We just raised a $30M Series A: Read our story
Cancel
You must select at least 2 products to compare!
JFrog Xray Logo
5,143 views|4,499 comparisons
Snyk Logo
Read 19 Snyk reviews.
18,793 views|14,352 comparisons
Featured Review
Find out what your peers are saying about Sonatype, Snyk, WhiteSource and others in Software Composition Analysis (SCA). Updated: November 2021.
554,586 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"Good reporting functionalities."

More JFrog Xray Pros »

"It has an accurate database of vulnerabilities with a low amount of false positives.""Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there.""The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI.""It's very easy for developers to use. Onboarding was an easy process for all of the developers within the company. After a quick, half-an-hour to an hour session, they were fully using it on their own. It's very straightforward. Usability is definitely a 10 out of 10.""Snyk is a developer-friendly product.""The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there.""The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree.""It is easy for developers to use. The documentation is clear as well as the APIs are good and easily readable. It's a good solution overall."

More Snyk Pros »

Cons
"Lacks deeper reporting, the ability to compare things."

More JFrog Xray Cons »

"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform.""They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer.""It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security.""We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider.""We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading.""Compatibility with other products would be great.""Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this.""The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."

More Snyk Cons »

Pricing and Cost Advice
Information Not Available
"You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it.""The pricing is reasonable.""Their licensing model is fairly robust and scalable for our needs. I believe we have reached a reasonable agreement on the licensing to enable hundreds of developers to participate in this product offering. The solution is very tailored towards developers and its licensing model works well for us.""It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website.""Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them.""It's good value. That's the primary thing. It's not cheap-cheap, but it's good value.""We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon""Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."

More Snyk Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
554,586 professionals have used our research since 2012.
Questions from the Community
Top Answer: Good reporting functionalities.
Top Answer: I'd like to see deeper reporting, they're pretty basic and there are no categories for comparing things. I'd also like to see an improvement with the documentation, there's not much available on their… more »
Top Answer: I'm using this solution for scanning artifacts related to the Jfrog Artifactory. I'm scanning them, checking licenses and things like that. I'm a DevOps engineer intern and we are customers of JFrog.
Top Answer: Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you are… more »
Top Answer: Snyk is a developer-friendly product.
Top Answer: Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them.
Ranking
Views
5,143
Comparisons
4,499
Reviews
1
Average Words per Review
211
Rating
8.0
Views
18,793
Comparisons
14,352
Reviews
18
Average Words per Review
1,608
Rating
8.4
Comparisons
Learn More
Overview

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

If you are a team player and you care and you play to WIN, we have just the job you're looking for.

As we say at JFrog: "Once You Leap Forward You Won't Go Back!"​

Snyk’s mission is to help developers use open source code and stay secure. The use of open source is booming, but security is a key concern (https://snyk.io/stateofossecurity/). Snyk’s unique developer focused product enables developers and enterprise security to continuously find & fix vulnerable dependencies without slowing down, with seamless integration into Dev & DevOps workflows. Snyk is adopted by over 100,000 developers, has multiple enterprise customers (such as Google, New Relic, ASOS and others) and is experiencing rapid growth. Our investors are Canaan Partners, BOLDStart, and several successful developer tools entrepreneurs. Snyk was founded in 2015 and is headquartered in London with offices in Israel and the US. For more information, go to https://snyk.io/.

Offer
Try it Now

Enjoy a free DevOps platform cloud subscription

Learn more about Snyk
Sample Customers
google, amazon, cisco, netflix, oracle, vmware, facebook
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Top Industries
VISITORS READING REVIEWS
Computer Software Company26%
Financial Services Firm16%
Comms Service Provider13%
Manufacturing Company7%
VISITORS READING REVIEWS
Computer Software Company29%
Comms Service Provider21%
Financial Services Firm8%
Manufacturing Company5%
Company Size
No Data Available
REVIEWERS
Small Business32%
Midsize Enterprise37%
Large Enterprise32%
VISITORS READING REVIEWS
Small Business35%
Midsize Enterprise12%
Large Enterprise53%
Find out what your peers are saying about Sonatype, Snyk, WhiteSource and others in Software Composition Analysis (SCA). Updated: November 2021.
554,586 professionals have used our research since 2012.

JFrog Xray is ranked 8th in Software Composition Analysis (SCA) with 1 review while Snyk is ranked 2nd in Software Composition Analysis (SCA) with 19 reviews. JFrog Xray is rated 8.0, while Snyk is rated 8.4. The top reviewer of JFrog Xray writes "Stable, scalable and offers great reporting functionalities". On the other hand, the top reviewer of Snyk writes "Helps Avoid The Pain And The Cost Of Trying To Retrofit Security in your Code". JFrog Xray is most compared with Sonatype Nexus Lifecycle, Black Duck, Veracode Software Composition Analysis, WhiteSource and Fortify Static Code Analyzer, whereas Snyk is most compared with SonarQube, WhiteSource, Black Duck, Checkmarx and Prisma Cloud by Palo Alto Networks.

See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.