We performed a comparison between Checkmarx One and GitHub based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"One of the most valuable features is it is flexible."
"The most valuable feature is the simple user interface."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"All the features are valuable, but the most important feature is that GitHub has advanced security. The second important feature is the capability to create custom GitHub actions and the capability to deploy in different types of architectural infrastructures, such as hybrid, private, or public."
"I use this solution to store my code in a repository so we can manage version control which is useful."
"We use GitHub as a repository."
"The solution is scalable."
"The deployment is fast since we just have to run the script, and once it's done, it takes a few minutes."
"The features that I have found most valuable are that it can support you for most of the road map and it can automate some tasks which works really well with collaboration with the teams. They are really interested in how they organize the history of the code itself which is good."
"GitHub have a built-in software application development environment and this has been most useful."
"Even if I'm not in the office, I can access and work on my code from anywhere with my account credentials."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"I would like to see the tool’s pricing improved."
"Checkmarx could improve the speed of the scans."
"The solution sometimes reports a false auditable code or false positive."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"While using the solution when merging two code branches the code becomes a bit messy. This should be improved in the future."
"GitHub uses basic configuration, but messaging is not clear."
"The only thing I see missing in GitHub is that it isn't very user friendly for key personnel who don't have in-depth, technical knowledge. In Jira, there are many functions to upload our test cases, and in GitHub we can only do it manually. There are functions which can be used to upload different files, but that still requires some technical knowledge. A layman cannot do it."
"We are not able to access GitHub from our VPN."
"Scalability is an area with a shortcoming, because of which it has room for improvement."
"GitHub should provide more integration in their next release, including integrating with Jenkins, CI/CD and Jira."
"The storage for this solution could be improved."
"As of now, if I would like to learn about GitHub or its features, I would have to look on YouTube. It would be nice if they were able to send out a newsletter with explanations of new features that they are offering and what features are available."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while GitHub is ranked 10th in Application Security Tools with 64 reviews. Checkmarx One is rated 7.6, while GitHub is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Kiuwan, whereas GitHub is most compared with Snyk, AWS CodeCommit, Atlassian SourceTree, Bitbucket and IBM Rational ClearCase. See our Checkmarx One vs. GitHub report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.