On this page


Both Checkmarx and GitLab Ultimate offer open source component scanning along with Static Application Security Testing. Checkmarx offers IAST instead of DAST and does not offer container scanning.

The Checkmarx vision is closest to GitLab among the app sec vendors. But because they must integrate into the rest of the SDLC via APIs, their path toward execution is more limited. However, like the other app sec vendors, Checkmarx is expensive. It is priced per developer with a rough estimate of 12 Developers for $59k USD per year or 50 Developers for $99k USD per year. Checkmarx uses Whitesource for dependency scanning and charges an extra $12k USD per year for this open source scanning.

Checkmarx excels in that they are context aware, meaning they can mark what is not exploitable based on path. GitLab lacks this capability.

GitLab automatically includes broad security scanning with every code commit including Static and Dynamic Application Security Testing, along with dependency scanning, container scanning, and license compliance. All of this is part of the single GitLab Ultimate application.