance status, which helps to know about the number of vulnerabilities and the dashboards. The accuracy of the product's vulnerability detection is 95 percent. At an organizational level, the product is hosted on the cloud. In my company, we use the product to scan reports. I don't see anything complex in the solution from the maintenance point of view. The product is deployed in a single location where multiple people use it. The product can be described as an access-based solution. For a particular project or depending on an assignment, access is given to certain people for a month or two. After the completion of a project or assignment, the product's access to a person is removed and given to another person who needs the solution for another project. I recommend the product to those who plan to use it. It is one of the best tools in the market. The product provides good coverage and ensures that the users experience a return on investment from its use in their environment. The tool is also helpful in dealing with vulnerabilities and false positives. I rate the overall tool a nine out of ten.
Read full review
Corné den Hollander - PeerSpot reviewer
Powerful, mature, and easy to set up and manage
It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful. In terms of additional features, nothing comes to mind. One of the potential pitfalls is to keep adding new features and functionalities. They can just improve some of the existing features to make it high-end, top-quality. I don't have any substantial experience with agile planning. I don't know the industries GitLab is in, and I don't know why they make decisions like this, but as a customer, I would rather see them invest in improving the basic agile planning functionalities rather than adding, for example, portfolio planning features. That's because if I'm going to do portfolio planning, I probably will also need a lot of business users. I'm not sure if I want them in GitLab, I'd rather have them in Jira collaborating with me on portfolio planning. That's way better fitted for that type of work.
Read full review
report
See which vendors are best for you
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
See recommendations
816,406 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
36%
Manufacturing Company
15%
Computer Software Company
10%
Logistics Company
4%
Educational Organization
29%
Computer Software Company
11%
Financial Services Firm
11%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Checkmarx Software Composition Analysis?
The tool's visual scan analysis shows me all the libraries' vulnerabilities and license types. It helps identify the most complex issues with licenses. It provides good visibility. SCA shows me all...
See all answers
What is your experience regarding pricing and costs for Checkmarx Software Composition Analysis?
We have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage.
See all answers
What needs improvement with Checkmarx Software Composition Analysis?
Checkmarx Software Composition Analysis should improve dynamic analysis.
See all answers
What do you like most about GitLab?
I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
See all answers
What is your experience regarding pricing and costs for GitLab?
Pricing is relatively expensive.
See all answers
What needs improvement with GitLab?
The pricing has been substantially increased, which is a major concern. While GitLab has a lot of documentation, the complexity and volume can be overwhelming, especially for new learners. Structur...
See all answers
 

Comparisons

Black Duck vs Checkmarx Software Composition Analysis Logo
Black Duck vs Checkmarx Software Composition Analysis
Compared 34% of the time
JFrog Xray vs Checkmarx Software Composition Analysis Logo
JFrog Xray vs Checkmarx Software Composition Analysis
Compared 23% of the time
Semgrep vs Checkmarx Software Composition Analysis Logo
Semgrep vs Checkmarx Software Composition Analysis
Compared 12% of the time
Fortify Static Code Analyzer vs Checkmarx Software Composition Analysis Logo
Fortify Static Code Analyzer vs Checkmarx Software Composition Analysis
Compared 7% of the time
Polaris Software Integrity Platform vs Checkmarx Software Composition Analysis Logo
Polaris Software Integrity Platform vs Checkmarx Software Composition Analysis
Compared 6% of the time
More Checkmarx Software Composition Analysis Competitors
Microsoft Azure DevOps vs GitLab Logo
Microsoft Azure DevOps vs GitLab
Compared 40% of the time
SonarQube Server (formerly SonarQube) vs GitLab Logo
SonarQube Server (formerly SonarQube) vs GitLab
Compared 8% of the time
GitHub CoPilot vs GitLab Logo
GitHub CoPilot vs GitLab
Compared 7% of the time
AWS CodePipeline vs GitLab Logo
AWS CodePipeline vs GitLab
Compared 5% of the time
Tekton vs GitLab Logo
Tekton vs GitLab
Compared 4% of the time
More GitLab Competitors
 

Product Reports

Buyer's Guide
Checkmarx Software Composition Analysis
November 2024
Checkmarx Software Composition Analysis reportDownload Checkmarx Software Composition Analysis product report
Buyer's Guide
GitLab
November 2024
GitLab reportDownload GitLab product report
 

Also Known As

CxSCA
Fuzzit
 

Learn More

Checkmarx
GitLab
 

Overview

Checkmarx Software Composition Analysis (SCA) helps organizations manage the risks associated with open source and third-party components in their software applications. While leveraging open source libraries and third-party dependencies is common practice, it can also introduce security vulnerabilities and license risks.


Checkmarx SCA offers a multifaceted approach to managing these risks by:


  • Automatically scanning project repositories, build configurations, and manifests to create a comprehensive inventory of all components, including version information and associated licenses.

  • Performing vulnerability assessments on each component, including identifying and prioritizing actual exploitable or reachable vulnerabilities.

  • Protecting organizations from software supply chain attacks involving malicious packages, such as the XZ Utils backdoor.

  • Identifying licenses associated and providing insights into license obligations, restrictions, and potential conflicts.

  • Integrating seamlessly into existing development workflows and CI/CD pipelines.

  • Providing actionable remediation guidance to help organizations address identified vulnerabilities and compliance issues effectively.

GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster. 

It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring. 

With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

 

Sample Customers

AXA, Liveperson, Aaron's, Playtech, Morningstar
1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Buyer's Guide
Checkmarx Software Composition Analysis vs. GitLab
October 2024
Free Report: Checkmarx Software Composition Analysis vs. GitLab
Find out what your peers are saying about Checkmarx Software Composition Analysis vs. GitLab and other solutions. Updated: October 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.
See our Checkmarx Software Composition Analysis vs. GitLab report.
See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.