Checkmarx One vs Fortify Software Security Center vs GitLab comparison

Fortify Software Security C...

Read 84 GitLab reviews

3,342 Views
512 Comparison Views

97% willing to recommend

Checkmarx One

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx One, Fortify Software Security Center, and GitLab based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST).

To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: June 2025).

Static Application Security Testing (SAST)

Download the complete report

Helped 855,266 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Mindshare comparison

As of June 2025, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx One is 9.5%, down from 12.8% compared to the previous year. The mindshare of Fortify Software Security Center is 0.4%, up from 0.2% compared to the previous year. The mindshare of GitLab is 2.6%, up from 2.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

Featured Reviews

Syed Hasan

Specialist Leader at Deloitte

Partner experiences excellent technical support and seamless initial setup

In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.

Read full review

Jonathan Steyn

Principal Technical Consultant at EOH

Comprehensive vulnerability analysis and customization features with decent pricing

Software Security Center is highly customizable and helps me test all vulnerability data against the latest conventions like OWASP Top Ten, CVE Top twenty-five, and several other legal compliances. WebInspect supports a number of APIs and web endpoints. I find its feature of macro recording allows for testing vulnerabilities during multi-factor authentication sessions very valuable. I appreciate the ability to further analyze data with tools like Audit Workbench.

Read full review

Rohit Kesharwani

Manager, Engineering at 7-Eleven

Improved agility and time to market with CI/CD enhancements

The CI/CD pipelines in GitLab ( /products/gitlab-reviews ) are highly valuable. Another important feature is the single source of repository, allowing efficient repository management and source code management. GitLab provides manageability by allowing us to manage source code effectively through separate repositories. Additionally, GitLab enables the creation of individual CI/CD pipelines for each repository, making software more agile. By integrating GitLab as a DevOps platform, we have enhanced agility, improved our time to market, and different teams can work collaboratively on various projects.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We use the solution for dynamic application testing."

"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."

"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."

"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."

"The tool's valuable features include integrating GPT and Copilot. Additionally, the UI web representation is very user-friendly, making navigation easy. GPT has made several improvements to my security code."

"We use the solution to validate the source code and do SAST and security analysis."

"The most valuable features are the easy to understand interface, and it 's very user-friendly."

"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."

More Checkmarx One pros

"I like the explanation of issues provided by Fortify Software Security Center."

"The overall rating for this tool is ten out of ten."

"The reporting is very useful because you can always view an entire list of the issues that you have."

"Fortify Analytics' AI function helps scan and provides more detailed explanations and recommendations about vulnerabilities."

"Software Security Center is highly customizable and helps me test all vulnerability data against the latest conventions like OWASP Top Ten, CVE Top twenty-five, and several other legal compliances."

"You can easily download the tool's rule packs and update them."

"This is a stable solution at the end of the day."

"GitLab is scalable and works well with multiple environments."

"I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."

"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."

"We use the Git repository and tagging feature. We are a product-based company and use this solution to move to a forward or backward tag."

"The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI."

"By integrating GitLab as a DevOps platform, we have enhanced agility, improved our time to market, and different teams can work collaboratively on various projects."

"For us, Gitlab's most valuable feature is the integration with Cypress. We're using Cypress as an automation tool, so we're using GitLab as a tool for running in parallel."

"The dashboard and interface make it easy to use."

More GitLab pros

Cons

"Checkmarx needs improvement in its Dynamic Application Security Testing (DAST) and API security features."

"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."

"Updating and debugging of queries is not very convenient."

"The cost per user is high and should be reduced."

"Meta data is always needed."

"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."

"If it is a very large code base then we have a problem where we cannot scan it."

"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."

More Checkmarx One cons

"Fortify Software Security Center's setup is really painful."

"We are having issues with false positives that need to be resolved."

"This solution is difficult to implement, and it should be made more comfortable for the end-users."

"I am not satisfied with the percentage of false positives, which is around eighteen percent."

"Improvements needed for Software Security Center include better aggregation views of datasets."

"The product's overlap feature is restrictive and requires more customization efforts, which can be expensive."

"Improvements needed for Software Security Center include better aggregation views of datasets."

"Some of the scripts that we encountered in GitLab were not fully functional and threw up errors."

"I used Spring Cloud config and to connect that to GitLab was so hard."

"I rate the support from GitLab a four out of five."

"We would like to generate document pages from the sources."

"GitLab's UI could be improved."

"I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository. Resolving that issue would make the product better. My team quickly fixed it by writing a small script, then double-clicking or enabling the script to take care of the issue. However, that quick fix was from my team and not the GitLab team, so in the next release, if an automatic deployment feature would be available in GitLab, then that would be good because, in Visual Studio, you can do that with just one click of a button."

"GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package."

"We'd always like to see better pricing on the product."

More GitLab cons

Pricing and Cost Advice

"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."

"The solution is costly."

"The price of Checkmarx could be reduced to match their competitors, it is expensive."

"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."

"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."

"I believe pricing is better compared to other commercial tools."

"It's relatively expensive."

"The solution's price is high and you pay based on the number of users."

More Checkmarx One pricing and cost advice

"The solution is priced fair."

"As a Fortify partner company providing technical support, I find the product expensive in our country, where local, inexpensive products are available."

"This is a costly solution that could be cheaper."

"I don't mind the price because I use the free version."

"In terms of the pricing for GitLab, on a scale of one to five, with one being expensive and five being cheap, I'm rating pricing for the solution a four. It could still be cheaper because right now, my company has a small team, and sometimes it's difficult to use a paid product for a small team. You'd hope the team will grow and scale, but currently, you're paying a high license fee for a small team. I'm referring to the GitLab license that has premium features and will give you all features. This can be a problem for management to approve the high price of the license for a team this small."

"I think that we pay approximately $100 USD per month."

"We are using the free version of GitLab."

"The solution is based on a licensing model that includes technical support and is paid annually."

"In total, I believe we have more than 300 licenses spread over about 100 users, though I can't comment on the costs involved."

"Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."

"The solution's standard license is paid annually. They have changed the pricing model and it used to be better. There is a free version available."

More GitLab pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

855,266 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

21%

Computer Software Company

14%

Manufacturing Company

10%

Government

Manufacturing Company

20%

Financial Services Firm

17%

Computer Software Company

12%

Government

Educational Organization

18%

Financial Services Firm

13%

Computer Software Company

12%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

What is your experience regarding pricing and costs for Checkmarx?

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

What do you like most about Micro Focus Software Security Center?

You can easily download the tool's rule packs and update them.

What is your experience regarding pricing and costs for Micro Focus Software Security Center?

In the beginning, it was difficult for me to verify that our usage of Fortify Software Security Center corresponded t...

What needs improvement with Micro Focus Software Security Center?

I would like the false positive issue to diminish. I have experienced a lot of false positives, but I think this is d...

What do you like most about GitLab?

I find the features and version control history to be most valuable for our development workflow. These aspects provi...

What is your experience regarding pricing and costs for GitLab?

The pricing and cost are on par with other tools and are neither too expensive nor cheap.

What needs improvement with GitLab?

One significant feature we lack is the configuration that enforces code reviews, which simplifies the development lif...

SonarQube Server (formerly SonarQube) vs Checkmarx One

Comparisons

Compared 36% of the time

Veracode vs Checkmarx One

Compared 12% of the time

Checkmarx SAST vs Checkmarx One

Compared 6% of the time

Fortify on Demand vs Checkmarx One

Compared 6% of the time

Fortify Application Defender vs Checkmarx One

Compared 1% of the time

More Checkmarx One Competitors

Fortify on Demand vs Fortify Software Security Center

Compared 46% of the time

Acunetix vs Fortify Software Security Center

Compared 42% of the time

HCL AppScan vs Fortify Software Security Center

Compared 12% of the time

More Fortify Software Security Center Competitors

Microsoft Azure DevOps vs GitLab

Compared 24% of the time

GitHub CoPilot vs GitLab

Compared 15% of the time

SonarQube Server (formerly SonarQube) vs GitLab

Compared 7% of the time

AWS CodePipeline vs GitLab

Compared 5% of the time

Tekton vs GitLab

Compared 5% of the time

More GitLab Competitors

Product Reports

Checkmarx One

Download Checkmarx One product report

Static Application Security Testing (SAST)

Download Fortify Software Security Center product report

Download GitLab product report

May 2025

Also Known As

No data available

Micro Focus Software Security Center, Application Security Center, HPE Application Security Center, WebInspect

Fuzzit

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

Software Security Center enables management, development, and security teams to work together to triage, track, validate, automate, and manage software security activities.

OpenText

GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster.

It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring.

With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

Neosecure, Acxiom, Skandinavisk Data Center A/S, Parkeon

1. NASA 2. IBM 3. Sony 4. Alibaba 5. CERN 6. Siemens 7. Volkswagen 8. ING 9. Ticketmaster 10. SpaceX 11. Adobe 12. Intuit 13. Autodesk 14. Rakuten 15. Unity Technologies 16. Pandora 17. Electronic Arts 18. Nordstrom 19. Verizon 20. Comcast 21. Philips 22. Deutsche Telekom 23. Orange 24. Fujitsu 25. Ericsson 26. Nokia 27. General Electric 28. Cisco 29. Accenture 30. Deloitte 31. PwC 32. KPMG

Static Application Security Testing (SAST)