Checkmarx One vs Snyk comparison

Checkmarx One
Read 68 Checkmarx One reviews
  • 31,928 Views
  • 20,416 Comparison Views
86% willing to recommend
Snyk
Read 42 Snyk reviews
  • 17,630 Views
  • 12,311 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Aug 25, 2022

We performed a comparison between Checkmarx and Snyk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Most users of both solutions agree that their initial setup is straightforward.

  • Features: Users of both products are happy with their stability and scalability.

    Checkmarx users say that it gives them good visibility, has excellent scanning features, and performs well. Several users note that its interface could improve.

    Snyk users say it is easy to use, feature-rich, and that its vulnerability database is comprehensive and accurate. A couple of Snyk users mention that they would like better reporting capabilities.
  • Pricing: Checkmarx received mixed reviews in the pricing category. Some users feel that it is expensive. In contrast, Snyk users say it is reasonably priced.
  • ROI: Reviewers of both solutions report seeing an ROI.
  • Service and Support: Users of both solutions report being satisfied with the level of support they receive.

Comparison Results: Snyk has an edge in this comparison. According to its reviewers, it is a less expensive product than Checkmarx.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Checkmarx One vs. Snyk Report (Updated: June 2024).
Buyer's Guide
Checkmarx One vs. Snyk
June 2024
Download the complete report
Helped 793,295 peers since 2012
 

Categories and Ranking

Checkmarx One
Ranking in Application Security Tools
3rd
Ranking in DevSecOps
2nd
Average Rating
7.6
Number of Reviews
68
Ranking in other categories
Static Application Security Testing (SAST) (3rd), Vulnerability Management (12th), Static Code Analysis (2nd), API Security (4th), Risk-Based Vulnerability Management (5th)
Snyk
Ranking in Application Security Tools
4th
Ranking in DevSecOps
1st
Average Rating
8.2
Number of Reviews
42
Ranking in other categories
Container Security (6th), Software Composition Analysis (SCA) (2nd), Software Development Analytics (2nd)
 

Mindshare comparison

As of July 2024, in the Application Security Tools category, the mindshare of Checkmarx One is 13.0%, down from 15.4% compared to the previous year. The mindshare of Snyk is 7.8%, down from 8.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
Unique Categories:
Static Application Security Testing (SAST)
11.1%
Vulnerability Management
0.6%
Container Security
4.8%
Software Composition Analysis (SCA)
17.8%
 

Featured Reviews

NH
Feb 9, 2024
A highly scalable solution that reduces workloads, saves time, and fixes loopholes and vulnerabilities swiftly
It is very easy for the analyst to have everything in a consolidated single pane of glass. Previously, they ran multiple tools. They used one tool for source code analysis and another for static code review. Then, I manually verified each result. Since we moved to Checkmarx, it has been very easy for the analyst. The tool gives us a shareable report that can be easily shared with management once the product is done. The solution’s performance and the consolidated information it provides are valuable. The platform is completely on the cloud. There are no scalability or connectivity issues. The platform is stable. It can be accessed from anywhere. We used open-source tools before. We had to deploy the tools in the customers' environment to establish the connection between the tools and their product application. Since Checkmarx is a SaaS-based platform, we need only the forward connection from Checkmarx to the tool. The tool handles everything else. We just need a single firewall rule to be enabled on the platform to establish the connection. The deployment is very simple. We need just one rule to forward the web application to Checkmarx. The scanning engine is very good. Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%. The tool has greatly reduced the time and effort our analysts need to do their tasks. It's very useful if we need to perform a short-term project. It is greatly helpful in fixing loopholes and vulnerabilities swiftly.
Read full review
NH
May 28, 2024
Supports multiple programming languages for security practices
Snyk protects vulnerabilities in the code as usual, detects abnormal data flow inside the field, and similar tasks The specific feature of Snyk that has significantly improved my vulnerability management is its ability to identify vulnerabilities and suggest solutions to fix them. Snyk's…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution communicates where to fix the issue for the purpose of less iterations."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The tool's valuable features include integrating GPT and Copilot. Additionally, the UI web representation is very user-friendly, making navigation easy. GPT has made several improvements to my security code."
"Our static operation security has been able to identify more security issues since implementing this solution."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"The solution allows us to create custom rules for code checks."
"Vulnerability details is valuable."
More Checkmarx One pros
"The solution's vulnerability database, in terms of comprehensiveness and accuracy, is very high-level. As far as I know, it's the best among their competitors."
"The solution has great features and is quite stable."
"The most valuable feature of Snyk is the software composition analysis."
"The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities."
"Snyk is a good and scalable tool."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario."
"It's very easy for developers to use. Onboarding was an easy process for all of the developers within the company. After a quick, half-an-hour to an hour session, they were fully using it on their own. It's very straightforward. Usability is definitely a 10 out of 10."
More Snyk pros
 

