We performed a comparison between Checkmarx and Snyk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Snyk has an edge in this comparison. According to its reviewers, it is a less expensive product than Checkmarx.
"The most valuable feature is the simple user interface."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"It shows in-depth code of where actual vulnerabilities are."
"The report function is the solution's greatest asset."
"The most valuable feature is the application tracking reporting."
"The only thing I like is that Checkmarx does not need to compile."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The solution has great features and is quite stable."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"Snyk categorizes the level of vulnerability into high, medium, and low, which helps organizations prioritize which issues to tackle first."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"Checkmarx could improve the speed of the scans."
"Updating and debugging of queries is not very convenient."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"The validation process needs to be sped up."
"Checkmarx could be improved with more integration with third-party software."
"I would like to see the DAST solution in the future."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"The tool's initial use is complex."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"Compatibility with other products would be great."
"Generating reports and visibility through reports are definitely things they can do better."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
Checkmarx One doesn't meet the minimum requirements to be ranked in DevSecOps with 67 reviews while Snyk is ranked 1st in DevSecOps with 41 reviews. Checkmarx One is rated 7.6, while Snyk is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Coverity and Mend.io, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, GitHub Advanced Security and Prisma Cloud by Palo Alto Networks. See our Checkmarx One vs. Snyk report.
See our list of best DevSecOps vendors and best Application Security Tools vendors.
We monitor all DevSecOps reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.