We performed a comparison between Checkmarx and Snyk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Snyk has an edge in this comparison. According to its reviewers, it is a less expensive product than Checkmarx.
"The most valuable feature is the application tracking reporting."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"One of the most valuable features is it is flexible."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"The solution has great features and is quite stable."
"Our customers find container scans most valuable. They are always talking about it."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"Snyk is a good and scalable tool."
"The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"Checkmarx could improve the speed of the scans."
"Checkmarx could improve by reducing the price."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"It is an expensive solution."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"We have received some feedback from our customers who are receiving a large number of false positives."
"Checkmarx needs to be more scalable for large enterprise companies."
"The feature for automatic fixing of security breaches could be improved."
"Compatibility with other products would be great."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
"For the areas that they're new in, it's very early stages for them. For example, their expertise is in looking at third-party components and packages, which is their bread-and-butter and what they've been doing for ages, but for newer features such as static analysis I don't think they've got compatibility for all the languages and frameworks yet."
"Could include other types of security scanning and statistical analysis"
"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."
"The solution's integration with JFrog Artifactory could be improved."
Checkmarx One doesn't meet the minimum requirements to be ranked in DevSecOps with 67 reviews while Snyk is ranked 1st in DevSecOps with 41 reviews. Checkmarx One is rated 7.6, while Snyk is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Coverity and Mend.io, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Veracode and Prisma Cloud by Palo Alto Networks. See our Checkmarx One vs. Snyk report.
See our list of best DevSecOps vendors and best Application Security Tools vendors.
We monitor all DevSecOps reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.