We performed a comparison between Contrast Security Assess and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a stable solution...Contrast Security Assess is one of the first players in this market, so they have experience and customers, especially abroad. Overall, it's a good product."
"This has changed the way that developers are looking at usage of third-party libraries, upfront. It's changing our model of development and our culture of development to ensure that there is more thought being put into the usage of third-party libraries."
"By far, the thing that was able to provide value was the immediate response while testing ahead of release, in real-time."
"The most valuable feature is the continuous monitoring aspect: the fact that we don't have to wait for scans to complete for the tool to identify vulnerabilities. They're automatically identified through developers' business-as-usual processes."
"The accuracy of the solution in identifying vulnerabilities is better than any other product we've used, far and away. In our internal comparisons among different tools, Contrast consistently finds more impactful vulnerabilities, and also identifies vulnerabilities that are nearly guaranteed to be there, meaning that the chance of false positives is very low."
"Assess has an excellent API interface to pull APIs."
"In our most critical applications, we have a deep dive in the code evaluation, which was something we usually did with periodic vulnerability assessments, code reviews, etc. Now, we have real time access to it. It's something that has greatly enhanced our code's quality. We have actually embedded a KPI in regards to the improvement of our code shell. For example, Contrast provides a baseline where libraries and the usability of the code are evaluated, and they produce a score. We always aim to improve that score. On a quarterly basis, we have added this to our KPIs."
"No other tool does the runtime scanning like Contrast does. Other static analysis tools do static scanning, but Contrast is runtime analysis, when the routes are exercised. That's when the scan happens. This is a tool that has a very unique capability compared to other tools. That's what I like most about Contrast, that it's runtime."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"Static code analysis is one of the best features of the solution."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"Snyk helps me pinpoint security errors in my code."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"Contrast Security Assess covers a wide range of applications like .NET Framework, Java, PSP, Node.js, etc. But there are some like Ubuntu and the .NET Core which are not covered. They have it in their roadmap to have these agents. If they have that, we will have complete coverage."
"I think there was activity underway to support the centralized configuration control. There are ways to do it, but I think they were productizing more of that."
"Regarding the solution's OSS feature, the one drawback that we do have is that it does not have client-side support. We'll be missing identification of libraries like jQuery or JavaScript, and such, that are client-side."
"To instrument an agent, it has to be running on a type of application technology that the agent recognizes and understands. It's excellent when it works. If we're using an application that is using an unsupported technology, then we can't instrument it at all. We do use PHP and Contrast presently doesn't support that, although it's on their roadmap. My primary hurdle is that it doesn't support all of the technologies that we use."
"The setup of the solution is different for each application. That's the one thing that has been a challenge for us. The deployment itself is simple, but it's tough to automate because each application is different, so each installation process for Contrast is different."
"The solution should provide more details in the section where it shows that third-party libraries have CVEs or some vulnerabilities."
"The solution needs to improve flexibility...The scalability of the product is a problem in the solution, especially from a commercial perspective."
"I would like to see them come up with more scanning rules."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks."
"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."
"We use Bamboo for CI.CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult."
"Basically the licensing costs are a little bit expensive."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"The product is very expensive."
Contrast Security Assess is ranked 32nd in Application Security Tools with 11 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Contrast Security Assess is rated 8.8, while Snyk is rated 8.2. The top reviewer of Contrast Security Assess writes "We're gathering vulnerability data from multiple environments in real time, fundamentally changing how we identify issues in applications". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Contrast Security Assess is most compared with Veracode, Seeker, Fortify WebInspect, HCL AppScan and GitHub, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode. See our Contrast Security Assess vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.