We performed a comparison between Checkmarx One and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The administration in Checkmarx is very good."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The solution communicates where to fix the issue for the purpose of less iterations."
"Both automatic and manual code review (CxQL) are valuable."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"One of the most valuable features is it is flexible."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"We like that we can have an all-encompassing product and don't have to implement different solutions."
"A user friendly solution."
"The most valuable features of GitLab are the review, patch repo, and plans are in YAML."
"I have found the most valuable feature is security control. I also like the branching and cloning software."
"I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently."
"The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI."
"GitLab is a solution for source code management, container registry, pipelines, testing, and deployment."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"It is an expensive solution."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"I would like to see the DAST solution in the future."
"If it is a very large code base then we have a problem where we cannot scan it."
"We have received some feedback from our customers who are receiving a large number of false positives."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"The pricing can get a bit expensive, depending on the company's size."
"Reporting could be improved."
"Even if I say I want some improvement, they will say it is already planned in the first quarter, second quarter, or third quarter. That said, most everything is quite improved already, and they're improving even further still."
"The only thing our company is really waiting on in terms of features is the development of metrics."
"Atlassian offers more products than GitLab. GitLab offers source control management, version control and collaboration between developers. Atlassian offers features on top of this as well as more integration points for developers."
"There was a problem with the build environment when we were looking at developing iOS applications. iOS build require Mac machines and there are no Mac machines provided by GitLab in their cloud. So to build for mobile iOS application, we needed to use our own Mac machine within our own infrastructure. If GitLab were to provide a feature such that an iOS application could also be built through GitLab directly, that would be great."
"I rate the support from GitLab a four out of five."
"It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain."
"We do face issues in our company when we run out of disk space."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while GitLab is ranked 7th in Application Security Tools with 70 reviews. Checkmarx One is rated 7.6, while GitLab is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Fortify WebInspect, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton. See our Checkmarx One vs. GitLab report.
See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best DevSecOps vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.