Checkmarx One and GitGuardian Platform are competitors in the security software industry. GitGuardian seems to have the upper hand due to its advanced features and higher user satisfaction in pricing and ROI, suggesting better value for investment.
Features: Checkmarx One is known for its comprehensive security testing capabilities, integration flexibility, and ease of deployment. GitGuardian Platform focuses on identifying hardcoded secrets, monitoring repositories, and providing advanced alert systems.
Room for Improvement: Checkmarx One could enhance its reporting tools, reduce scanning times, and improve its user interface. GitGuardian might expand language support, refine false-positive filtering, and improve its documentation.
Ease of Deployment and Customer Service: Checkmarx One is praised for its straightforward deployment and responsive customer service. GitGuardian offers intuitive setup but receives mixed reviews on customer service responsiveness.
Pricing and ROI: Checkmarx One is perceived as costly, with users evaluating its price against robust features. GitGuardian is considered to offer greater ROI with its competitive pricing and valuable feature set for security teams.
The majority of our incidents for critical detectors and important secret types are remediated automatically or proactively by developers through GitGuardian's notification system, without security team involvement.
I would rate their technical support a nine out of ten.
I would rate it a ten out of ten for scalability.
In terms of scalability, I would rate it around a ten out of ten, as it handles all the repositories and commit activity we have.
It is quick and meets our needs.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
We set up a lot of the repository, so GitGuardian is a required check.
We also run a self-hosted cluster which has not experienced these issues, though we've faced some challenges upgrading Kubernetes that required support assistance to prevent internal downtime.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
The analytics in GitGuardian Platform have a significant opportunity to better reflect the value provided to security teams and demonstrate actual activity occurring.
We are looking for better metrics and audit data, wanting more features such as knowing which users are creating the most secrets or committing the most secrets, what repository, what directory, and who is not checking in secrets.
It would be helpful to see which GitHub users have or do not have the pre-push hook capability turned on.
Overall, the secret detection sector is expensive, but we are happy with the value we get.
It's fairly priced, as it performs a lot of analysis and is a valuable tool.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
A high number of our exposures are remediated by developers before security needs to step in, as the self-healing playbook process engages them automatically.
GitGuardian Platform performs the capability to detect secrets in real time exceptionally, as it activates from the commit and can detect it immediately.
One of the best features of the solution is the ability to use pre-push hooks.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.
Widely adopted by developer communities, GitGuardian is used by more than 500,000 developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading companies, including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW: Pensions, and Stedi.
GitGuardian Platform includes automated secrets detection and remediation. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.
Its detection engine is trained against more than a billion public GitHub commits every year, and it covers 350+ types of secrets such as API keys, database connection strings, private keys, certificates, and more.
GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents fast and in full. By pulling developers closer to the remediation process, organizations can achieve higher incident closing rates and shorter fix times.
The platform integrates across the DevOps toolchain, including native support for continuously scanning VCS platforms like GitHub, Gitlab, Azure DevOps and Bitbucket or CI/CD tools like Jenkins, CircleCI, Travis CI, GitLab pipelines, and many more. It also integrates with ticketing and messaging systems like Splunk, PagerDuty, Jira and Slack to support teams with their incident remediation workflows. GitGuardian is offered as a SaaS platform but can also be hosted on-premise for organizations operating in highly regulated industries or with strict data privacy requirements.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
