We performed a comparison between Black Duck and Snyk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Snyk is the clear winner in this comparison. It is easy to deploy, secure, and powerful. In addition, it has excellent customer support and an impressive ROI.
"The installation is very easy."
"The UI is the solution's most valuable feature since it allows for easy pipeline integration."
"The solution works well on Mac products."
"We accidentally use third-party library APIs, which may not be secure. Our technical team may not have the end time or expertise to figure it out. Black Duck helps us with that and saves us time."
"We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it."
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view."
"The solution is stable."
"The solution is very good at scanning and evaluating open source software."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools."
"The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"What is valuable about Snyk is its simplicity."
"Static code analysis is one of the best features of the solution."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"Due to the fact that, with our software developer life cycle, we don't need to scan our source code every day or every week. For that reason, we find the cost is too high. We might only actually use it five to ten times a year, which makes it expensive."
"The tool needs to improve its pricing. Its configuration is complex and can be improved."
"The tool's documentation and support are areas of concern where improvements are required."
"The solution must provide more open APIs."
"The product's pricing is higher compared to other competitor products."
"They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility."
"The initial setup could be simplified. It was somewhat complex."
"It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance."
"One area where Snyk could improve is in providing developers with the line where the error occurs."
"Could include other types of security scanning and statistical analysis"
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"We use Bamboo for CI.CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
Black Duck is ranked 1st in Software Composition Analysis (SCA) with 19 reviews while Snyk is ranked 2nd in Software Composition Analysis (SCA) with 41 reviews. Black Duck is rated 7.8, while Snyk is rated 8.2. The top reviewer of Black Duck writes "Enables applications to be secure, but it must provide more open APIs". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Black Duck is most compared with Fortify Static Code Analyzer, JFrog Xray, Mend.io, FOSSA and Sonatype Lifecycle, whereas Snyk is most compared with SonarQube, GitHub Advanced Security, Fortify Static Code Analyzer, Veracode and Checkmarx One. See our Black Duck vs. Snyk report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.