We performed a comparison between Checkmarx Software Composition Analysis and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product is stable and scalable."
"The tool's visual scan analysis shows me all the libraries' vulnerabilities and license types. It helps identify the most complex issues with licenses. It provides good visibility. SCA shows me all libraries that are vulnerable and the extent of their vulnerability."
"What's most valuable in Checkmarx Software Composition Analysis is that it provides security from the start. In the traditional approach, an enterprise or company validates the solution before launching to a production environment, but in the modern approach, security must be checked and provided from the beginning and from the design, and this is where Checkmarx Software Composition Analysis comes in. The solution helps you make sure that every open-source application that you use is secure, and that there's no vulnerability inside that open-source application."
"Checkmarx unifies all the features in its service."
"I appreciate the user-friendly interface. The GUI is excellent, providing detailed information on outdated versions, including version numbers and the flow of library calls. This allows me to plan and prioritize library changes based on potential vulnerabilities, even if the affected library is indirectly used in my project. The tool offers specific guidance on addressing these issues."
"The customer service and support were good."
"It is a stable solution...It is a scalable solution."
"The most valuable feature of Checkmarx Software Composition Analysis is the comprehensive security scan."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"Snyk helps me pinpoint security errors in my code."
"The product's most valuable features are an open-source platform, remote functionality, and good pricing."
"I am impressed with the product's security vulnerability detection. My peers in security are praising the tool for its accuracy to detect security vulnerabilities. The product is very easy to onboard. It doesn't require a lot of preparation or prerequisites. It's a bit of a plug-and-play as long as you're using a package manager or for example, you are using a GitHub repository. And that is an advantage for this tool because developers don't want to add more tools to what they're currently using."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"In terms of areas for improvement, what could be improved in Checkmarx Software Composition Analysis is pricing because customers always compare the pricing among secure DevOps solutions in the market. Checkmarx Software Composition Analysis has a lot of competitors yet its features aren't much different. Pricing is the first thing customers consider, and from a partner perspective, if you can offer affordable pricing to your customers, it's more likely you'll have a winning deal. The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours."
"Parts of the implementation process could improve by making it more user-friendly."
"Instant updates for end users to identify vulnerabilities as soon as possible will make Checkmarx Software Composition Analysis better. The UI of the solution could also be improved."
"Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive. It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx."
"Checkmarx Software Composition Analysis should improve dynamic analysis."
"I have received complaints from my customers that the pricing could be improved."
"The quality of technical support has decreased over time, and it is not as good as it used to be."
"Personally, I currently use it as a standalone tool without integrating it with other systems, and it meets my needs adequately. As a suggestion, I request on considering to add a "what if" feature to the application. Currently, when the tool identifies issues and suggests updates, if I want to explore different scenarios, I need to prepare another file, turn it into a ZIP, and run the analysis again. It would be more convenient if there was a "what if" option in the GUI. This feature could simulate a run, allowing me to quickly check the impact of changing one or more files or versions without the need for a full rerun."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"It would be helpful if we get a recommendation while doing the scan about the necessary things we need to implement after identifying the vulnerabilities."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
More Checkmarx Software Composition Analysis Pricing and Cost Advice →
Checkmarx Software Composition Analysis is ranked 8th in Software Composition Analysis (SCA) with 12 reviews while Snyk is ranked 2nd in Software Composition Analysis (SCA) with 41 reviews. Checkmarx Software Composition Analysis is rated 9.2, while Snyk is rated 8.2. The top reviewer of Checkmarx Software Composition Analysis writes "Comprehensive security scan, helpful support, and high availability". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Checkmarx Software Composition Analysis is most compared with Black Duck, JFrog Xray, Semgrep Supply Chain and Fortify Static Code Analyzer, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode. See our Checkmarx Software Composition Analysis vs. Snyk report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.