We just raised a $30M Series A: Read our story
Cancel
You must select at least 2 products to compare!
Checkmarx Logo
44,263 views|33,240 comparisons
GitLab Logo
11,609 views|10,360 comparisons
Featured Review
Find out what your peers are saying about Checkmarx vs. GitLab and other solutions. Updated: November 2021.
553,954 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The most valuable feature is the application tracking reporting.""The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages.""It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.""One of the most valuable features is it is flexible.""The setup is fairly easy. We didn't struggle with the process at all.""The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database.""The reports are very good because they include details on the code level, and make suggestions about how to fix the problems.""It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."

More Checkmarx Pros »

"The most valuable features of Gitlab are integration with CIE and the ability to rapidly deploy solutions, projects, and applications. It is very easy to use, and there are no complaints.""GitLab offers a good interface for doing code reviews between two colleagues.""It is very useful for reviews. We are using branch merging operations and full reset operations. It is also very useful for merging our code and tracking another branch. The graph diagrams of Git are very useful. Its interface is straightforward and not too complex for us.""I have had no problem with the stability of the solution.""We like that we can have an all-encompassing product and don't have to implement different solutions.""GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable.""A user friendly solution.""The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."

More GitLab Pros »

Cons
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model.""They could work to improve the user interface. Right now, it really is lacking.""We have received some feedback from our customers who are receiving a large number of false positives.""We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything.""I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features.""In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now.""Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve.""There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."

More Checkmarx Cons »

"I would like to see better integration with project management tools such as Jira.""In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents.""The documentation could be improved to help newcomers better understand things like creating new branches.""It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain.""Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes.""It could have more security integrations and the ability to check the vulnerability of the code. I don't think it is a responsibility of Gitlab, but it would be nice to have more options to integrate with.""It should be used by a larger number of people. They should raise awareness.""It can be free for commercial use."

More GitLab Cons »

Pricing and Cost Advice
"This solution is expensive. The customized package allows you to buy additional users at any time.""The interface used to create custom rules comes at an additional cost.""The number of users and coverage for languages will have an impact on the cost of the license.""Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually.""It's relatively expensive.""It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing.""Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."

More Checkmarx Pricing and Cost Advice »

"I think that we pay approximately $100 USD per month.""It is very expensive. We can't bear it now, and we have to find another solution. We have a yearly subscription in which we can increase the number of licenses, but we have to pay at the end of the year.""It seems reasonable. Our IT team manages the licenses.""Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version.""I don't mind the price because I use the free version.""The price is okay."

More GitLab Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
553,954 professionals have used our research since 2012.
Questions from the Community
Top Answer: I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
Top Answer: I’ve always viewed sonarqube as a code quality tool that compliments many code security tools like a checkmarx. 
Top Answer: It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.
Top Answer: GitLab integrates well with other platforms.
Top Answer: I don't mind the price because I use the free version. The licensing fee could be less expensive.
Top Answer: While I don't have any specific complaints about GitLab, there are always things that could be better. Better support, for example, could be provided. The technology could be made simpler to use, it… more »
Ranking
Views
44,263
Comparisons
33,240
Reviews
15
Average Words per Review
498
Rating
7.9
Views
11,609
Comparisons
10,360
Reviews
16
Average Words per Review
381
Rating
8.3
Comparisons
Learn More
Overview

Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.

Whitepaper: I, II

GitLab is a single application with features for the whole software development and operations (DevOps) lifecycle.

Offer
Learn more about Checkmarx
Learn more about GitLab
Sample Customers
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Siemens, University of Washington, Equinix, Paessler AG, CNCF, Ticketmaster, CERN, Vaadin
Top Industries
REVIEWERS
Computer Software Company44%
Financial Services Firm22%
Pharma/Biotech Company11%
Engineering Company6%
VISITORS READING REVIEWS
Computer Software Company29%
Financial Services Firm16%
Comms Service Provider14%
Insurance Company5%
REVIEWERS
Mining And Metals Company18%
Computer Software Company18%
Transportation Company9%
Financial Services Firm9%
VISITORS READING REVIEWS
Computer Software Company24%
Comms Service Provider22%
Government9%
Financial Services Firm8%
Company Size
REVIEWERS
Small Business38%
Midsize Enterprise18%
Large Enterprise44%
VISITORS READING REVIEWS
Small Business15%
Midsize Enterprise29%
Large Enterprise56%
REVIEWERS
Small Business50%
Midsize Enterprise11%
Large Enterprise39%
Find out what your peers are saying about Checkmarx vs. GitLab and other solutions. Updated: November 2021.
553,954 professionals have used our research since 2012.

Checkmarx is ranked 2nd in Application Security Testing (AST) with 18 reviews while GitLab is ranked 5th in Application Security Testing (AST) with 16 reviews. Checkmarx is rated 7.8, while GitLab is rated 8.2. The top reviewer of Checkmarx writes "Easy interface that is user friendly, quick scanning, and good technical support". On the other hand, the top reviewer of GitLab writes "Provides or mandates quantitative code into the Master". Checkmarx is most compared with SonarQube, Veracode, Micro Focus Fortify on Demand, Snyk and Coverity, whereas GitLab is most compared with Microsoft Azure DevOps, TeamCity, Tekton, Sonatype Nexus Lifecycle and Polarion ALM. See our Checkmarx vs. GitLab report.

See our list of best Application Security Testing (AST) vendors.

We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.