Checkmarx One and GitGuardian both compete in the cybersecurity space, focusing on code security and secret detection, respectively. GitGuardian seems to have the upper hand due to its real-time detection capabilities and effective collaboration features between developers and security teams.
Features: Checkmarx One offers comprehensive code analysis without requiring compilation, supporting a wide variety of languages, and integrates seamlessly with repository formats. GitGuardian provides excellent secret detection with a low false-positive rate and immediate feedback through automated alerts and integrations. Checkmarx is valued for its static application security testing, while GitGuardian excels in real-time detection and facilitating collaboration.
Room for Improvement: Checkmarx One should work on reducing false positives and enhancing dynamic testing capabilities. It also needs improvement in broader language support and simplifying its configuration and pricing model. GitGuardian could benefit from expanding customization capabilities, refining user management, and improving integration with bug-tracking systems. Checkmarx users find configuration and licensing complicated, whereas GitGuardian users would like a better user interface and improved team collaboration features.
Ease of Deployment and Customer Service: Checkmarx One offers flexible deployment options, including on-premises and hybrid cloud, but users face configuration challenges and support delays. GitGuardian provides straightforward deployment through public and private clouds, relying heavily on automated integrations. It generally receives favorable reviews for timely issue resolution, whereas Checkmarx users experience slower responses from support.
Pricing and ROI: Checkmarx One is priced higher due to its extensive features but offers significant ROI by enabling secure and fast application development. GitGuardian is competitively priced but can become expensive for larger teams. Both platforms are considered valuable investments that enhance organizational security by preventing breaches.
I can certainly say that we have saved significant time and resources in terms of people and automation.
The majority of our incidents for critical detectors and important secret types are remediated automatically or proactively by developers through GitGuardian's notification system, without security team involvement.
It effectively helps us with credentials security and has been performing satisfactorily.
I would rate their technical support a nine out of ten.
I would rate the technical support as excellent.
In terms of scalability, I would rate it around a ten out of ten, as it handles all the repositories and commit activity we have.
I would rate it a ten out of ten for scalability.
Currently, what GitGuardian Platform is doing works effectively.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
We set up a lot of the repository, so GitGuardian is a required check.
The SaaS platform has experienced two significant moments of downtime or instability in the last six months, requiring notices and retrospectives.
I would rate the stability of the GitGuardian Platform as excellent with no downtimes.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
Another thing that would be good to see is some more metrics on the usage of the GitGuardian pre-push hooks.
The self-healing activity by developers isn't reflected in the analytics, requiring us to collect this data ourselves.
We are looking for better metrics and audit data, wanting more features such as knowing which users are creating the most secrets or committing the most secrets, what repository, what directory, and who is not checking in secrets.
Overall, the secret detection sector is expensive, but we are happy with the value we get.
It's fairly priced, as it performs a lot of analysis and is a valuable tool.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
One of the best features of the solution is the ability to use pre-push hooks.
A high number of our exposures are remediated by developers before security needs to step in, as the self-healing playbook process engages them automatically.
GitGuardian Platform performs the capability to detect secrets in real time exceptionally, as it activates from the commit and can detect it immediately.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
GitGuardian Platform offers powerful secret detection capabilities with features like internal monitoring and dev in the loop. It's designed for high accuracy with AWS key detection and a low false-positive rate, ensuring quick remediation through an easy-to-use interface and fast alert system.
Renowned for its comprehensive secret management, GitGuardian Platform effectively detects secrets in real-time, significantly boosting data security and incident management for organizations. Automated validity checks, self-healing playbooks, and seamless integrations further strengthen operations. However, enhancements in customization for healthcare identifiers, Azure DevOps integrations, and bug tracking systems are important. Developing the analytical capabilities, onboarding processes, and supporting diverse tokens would provide users with improved functionality. Overall, it integrates effortlessly with GitHub, GitLab, and other platforms to monitor risks, thereby educating teams on security practices.
What are the standout features of the platform?GitGuardian Platform is widely adopted by tech-focused companies to secure their code repositories, finding use in industries handling large-scale codebases. Continuous scanning and alerting integrate easily into workflows, detecting potential security risks early and maintaining compliance standards in sectors such as finance and healthcare.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
