2021-09-26T12:29:00Z

How does Snyk compare with SonarQube?

NC
  • 2
  • 641
PeerSpot user
1

1 Answer

2021-10-27T17:40:00Z
Oct 27, 2021

Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you are using so you don’t have to scan projects all the time. This solution fixed vulnerabilities quickly - even ones we didn’t know were there.


SonarQube is easy to deploy and configure. It also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. It is great if you want to quickly focus on functional requirements. This solution is very easy to use and understand.


Snyk has some scalability issues, especially if you are using a lot of code. This may potentially slow things down, affecting productivity. The notifications regarding vulnerabilities seem too broad to me. I think it would be better if there was a filtering process to more precisely report varied vulnerabilities. Snyk is also lacking slightly on the documentation end; we can’t always figure out how to fix an issue because proper documentation is not there, so it takes us longer to find the fix.


There were some security issues with our code that SonarQube did not find. Defining the quality of rules should be improved to ensure that low-performance code does not move forward to production. We would like to see better security scanning and statistical analysis from this solution


Conclusion


These tools provide many of the same valuable problem-solving traits and resolutions. They are both very good. We liked Snyk better for its ease of use and great integration with other tools. We also found that the information Snyk provided with regard to issues and resolutions were what our team liked best.




VG
Real User
Top 5Leaderboard
Dec 8, 2021

@reviewer1650858 : Did you use Snyk for both SAST and SCA analysis. If yes, for SAST, did you upload source code to synk platform for getting results. As per documentation, they need source code to be uploaded for 24 hrs after which they remove it.

PeerSpot user
Find out what your peers are saying about Snyk vs. SonarQube and other solutions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Product comparison that may be of interest to you
Snyk vs. SonarQube comparison
We performed a comparison between Sync and SonarQube based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below. Ease of Deployment: Reviewers agree that the installation of both solutions is a straightforward process. Features: Users of both products are happy with their user-interface, stability, and scalability. Sync users say it integrates well and significantly reduces vulnerabilities. A couple of Sync users...
Download Snyk vs. SonarQube comparison ReportRead more

Related Q&As