Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs GitGuardian Public Monitoring comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024
 

Categories and Ranking

Checkmarx One
Ranking in Application Security Tools
3rd
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
70
Ranking in other categories
Vulnerability Management (16th), Static Code Analysis (2nd), API Security (3rd), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
GitGuardian Public Monitoring
Ranking in Application Security Tools
26th
Ranking in Static Application Security Testing (SAST)
19th
Average Rating
9.0
Number of Reviews
2
Ranking in other categories
Data Loss Prevention (DLP) (21st), Threat Intelligence Platforms (17th)
 

Mindshare comparison

As of October 2024, in the Application Security Tools category, the mindshare of Checkmarx One is 13.1%, down from 14.4% compared to the previous year. The mindshare of GitGuardian Public Monitoring is 0.1%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
Theo Cusnir - PeerSpot reviewer
Sep 14, 2022
Detects and alerts us about leaks quickly, and enables us to filter and prioritize occurrences
One thing I really like about it is the fact that we can add search words or specific payloads inside the tool, and GitGuardian will look into GitHub and alert us if any of these words is found in a repository. For example, if I put "Payfit" in the tool, I will be alerted every time someone is committing with that word in the code. It's really useful for internal domain names, to detect if someone is leaking internal code. With this capability in the tool, we have good surveillance over our potential blind spots. It can detect a leak in 10 minutes. We had an experience with one of our engineers who had leaked a secret, and 10 minutes afterward we had a warning from GitGuardian about the leak. It's very effective. We looked at the commit date and the current date with hours and minutes and we could see that the commit had been made 10 minutes ago. As a result, we are sure it is pretty fast. Another feature, one that helps prioritize remediation, is that you can filter the findings by criticality. That definitely helps us to prioritize which secrets we should rotate and delete.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"The most valuable feature is the simple user interface."
"We use the solution for dynamic application testing."
"Checkmarx offers many valuable features, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IAC), Supply Chain Security, and API Security."
"Apart from software scanning, software composition scanning is valuable."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The user interface is excellent. It's very user friendly."
"One thing I really like about it is the fact that we can add search words or specific payloads inside the tool, and GitGuardian will look into GitHub and alert us if any of these words is found in a repository... With this capability in the tool, we have good surveillance over our potential blind spots."
"The Explore function is valuable for finding specific things I'm looking for."
 

Cons

"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"The Dynamic Application Security Testing (DAST) feature should be better."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"Updating and debugging of queries is not very convenient."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems like a compelling approach to lure and identify attackers."
"I would like to see improvement in some of the user interface features... When one secret is leaked in multiple files or multiple repositories, it will appear on the dashboard. But when you click on that secret, all the occurrences will appear on the page. It would be better to have one secret per occurrence, directly, so that we don't have to click to get to the list of all the occurrences."
 

Pricing and Cost Advice

"The tool's pricing is fine."
"The interface used to create custom rules comes at an additional cost."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"It is a good product but a little overpriced."
"​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"It's a bit expensive, but it works well. You get what you pay for."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
812,628 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Energy/Utilities Company
21%
Computer Software Company
21%
Government
13%
Financial Services Firm
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx is not a cheap solution. For around 250 users or committers, the cost is approximately $500,000. However, the investment is justified considering the potential costs of security breaches ...
What do you like most about GitGuardian Public Monitoring?
The Explore function is valuable for finding specific things I'm looking for.
What is your experience regarding pricing and costs for GitGuardian Public Monitoring?
It's a bit expensive, but it works well. You get what you pay for. You get something that is fully managed with a lot of features, and a tool that is very efficient.
What needs improvement with GitGuardian Public Monitoring?
I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems...
 

Learn More

Video not available
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Align Technology, Automox, Fred Hutch, Instacart, Maven Wave, Mirantis, SafetyCulture, Snowflake, Talend
Find out what your peers are saying about Checkmarx One vs. GitGuardian Public Monitoring and other solutions. Updated: October 2024.
812,628 professionals have used our research since 2012.