We changed our name from IT Central Station: Here's why
Cancel
You must select at least 2 products to compare!
Checkmarx Logo
43,818 views|33,000 comparisons
GitLab Logo
11,944 views|10,625 comparisons
Featured Review
Find out what your peers are saying about Checkmarx vs. GitLab and other solutions. Updated: January 2022.
564,729 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.""The user interface is excellent. It's very user friendly.""The user interface is modern and nice to use.""The value you can get out of the speedy production may be worth the price tag.""The reports are very good because they include details on the code level, and make suggestions about how to fix the problems.""From my point of view, it is the best product on the market.""The most valuable feature is the application tracking reporting.""The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."

More Checkmarx Pros →

"This product is always evolving, and they listen to the customers.""I like GitLab from the CI/CD perspective. It is much easier to set up CI/CD and then integrate with other tools.""The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish.""I like that it's easy to deploy our services over GitLab. The customer support is also good with a really active community. You have a lot of support that you can get online with your stack. That is probably one of the benefits of using GitLab. It's also really fast.""GitLab offers a good interface for doing code reviews between two colleagues.""The most valuable features of Gitlab are integration with CIE and the ability to rapidly deploy solutions, projects, and applications. It is very easy to use, and there are no complaints.""I have had no problem with the stability of the solution.""Everything is easy to configure and easy to work with."

More GitLab Pros →

Cons
"Micro-services need to be included in the next release.""Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities.""The cost per user is high and should be reduced.""They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks.""Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model.""The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated.""If it is a very large code base then we have a problem where we cannot scan it.""There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."

More Checkmarx Cons →

"In the free version, when a merge request is raised, there is no way to enforce certain rules. We can't enforce that this merge request must be reviewed or approved by two or three people in the team before it is pushed to the master branch. That's why we are exploring using some agents.""Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes.""I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors.""It can be free for commercial use.""It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain.""We are having a few problems integrating with Jira at the moment, which is something that our IT department is investigating.""Reporting could be improved.""It would be really good if they integrated more features in application security."

More GitLab Cons →

Pricing and Cost Advice
  • "This solution is expensive. The customized package allows you to buy additional users at any time."
  • "It's relatively expensive."
  • "The interface used to create custom rules comes at an additional cost."
  • "The number of users and coverage for languages will have an impact on the cost of the license."
  • "Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
  • "It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
  • "Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
  • "We have purchased an annual license to use this solution. The price is reasonable."
  • More Checkmarx Pricing and Cost Advice →

  • "I think that we pay approximately $100 USD per month."
  • "The price is okay."
  • "It seems reasonable. Our IT team manages the licenses."
  • "Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
  • "It is very expensive. We can't bear it now, and we have to find another solution. We have a yearly subscription in which we can increase the number of licenses, but we have to pay at the end of the year."
  • "I don't mind the price because I use the free version."
  • More GitLab Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    564,729 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: 
    I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Top Answer: 
    I’ve always viewed sonarqube as a code quality tool that compliments many code security tools like a checkmarx. 
    Top Answer: 
    It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.
    Top Answer: 
    GitLab integrates well with other platforms.
    Top Answer: 
    I don't mind the price because I use the free version. The licensing fee could be less expensive.
    Top Answer: 
    While I don't have any specific complaints about GitLab, there are always things that could be better. Better support, for example, could be provided. The technology could be made simpler to use, it… more »
    Ranking
    Views
    43,818
    Comparisons
    33,000
    Reviews
    15
    Average Words per Review
    498
    Rating
    7.9
    Views
    11,944
    Comparisons
    10,625
    Reviews
    16
    Average Words per Review
    381
    Rating
    8.3
    Comparisons
    Learn More
    Overview

    Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.

    Whitepaper: I, II

    GitLab is a single application with features for the whole software development and operations (DevOps) lifecycle.

    Offer
    Learn more about Checkmarx
    Learn more about GitLab
    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Siemens, University of Washington, Equinix, Paessler AG, CNCF, Ticketmaster, CERN, Vaadin
    Top Industries
    REVIEWERS
    Computer Software Company42%
    Financial Services Firm26%
    Pharma/Biotech Company11%
    Engineering Company5%
    VISITORS READING REVIEWS
    Computer Software Company28%
    Financial Services Firm17%
    Comms Service Provider14%
    Manufacturing Company5%
    REVIEWERS
    Mining And Metals Company18%
    Computer Software Company18%
    Transportation Company9%
    Financial Services Firm9%
    VISITORS READING REVIEWS
    Computer Software Company23%
    Comms Service Provider23%
    Government9%
    Financial Services Firm8%
    Company Size
    REVIEWERS
    Small Business36%
    Midsize Enterprise19%
    Large Enterprise45%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise31%
    Large Enterprise54%
    REVIEWERS
    Small Business50%
    Midsize Enterprise11%
    Large Enterprise39%
    Find out what your peers are saying about Checkmarx vs. GitLab and other solutions. Updated: January 2022.
    564,729 professionals have used our research since 2012.

    Checkmarx is ranked 2nd in Application Security Testing (AST) with 20 reviews while GitLab is ranked 5th in Application Security Testing (AST) with 16 reviews. Checkmarx is rated 7.6, while GitLab is rated 8.2. The top reviewer of Checkmarx writes "Easy interface that is user friendly, quick scanning, and good technical support". On the other hand, the top reviewer of GitLab writes "Provides or mandates quantitative code into the Master". Checkmarx is most compared with SonarQube, Veracode, Micro Focus Fortify on Demand, Snyk and Coverity, whereas GitLab is most compared with Microsoft Azure DevOps, TeamCity, Tekton, Sonatype Nexus Lifecycle and Polarion ALM. See our Checkmarx vs. GitLab report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.