We performed a comparison between Checkmarx One and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The administration in Checkmarx is very good."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"GitLab offers a good interface for doing code reviews between two colleagues."
"I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently."
"It is scalable."
"This product is always evolving, and they listen to the customers."
"GitLab's best features are continuous integration and fast deployment."
"The tool helps to integrate CI/CD pipeline deployments. It is very easy to learn. Its security model is good."
"The dashboard and interface make it easy to use."
"The initial setup of GitLab is pretty simple, with no complications."
"It is an expensive solution."
"I would like to see the tool’s pricing improved."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"The solution sometimes reports a false auditable code or false positive."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"Checkmarx could improve by reducing the price."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"I would like to see better integration with project management tools such as Jira."
"The only thing our company is really waiting on in terms of features is the development of metrics."
"It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain."
"Merge conflicts and repository maintenance could improve. If there is someone new to the system they would not know if there is a conflict."
"We are having a few problems integrating with Jira at the moment, which is something that our IT department is investigating."
"Their RBAC is role-based access, which is fine but not very good."
"The solution could be faster."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while GitLab is ranked 7th in Application Security Tools with 70 reviews. Checkmarx One is rated 7.6, while GitLab is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Fortify WebInspect, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton. See our Checkmarx One vs. GitLab report.
See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best DevSecOps vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
