We performed a comparison between Checkmarx One and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"Vulnerability details is valuable."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"Our static operation security has been able to identify more security issues since implementing this solution."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"I like that you can use GitLab as a double-sided solution for both DevOps and version management. It's a good product for working in these two areas, and the user interface makes it easy to understand."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"GitLab's best feature is Actions."
"GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable."
"The solution's service delivery model is fantastic."
"The most valuable features of Gitlab are integration with CIE and the ability to rapidly deploy solutions, projects, and applications. It is very easy to use, and there are no complaints."
"It is very flexible and easy because you can store data on cloud."
"The solution makes the CI/CD pipelines easy to execute."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"Checkmarx could improve the speed of the scans."
"The reports are good, but they still need to be improved considering what the UI offers."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"GitLab could consider introducing a code-scanning tool. Purchasing such tools from external markets can incur charges, which might not be favorable. Integrating these features into GitLab would streamline the pipeline and make it more convenient for users."
"The pricing model of GitLab is an issue for me."
"I would like more Agile features in the Premium version. The Premium version should have all Agile features that exist in the Ultimate version. IBM AOM has a complete Agile implementation, but in GitLab, you only have these features if you buy the Ultimate version. It would be good if we can use these in the Premium version."
"The solution should be more cloud-native and have more cloud-native capabilities and features."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"We'd like to see better integration with the Atlassian ecosystem."
"I would like to see security increased in the future. A secure environment is very important."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while GitLab is ranked 7th in Application Security Tools with 70 reviews. Checkmarx One is rated 7.6, while GitLab is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Fortify WebInspect, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton. See our Checkmarx One vs. GitLab report.
See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best DevSecOps vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.