Cons

"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"Checkmarx could improve by reducing the price."
"The validation process needs to be sped up."
"Checkmarx is not good because it has too many false positive issues."
"Checkmarx needs to be more scalable for large enterprise companies."
"The reports are good, but they still need to be improved considering what the UI offers."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
More Checkmarx One cons
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"The solution's reporting and storage could be improved."
"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."
More Snyk cons
 

Pricing and Cost Advice

"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"This solution is expensive. The customized package allows you to buy additional users at any time."
"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
More Checkmarx One pricing and cost advice
"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing a three. It is a cheap solution."
"Cost-wise, it's similar to Veracode, but I don't know the exact cost."
"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."
"The pricing is reasonable."
"The product has good pricing."
"I didn't think the price was that great, but it wasn't that bad, either. I'd rate their pricing as average in the market."
"We are using the open-source version for the scans."
"Snyk is an expensive solution."
More Snyk pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
793,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Computer Software Company
16%
Financial Services Firm
15%
Manufacturing Company
8%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
See all answers
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
See all answers
What is your experience regarding pricing and costs for Checkmarx?
The tool's pricing is fine.
See all answers
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
See all answers
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.
See all answers
What needs improvement with Snyk?
I use Snyk alongside Sonar, and Snyk tends to generate a lot of false positives. Improving the overall report quality and reducing false positives would be beneficial. I don't need additional featu...
See all answers
 

Comparisons

SonarQube vs Checkmarx One Logo
SonarQube vs Checkmarx One
Compared 52% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 13% of the time
Fortify on Demand vs Checkmarx One Logo
Fortify on Demand vs Checkmarx One
Compared 7% of the time
Coverity vs Checkmarx One Logo
Coverity vs Checkmarx One
Compared 4% of the time
Mend.io vs Checkmarx One Logo
Mend.io vs Checkmarx One
Compared 2% of the time
More Checkmarx One Competitors
SonarQube vs Snyk Logo
SonarQube vs Snyk
Compared 14% of the time
Black Duck vs Snyk Logo
Black Duck vs Snyk
Compared 12% of the time
GitHub Advanced Security vs Snyk Logo
GitHub Advanced Security vs Snyk
Compared 10% of the time
Fortify Static Code Analyzer vs Snyk Logo
Fortify Static Code Analyzer vs Snyk
Compared 6% of the time
Prisma Cloud by Palo Alto Networks vs Snyk Logo
Prisma Cloud by Palo Alto Networks vs Snyk
Compared 4% of the time
More Snyk Competitors
 

Product Reports

Buyer's Guide
Checkmarx One
July 2024
Checkmarx One reportDownload Checkmarx One product report
Buyer's Guide
Snyk
June 2024
Snyk reportDownload Snyk product report
 

Learn More

Checkmarx
Snyk
 

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.

Benefits of Snyk

Some of the benefits of using Snyk include:

  • Conserves resources: Snyk easily integrates with other security solutions and uses their security features to ensure that the work that users are doing is completely secure. These integrations allow them to protect themselves without pulling resources from their continued integration or continued delivery workflows. Resources can be conserved for areas of the greatest need.
  • Highly flexible: Snyk enables users to customize the system’s security automation features to meet their needs. Users can guarantee that the automation performs the functions that are most essential for their current project. Additionally, users are able to maintain platform governance consistency across their system.
  • Keeps users ahead of emerging threats. Snyk employs a database of threats that help it detect and keep track of potential issues. This database is constantly being updated to reflect the changes that take place in the realm of cybersecurity. It also uses machine learning. Users are prepared to deal with new issues as they arise.
  • Automatically scans projects for threats. Snyk’s command-line interface enables users to schedule the solution to run automatic scans of their projects. Time and manpower can be conserved for the areas of greatest need without sacrificing security.

Reviews from Real Users

Snyk is a security platform for developers that stands out among its competitors for a number of reasons. Two major ones are its ability to integrate with other security solutions and important insights that it can enable users to discover. Snyk enables users to combine its already existing security features with those of other solutions to create far more robust and flexible layers of security than what it can supply on its own. It gives users the ability to dig into the security issues that they may experience. Users are given a clear view of the root causes of these problems. This equips them to address the problem and prevent similar issues in the future.

Cameron G., a security software engineer at a tech company, writes, “The most valuable features are their GitLab and JIRA integrations.The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using. Snyk is something of a bridge that we use; we get our projects into it and then get the information out of it. Those two integrations are crucial for us to be able to do that pretty simply.”

Sean M., the chief information security officer of a technology vendor, writes, "From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Buyer's Guide
Checkmarx One vs. Snyk
June 2024
Free Report: Checkmarx One vs. Snyk
Find out what your peers are saying about Checkmarx One vs. Snyk and other solutions. Updated: June 2024.
DOWNLOAD NOW
793,295 professionals have used our research since 2012.
See our Checkmarx One vs. Snyk report.
See our list of best Application Security Tools vendors and best DevSecOps vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.