Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs GitGuardian Public Monitoring comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in Application Security Tools
3rd
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
71
Ranking in other categories
Vulnerability Management (24th), Static Code Analysis (3rd), API Security (5th), DevSecOps (5th), Risk-Based Vulnerability Management (9th)
GitGuardian Public Monitoring
Ranking in Application Security Tools
22nd
Ranking in Static Application Security Testing (SAST)
19th
Average Rating
8.4
Reviews Sentiment
6.1
Number of Reviews
3
Ranking in other categories
Data Loss Prevention (DLP) (23rd), Threat Intelligence Platforms (17th)
 

Mindshare comparison

As of July 2025, in the Application Security Tools category, the mindshare of Checkmarx One is 9.9%, down from 14.3% compared to the previous year. The mindshare of GitGuardian Public Monitoring is 0.2%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
Theo Cusnir - PeerSpot reviewer
Detects and alerts us about leaks quickly, and enables us to filter and prioritize occurrences
One thing I really like about it is the fact that we can add search words or specific payloads inside the tool, and GitGuardian will look into GitHub and alert us if any of these words is found in a repository. For example, if I put "Payfit" in the tool, I will be alerted every time someone is committing with that word in the code. It's really useful for internal domain names, to detect if someone is leaking internal code. With this capability in the tool, we have good surveillance over our potential blind spots. It can detect a leak in 10 minutes. We had an experience with one of our engineers who had leaked a secret, and 10 minutes afterward we had a warning from GitGuardian about the leak. It's very effective. We looked at the commit date and the current date with hours and minutes and we could see that the commit had been made 10 minutes ago. As a result, we are sure it is pretty fast. Another feature, one that helps prioritize remediation, is that you can filter the findings by criticality. That definitely helps us to prioritize which secrets we should rotate and delete.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"Both automatic and manual code review (CxQL) are valuable."
"It is a stable product."
"The most valuable features of Checkmarx are its integration with multiple SCM solutions and CICD tools, its ability to scale according to user licenses, and the quick scanning process."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"The most valuable feature is the simple user interface."
"The Explore function is valuable for finding specific things I'm looking for."
"One thing I really like about it is the fact that we can add search words or specific payloads inside the tool, and GitGuardian will look into GitHub and alert us if any of these words is found in a repository... With this capability in the tool, we have good surveillance over our potential blind spots."
 

Cons

"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"Micro-services need to be included in the next release."
"Checkmarx could be improved with more integration with third-party software."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems like a compelling approach to lure and identify attackers."
"The main disadvantage I feel they should improve upon is that apart from flagging credential issues or secrets, they could incorporate something else to make it more dynamic."
"I would like to see improvement in some of the user interface features... When one secret is leaked in multiple files or multiple repositories, it will appear on the dashboard. But when you click on that secret, all the occurrences will appear on the page. It would be better to have one secret per occurrence, directly, so that we don't have to click to get to the list of all the occurrences."
 

Pricing and Cost Advice

"I believe pricing is better compared to other commercial tools."
"The solution's price is high and you pay based on the number of users."
"This solution is expensive. The customized package allows you to buy additional users at any time."
"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
"For around 250 users or committers, the cost is approximately $500,000."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"The solution is costly."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"It's a bit expensive, but it works well. You get what you pay for."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
861,803 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
14%
Manufacturing Company
10%
Government
6%
Government
20%
Computer Software Company
13%
Energy/Utilities Company
13%
Comms Service Provider
12%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What do you like most about GitGuardian Public Monitoring?
The Explore function is valuable for finding specific things I'm looking for.
What needs improvement with GitGuardian Public Monitoring?
I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems...
What is your primary use case for GitGuardian Public Monitoring?
We use GitGuardian Public Monitoring for code that is exposed in public.
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Align Technology, Automox, Fred Hutch, Instacart, Maven Wave, Mirantis, SafetyCulture, Snowflake, Talend
Find out what your peers are saying about Checkmarx One vs. GitGuardian Public Monitoring and other solutions. Updated: July 2025.
861,803 professionals have used our research since 2012.