We performed a comparison between Checkmarx Software Composition Analysis and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Checkmarx unifies all the features in its service."
"The tool's visual scan analysis shows me all the libraries' vulnerabilities and license types. It helps identify the most complex issues with licenses. It provides good visibility. SCA shows me all libraries that are vulnerable and the extent of their vulnerability."
"One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take two hours to do the initial scan. The subsequent scans, as people are making changes to the app, scan the Delta and are very fast. That's a really nice implementation. The way they have incorporated the functionality of the incremental scans is something to be aware of. It is quite good. It has been very solid. We haven't really had any issues, and it does what it advertises to do very nicely."
"What's most valuable in Checkmarx Software Composition Analysis is that it provides security from the start. In the traditional approach, an enterprise or company validates the solution before launching to a production environment, but in the modern approach, security must be checked and provided from the beginning and from the design, and this is where Checkmarx Software Composition Analysis comes in. The solution helps you make sure that every open-source application that you use is secure, and that there's no vulnerability inside that open-source application."
"The most valuable feature of Checkmarx Software Composition Analysis is the comprehensive security scan."
"The customer service and support were good."
"I appreciate the user-friendly interface. The GUI is excellent, providing detailed information on outdated versions, including version numbers and the flow of library calls. This allows me to plan and prioritize library changes based on potential vulnerabilities, even if the affected library is indirectly used in my project. The tool offers specific guidance on addressing these issues."
"The product is stable and scalable."
"The most valuable feature of GitLab is its security."
"CI/CD is valuable for me."
"We have seen a couple of merge requests or pull requests raised in GitLab. I see the interface, the way it shows the difference between the two source codes, that it is easy for anyone to do the review and then accept the request; the pull request is the valuable feature."
"The merging feature makes it easy later on for the deployment."
"The solution's service delivery model is fantastic."
"The scalability is good."
"We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people."
"A user friendly solution."
"I have received complaints from my customers that the pricing could be improved."
"Checkmarx Software Composition Analysis should improve dynamic analysis."
"API security is an area with shortcomings that needs improvement."
"It can have better licensing models."
"Parts of the implementation process could improve by making it more user-friendly."
"Some of the recommendations provided by the product are generic. Even if the recommendations provided by the product are of low level, the appropriate ones can help users deal with vulnerabilities."
"I would rate the scalability a seven out of ten."
"Personally, I currently use it as a standalone tool without integrating it with other systems, and it meets my needs adequately. As a suggestion, I request on considering to add a "what if" feature to the application. Currently, when the tool identifies issues and suggests updates, if I want to explore different scenarios, I need to prepare another file, turn it into a ZIP, and run the analysis again. It would be more convenient if there was a "what if" option in the GUI. This feature could simulate a run, allowing me to quickly check the impact of changing one or more files or versions without the need for a full rerun."
"Even if I say I want some improvement, they will say it is already planned in the first quarter, second quarter, or third quarter. That said, most everything is quite improved already, and they're improving even further still."
"The tool should include a feature that helps to edit the code directly."
"Perhaps the integration could be better."
"I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository. Resolving that issue would make the product better. My team quickly fixed it by writing a small script, then double-clicking or enabling the script to take care of the issue. However, that quick fix was from my team and not the GitLab team, so in the next release, if an automatic deployment feature would be available in GitLab, then that would be good because, in Visual Studio, you can do that with just one click of a button."
"The solution should again offer an on-premises deployment option."
"There is room for improvement in GitLab Agents."
"Reporting could be improved."
"Their RBAC is role-based access, which is fine but not very good."
More Checkmarx Software Composition Analysis Pricing and Cost Advice →
Checkmarx Software Composition Analysis is ranked 8th in Software Composition Analysis (SCA) with 12 reviews while GitLab is ranked 6th in Software Composition Analysis (SCA) with 70 reviews. Checkmarx Software Composition Analysis is rated 9.2, while GitLab is rated 8.6. The top reviewer of Checkmarx Software Composition Analysis writes "Comprehensive security scan, helpful support, and high availability". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Checkmarx Software Composition Analysis is most compared with Black Duck, JFrog Xray, Semgrep Supply Chain, Fortify Static Code Analyzer and FOSSA, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, SonarQube and Tekton. See our Checkmarx Software Composition Analysis vs. GitLab report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.