No more typing reviews! Try our Samantha, our new voice AI agent.

ARIS Risk and Compliance Manager vs Snyk comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ARIS Risk and Compliance Ma...
Ranking in GRC
26th
Average Rating
8.0
Reviews Sentiment
8.0
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Snyk
Ranking in GRC
6th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
51
Ranking in other categories
Application Performance Monitoring (APM) and Observability (21st), Application Security Tools (7th), Static Application Security Testing (SAST) (5th), Cloud Management (14th), Vulnerability Management (21st), Container Security (7th), Software Composition Analysis (SCA) (2nd), Software Development Analytics (2nd), Cloud Security Posture Management (CSPM) (17th), DevSecOps (3rd), Application Security Posture Management (ASPM) (2nd), AI Security (10th)
 

Mindshare comparison

As of July 2026, in the GRC category, the mindshare of ARIS Risk and Compliance Manager is 1.4%, up from 1.0% compared to the previous year. The mindshare of Snyk is 1.6%, down from 1.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
GRC Mindshare Distribution
ProductMindshare (%)
Snyk1.6%
ARIS Risk and Compliance Manager1.4%
Other97.0%
GRC
 

Featured Reviews

BPMexp67 - PeerSpot reviewer
BPM Expert at a consultancy with 1-10 employees
Covers the entire risk management cycle, from identification and evaluation to control, mitigation, and monitoring
The most effective features are the basic ones to evaluate and control risk. We have many specific small models inside of ARIS Risk and Compliance Manager, like issue management. These are smaller add-ons depending on the needs. You are including specific models as well. The basic ones do exactly what is required for risk management: identification, evaluation, control, mitigation, and modification. And, we have dashboards with the possibility to configure compliance policies and risk limits based on which we can create alarms. If there are maximum limits, we create alarms attached to the responsible people. Normally, there is someone that identifies the risk, and then you have the risk owner. These people [normal users] can send notifications to the risk owner, who will evaluate the risk and decide whether it's important to control it or not. I remember a project where the customer wanted to control all risks and assigned many people to identify them. They started identifying risks everywhere. After a few years, the customer realized that it didn't make sense to control all of them. So, they created limits—levels of risk the company was willing to accept because it was more expensive to implement controls than to manage the risk. So, regarding ARIS Risk and Compliance Manager, you can implement all the risks and policies you can imagine because it's very customizable. You can customize a lot of things.
Abhishek-Goyal - PeerSpot reviewer
Software Engineer at a computer software company with 11-50 employees
Improves security posture by actively reducing critical vulnerabilities and guiding remediation
Snyk's main features include open-source vulnerability scanning, code security, container security, infrastructure as code security, risk-based prioritization, development-first integration, continuous monitoring and alerting, automation, and remediation. The best features I appreciate are the vulnerability checking, vulnerability scanning, and code security capabilities, as Snyk scans all open-source dependencies for known vulnerabilities and helps with license compliance for open-source components. Snyk integrates into IDEs, allowing issues to be caught as they appear in the code dynamically and prioritizes risk while providing remediation advice. Snyk provides actionable remediation advice on where vulnerabilities can exist and where code security is compromised, automatically scanning everything and providing timely alerts. Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients. Snyk has helped reduce vulnerabilities significantly. Initially, the repository had 17 to 31 critical and high vulnerabilities, but Snyk has helped manage them down to just five vulnerabilities, which are now lower and not high or critical.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the risk testing, where you can attach your processes to the risk, and automatically generate all of the tests."
"We can set it so that for a specific risk, or for all risks if we want, people will receive automatic notifications to do the evaluation and implement or test the control at a set interval, like every six months or every year."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"The fact that it provides visibility, compliance-related visibility, that is not readily available by cloud suppliers themselves, is its most valuable aspect."
"It hits ROI for us very well in a couple of areas that we want to address: to ensure that we don't have surprises when it comes to vulnerabilities on our dependencies — libraries and images — and from a compliance point of view, we don't want to be in a situation where we're forced to publish code because someone has decided to use libraries that would force us to either publish everything under GPL or put us in a situation where licenses are not compatible and we would have to redo part of the code."
"We have hundreds of source code repositories, and Snyk scans them in minutes (it just looks at package management files to identify the dependency tree), Snyk uses the same infrastructure to scan for all customers on the cloud which gives it lots of scalability opportunities compared to some other vendors where the software is installed on-prem or on a dedicated instance which makes the software pricy and limited."
"It is a really nice tool if you really want to do the dependency check and security scanning of your code, which falls under static code analysis."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"Static code analysis is one of the best features of the solution."
 

Cons

"I would like to see the modeling less strict so that connectors can be more flexible."
"In future releases, I would like to see more features around AI (artificial intelligence)."
"We had some issues integrating into our pipeline, however, they were resolved."
"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license."
"It would be great if they can include dynamic, interactive, and run-time scanning features."
"The tool needs improvement in license compliance. I would like to see the integration of better policy management in the product's future release. When it comes to the organization that I work for, there are a lot of business units since we are a group of companies. Each of these companies has its specific requirements and its own appetite for risk. This should be able to reflect in flexible policies. We need to be able to configure policies that can be adjusted later or overridden by the business unit that is using the product."
"The product could be improved by including other types of security scanning (e.g. SAST or DAST), which is important."
 

Pricing and Cost Advice

Information not available
"The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."
"Their licensing model is fairly robust and scalable for our needs. I believe we have reached a reasonable agreement on the licensing to enable hundreds of developers to participate in this product offering. The solution is very tailored towards developers and its licensing model works well for us."
"We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon"
"It's good value. That's the primary thing. It's not cheap-cheap, but it's good value."
"It is pretty expensive. It is not a cheap product."
"For what Snyk offers, it has the best cost-benefit I have ever seen because you're buying the license per user."
"We are using the open-source version for the scans."
"Presently, my company uses an open-source version of the solution. The solution's pricing can be considered quite reasonable owing to the features they offer."
report
Use our free recommendation engine to learn which GRC solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
13%
Manufacturing Company
11%
Computer Software Company
9%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise10
Large Enterprise23
 

Questions from the Community

What is your primary use case for ARIS Risk and Compliance Manager?
I recommend it to my customers. Sometimes, we follow the normal cycle: risk identification, then evaluation, then mitigation, and lastly, monitoring. In other processes, we use the software to anal...
What advice do you have for others considering ARIS Risk and Compliance Manager?
At this moment, I would recommend this tool. This is the tool I know more than the others. I know a little bit about BWise and other tools like Spark. But ARIS is the one I know best because I've b...
What is your experience regarding pricing and costs for ARIS Risk and Compliance Manager?
We have some nominated licenses, which are per user, and concurrent licenses. The concurrent licenses are more expensive than the other ones but are better, at least for a big company. We can have ...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What needs improvement with Snyk?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false positives would be beneficial. So far, I've not seen any AI features to enhance vuln...
What is your primary use case for Snyk?
I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the application. It integrates with Jenkins ( /products/jenkins-reviews ).
 

Also Known As

No data available
Fugue, Snyk AppRisk
 

Overview

 

Sample Customers

Alicorp, Tesco, Dubai Municipality, Emirates NBD, Suva - ARIS serves customers across all industries and of every size worldwide. Companies trust ARIS as being in the market of business process management for more than 30 years, serving users worldwide, from 1 user companies to the Fortune 500.
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about ARIS Risk and Compliance Manager vs. Snyk and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.