Checkmarx vs GitGuardian Internal Monitoring comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Checkmarx and GitGuardian Internal Monitoring based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Checkmarx vs. GitGuardian Internal Monitoring Report (Updated: September 2023).
734,024 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The only thing I like is that Checkmarx does not need to compile.""The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal.""The administration in Checkmarx is very good.""The solution has good performance, it is able to compute in 10 to 15 minutes.""The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects.""It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.""The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera.""The solution is scalable, but other solutions are better."

More Checkmarx Pros →

"It enables us to identify leaks that happened in the past and remediate current leaks as they happen in near real-time. When I say "near real-time," I mean within minutes. These are industry-leading remediation timelines for credential leaks. Previously, it might have taken companies years to get credentials detected or remediated. We can do it in minutes.""It actually creates an incident ticket for us. We can now go end-to-end after a secret has been identified, to track down who owns the repository and who is responsible for cleaning it up.""When they give you a description of what happened, it's really easy to follow and to retest. And the ability to retest is something that you don't have in other solutions. If a secret was detected, you can retest if it is still there. It will show you if it is in the history.""GitGuardian has pretty broad detection capabilities. It covers all of the types of secrets that we've been interested in... [Yet] The "detector" concept, which identifies particular categories or types of secrets, allows an organization to tweak and tailor the configuration for things that are specific to its environment. This is highly useful if you're particularly worried about a certain type of secret and it can help focus attention, as part of early remediation efforts.""You can also assign tasks to specific teams or people to complete, such as assigning something to the "blue team" or saying that this person needs to do this, and that person needs to do that. That is a great feature because you can actually manage your team internally in GitGuardian.""Presently, we find the pre-commit hooks more useful.""GitGuardian has also helped us develop a security-minded culture. We're serious about shift left and getting better about code security. I think a lot of people are getting more mindful about what a secret is.""GitGuardian has helped to increase our security team's productivity. Now, we don't need to call the developers all the time and ask what they are working on. I feel the solution bridged the gap between our team and the developers, which is really great. I feel that we need that in our company, since some of the departments are just doing whatever and you don't know what they are doing. I think GitGuardian does a good job of bridging the gap. It saves us about 10 hours per week."

More GitGuardian Internal Monitoring Pros →

Cons
"Its user interface could be improved and made more friendly.""The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information.""Checkmarx could improve the REST APIs by including automation.""Checkmarx is not good because it has too many false positive issues.""The solution sometimes reports a false auditable code or false positive.""One area for improvement in Checkmarx is pricing, as it's more expensive than other products.""Checkmarx could improve the speed of the scans.""As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."

More Checkmarx Cons →

"One improvement that I'd like to see is a cleaner for Splunk logs. It would be nice to have a middle man for anything we send or receive from Splunk forwarders. I'd love to see it get cleaned by GitGuardian or caught to make sure we don't have any secrets getting committed to Splunk logs.""Right now, we are waiting for improvement in the RBAC support for GitGuardian.""It would be nice if they supported detecting PII or had some kind of data loss prevention feature.""Other solutions have a live chat feature that provides instant results. Waiting for an agent to reply to an email is less ideal than an instant conversation with a support employee. That's a complaint so minor I almost hesitate to mention it.""We have been somewhat confused by the dashboard at times.""I would like to see more fine-grained access controls when tickets are assigned for incidents. I would like the ability to provide more controls to the team leads or the product managers so that they can drive what we, the AppSec team, are doing.""There are some features that are lacking in GitGuardian. The more we grow and the more engineers we have, the more it will become difficult to assign an incident because the assignment is not automatic. I know they are working on that and we are waiting for it.""An area for improvement is the front end for incidents. The user experience in this area could be much better."

More GitGuardian Internal Monitoring Cons →

Pricing and Cost Advice
  • "Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
  • "We have purchased an annual license to use this solution. The price is reasonable."
  • "We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
  • "The price of Checkmarx could be reduced to match their competitors, it is expensive."
  • "The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
  • "If you want more, you have to pay more. You have to pay for additional modules or functionalities."
  • "Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
  • "I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
  • More Checkmarx Pricing and Cost Advice →

