We performed a comparison between Checkmarx One and GitHub based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature for me is the Jenkins Plugin."
"Scan reviews can occur during the development lifecycle."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"We use the solution to validate the source code and do SAST and security analysis."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"The SAST component was absolutely 100% stable."
"It is a stable product."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"I would rate the stability a ten out of ten."
"The most valuable feature of GitHub is version control and continuous integration."
"Complication free with good ability for third-party integrations."
"The code versioning is excellent, and having a detailed log, including every change made to the code by every developer, is invaluable. It makes it so that if there is a bug or problem in the product channel, we can find exactly where it happened and how to fix it."
"Our code is secure."
"All the features are valuable, but the most important feature is that GitHub has advanced security. The second important feature is the capability to create custom GitHub actions and the capability to deploy in different types of architectural infrastructures, such as hybrid, private, or public."
"This product is very good for storing and versioning code."
"Any complex banking can be handled very easily in GitHub. It allows us to integrate with tools like Grid, where we can merge and resolve conflicts without any hassle."
"Implementing a blackout time for any user or teams: Needs improvement."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"Micro-services need to be included in the next release."
"Updating and debugging of queries is not very convenient."
"The solution sometimes reports a false auditable code or false positive."
"I would like to see the tool’s pricing improved."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"I would like to see more security where a plugin was available for us to update in relation to security."
"The project management sector really needs some improvement for GitHub. I don't know if GitHub made sense for me as a project manager."
"The ticketing system is not working."
"Github needs more storage."
"We would like this solution to have a more user-friendly interface."
"GitHub needs to improve its UI."
"The GitHub repository needs an upgraded user interface and overall UI improvements."
"While using the solution when merging two code branches the code becomes a bit messy. This should be improved in the future."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while GitHub is ranked 10th in Application Security Tools with 64 reviews. Checkmarx One is rated 7.6, while GitHub is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Kiuwan, whereas GitHub is most compared with Snyk, AWS CodeCommit, Atlassian SourceTree, Bitbucket and IBM Rational ClearCase. See our Checkmarx One vs. GitHub report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.