"The most valuable feature is the simple user interface."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"From my point of view, it is the best product on the market."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"One of the most valuable features is it is flexible."
"The UI is very intuitive and simple to use."
"The most valuable feature is the application tracking reporting."
"The user interface is modern and nice to use."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"I like that it's easy to deploy our services over GitLab. The customer support is also good with a really active community. You have a lot of support that you can get online with your stack. That is probably one of the benefits of using GitLab. It's also really fast."
"The most valuable features of Gitlab are integration with CIE and the ability to rapidly deploy solutions, projects, and applications. It is very easy to use, and there are no complaints."
"I like GitLab from the CI/CD perspective. It is much easier to set up CI/CD and then integrate with other tools."
"A user friendly solution."
"We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people."
"GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable."
"GitLab integrates well with other platforms."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"The integration could improve by including, for example, DevSecOps."
"I would like to see the DAST solution in the future."
"The cost per user is high and should be reduced."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"I would like to see the rate of false positives reduced."
"The pricing can get a bit expensive, depending on the company's size."
"It can be free for commercial use."
"It should be used by a larger number of people. They should raise awareness."
"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents."
"Reporting could be improved."
"I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors."
"It could have more security integrations and the ability to check the vulnerability of the code. I don't think it is a responsibility of Gitlab, but it would be nice to have more options to integrate with."
"It would be really good if they integrated more features in application security."
"The only thing our company is really waiting on in terms of features is the development of metrics."
Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.
GitLab is a single application with features for the whole software development and operations (DevOps) lifecycle.
Checkmarx is ranked 2nd in Application Security Testing (AST) with 20 reviews while GitLab is ranked 5th in Application Security Testing (AST) with 16 reviews. Checkmarx is rated 7.6, while GitLab is rated 8.2. The top reviewer of Checkmarx writes "Easy interface that is user friendly, quick scanning, and good technical support". On the other hand, the top reviewer of GitLab writes "Provides or mandates quantitative code into the Master". Checkmarx is most compared with SonarQube, Veracode, Micro Focus Fortify on Demand, Snyk and Coverity, whereas GitLab is most compared with Microsoft Azure DevOps, TeamCity, Tekton, Sonatype Nexus Lifecycle and Polarion ALM. See our Checkmarx vs. GitLab report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.