  • "It's a little bit expensive."
  • "You get what you pay for. It's one of the more expensive solutions, but it is very good, and the low false positive rate is a really appealing factor."
  • "The pricing and licensing are fair. It isn't very expensive and it's good value."
  • "The internal side is cheap per user. It is annual pricing based on the number of users."
  • "We have seen a return on investment. The amount of time that we would have spent manually doing this definitely outpaces the cost of GitGuardian. It is saving us about $35,000 a year, so I would say the ROI is about $20,000 a year."
  • "It could be cheaper. When GitHub secrets monitoring solution goes to general access and general availability, GitGuardian might be in a little bit of trouble from the competition, and maybe then they might lower their prices. The GitGuardian solution is great. I'm just concerned that they're not GitHub."
  • "It's not cheap, but it's not crazy expensive either."
  • "With GitGuardian, we didn't need any middlemen."
  • More GitGuardian Internal Monitoring Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    734,024 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Top Answer:SonarQube historically was focused on Code Quality and Best Practices. Recently the enterprise and data center versions provide some security vulnerabilities detection with OWASP compliance. This is… more »
    Top Answer:We use the solution for dynamic application testing.
    Top Answer:It actually creates an incident ticket for us. We can now go end-to-end after a secret has been identified, to track down who owns the repository and who is responsible for cleaning it up.
    Top Answer:The pricing is reasonable. GitGuardian is one of the most recent security tools we've adopted. When it came time to renew it, there was no doubt about it. It is licensed per developer, so it scales… more »
    Top Answer:I would like to see more fine-grained access controls when tickets are assigned for incidents. I would like the ability to provide more controls to the team leads or the product managers so that they… more »
    Ranking
    Views
    38,151
    Comparisons
    26,666
    Reviews
    23
    Average Words per Review
    411
    Rating
    7.6
    Views
    2,221
    Comparisons
    363
    Reviews
    16
    Average Words per Review
    1,462
    Rating
    8.9
    Comparisons
    Learn More
    Overview

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and Salesforce.com.

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.

    Widely adopted by developer communities, GitGuardian is used by more than 200 thousand developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading companies, including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW: Pensions, and Stedi.

    GitGuardian Platform includes automated secrets detection and remediation. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.

    Its detection engine is trained against more than a billion public GitHub commits every year, and it covers 350+ types of secrets such as API keys, database connection strings, private keys, certificates, and more.

    GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents fast and in full. By pulling developers closer to the remediation process, organizations can achieve higher incident closing rates and shorter fix times.

    The platform integrates across the DevOps toolchain, including native support for continuously scanning VCS platforms like GitHub, Gitlab, Azure DevOps and Bitbucket or CI/CD tools like Jenkins, CircleCI, Travis CI, GitLab pipelines, and many more. It also integrates with ticketing and messaging systems like Splunk, PagerDuty, Jira and Slack to support teams with their incident remediation workflows. GitGuardian is offered as a SaaS platform but can also be hosted on-premise for organizations operating in highly regulated industries or with strict data privacy requirements.

    Offer
    Learn more about Checkmarx
    Learn more about GitGuardian Internal Monitoring
    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Automox, 66degrees (ex Cloudbakers), Instacart, Iress, Now:Pensions, Payfit, Orange, Seequent, Stedi, Talend
    Top Industries
    REVIEWERS
    Computer Software Company36%
    Financial Services Firm21%
    Manufacturing Company11%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Financial Services Firm23%
    Computer Software Company15%
    Manufacturing Company8%
    Insurance Company6%
    REVIEWERS
    Computer Software Company33%
    Insurance Company17%
    Wholesaler/Distributor17%
    Comms Service Provider17%
    VISITORS READING REVIEWS
    Comms Service Provider22%
    Wholesaler/Distributor18%
    Financial Services Firm10%
    Computer Software Company7%
    Company Size
    REVIEWERS
    Small Business37%
    Midsize Enterprise15%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise11%
    Large Enterprise73%
    REVIEWERS
    Small Business33%
    Midsize Enterprise33%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business33%
    Midsize Enterprise9%
    Large Enterprise58%
    Buyer's Guide
    Checkmarx vs. GitGuardian Internal Monitoring
    September 2023
    Find out what your peers are saying about Checkmarx vs. GitGuardian Internal Monitoring and other solutions. Updated: September 2023.
    734,024 professionals have used our research since 2012.

    Checkmarx is ranked 3rd in Application Security Tools with 23 reviews while GitGuardian Internal Monitoring is ranked 8th in Application Security Tools with 16 reviews. Checkmarx is rated 7.6, while GitGuardian Internal Monitoring is rated 9.0. The top reviewer of Checkmarx writes "Supports different languages, has excellent support, and easily expands". On the other hand, the top reviewer of GitGuardian Internal Monitoring writes "Even before a commit gets to GitHub, the CLI identifies secrets within the code and prevents the commit". Checkmarx is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas GitGuardian Internal Monitoring is most compared with SonarQube, Cycode, Snyk and Microsoft Purview Data Loss Prevention. See our Checkmarx vs. GitGuardian Internal Monitoring report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.