We performed a comparison between Checkmarx One and GitHub based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The setup is fairly easy. We didn't struggle with the process at all."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"Helps us check vulnerabilities in our SAP Fiori application."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"I have found GitHub stable."
"The features that I have found most valuable are that it can support you for most of the road map and it can automate some tasks which works really well with collaboration with the teams. They are really interested in how they organize the history of the code itself which is good."
"The solution can scale."
"The Projects Tab, which shows you the todo list and the progress for projects, is very helpful."
"The code sharing and updated history are valuable features."
"We've found the technical support to be very helpful."
"The code versioning is excellent, and having a detailed log, including every change made to the code by every developer, is invaluable. It makes it so that if there is a bug or problem in the product channel, we can find exactly where it happened and how to fix it."
"The version control functionality for this solution has been most valuable, especially when managing projects with multiple versions."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"The integration could improve by including, for example, DevSecOps."
"The reports are good, but they still need to be improved considering what the UI offers."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"We can run only one project at a time."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"GitHub could add some more security features."
"The solution could have better support for the Markdown language."
"The storage for this solution could be improved."
"While using the solution when merging two code branches the code becomes a bit messy. This should be improved in the future."
"It would be better if the amount of storage were increased."
"The descriptions within Github could be more user-friendly to show the trees of Gitflow."
"The initial setup requires heavy documentation which can be challenging for new developers."
"I would want to see some form of code security scanning implemented."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while GitHub is ranked 10th in Application Security Tools with 64 reviews. Checkmarx One is rated 7.6, while GitHub is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Kiuwan, whereas GitHub is most compared with Snyk, AWS CodeCommit, Atlassian SourceTree, Bitbucket and IBM Rational ClearCase. See our Checkmarx One vs. GitHub report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.