Checkmarx One and GitHub compete in the software development security industry. GitHub seems to have the upper hand due to its integration capabilities with third-party tools and version control functionalities, which are key strengths in a collaborative development environment.
Features: Checkmarx One is equipped with a range of tools for identifying code vulnerabilities, such as SAST and application tracking, along with incremental scanning capabilities and support for multiple languages. GitHub is known for its version control capabilities, seamless third-party tool integration, and project organization features. It also benefits from its open-source nature, which encourages community-driven innovation.
Room for Improvement: Checkmarx One could benefit from reducing false positives and expanding language support. Additionally, enhancing its user interface and exploring more flexible pricing models would be advantageous. GitHub could improve user-friendliness, particularly in handling code conflicts, and enhance support documentation for beginners.
Ease of Deployment and Customer Service: Checkmarx One offers deployment flexibility across on-premises, private, and public clouds but receives mixed feedback on technical support, highlighting a need for quicker resolutions. GitHub efficiently deploys on public and hybrid clouds with a straightforward setup, often requiring minimal customer service due to its user-friendly nature and strong community support.
Pricing and ROI: Checkmarx One is priced as a premium product, which reflects its extensive security offerings and generally results in a favorable ROI through improved security and development cycles. GitHub offers cost-effectiveness, particularly with its free tier for open-source projects, and its competitive pricing makes it accessible for wider use while maintaining a collaborative, secure environment.
I have not used GitHub's technical support extensively because there are many resources and a robust knowledge base available due to the large user community.
The technical support from GitHub is generally good, and they communicate effectively.
Some forums help you get answers faster since you just type in your concern and see resolutions from other engineers.
We have never had a problem with scalability, so I would rate it at least eight to nine.
GitHub is more scalable than on-prem solutions, allowing for cloud-based scaling which is beneficial for processing large workloads efficiently.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
It provides a reliable environment for code management.
If a skilled developer uses it, it is ten out of ten for stability.
GitHub is mostly stable, but there can be occasional hiccups.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
When solving merge conflicts, it would be helpful to have tooltips within the actions to know what changes could happen next when resolving a conflict.
There are still areas for improvement with GitHub Actions and their deployment workflows, as they have made significant progress but are not yet polished.
Sometimes we do not get the exact solution, and the suggested solution does not work, so GitHub could improve in that area.
The pricing of GitHub is reasonable, with the cost being around seven dollars per user per month for private repositories.
Normally, GitHub is not expensive, but it would be welcome if it reduces costs for developing countries.
The pricing of GitHub depends on the choice of solutions, such as building one's own GitHub Runners to save money or using GitHub's Runners with extra costs.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
GitHub Actions for CI/CD implementation.
I like how I can create different builds from different branches, which helps me as a QA to test certain features separately from the main application.
GitHub Actions allow for creating multiple jobs that run in different stages such as build, test, and deploy, which enable better visibility and control over the deployment pipeline.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
