Try our new research platform with insights from 80,000+ expert users

Fortify Application Defender vs Snyk comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 7, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortify Application Defender
Ranking in Application Security Tools
25th
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
11
Ranking in other categories
No ranking in other categories
Snyk
Ranking in Application Security Tools
8th
Average Rating
8.0
Reviews Sentiment
7.4
Number of Reviews
48
Ranking in other categories
Static Application Security Testing (SAST) (8th), Cloud Management (15th), Container Security (6th), Software Composition Analysis (SCA) (2nd), Software Development Analytics (2nd), Cloud Security Posture Management (CSPM) (17th), DevSecOps (2nd), Application Security Posture Management (ASPM) (1st)
 

Mindshare comparison

As of September 2025, in the Application Security Tools category, the mindshare of Fortify Application Defender is 0.8%, up from 0.7% compared to the previous year. The mindshare of Snyk is 6.5%, down from 8.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Market Share Distribution
ProductMarket Share (%)
Snyk6.5%
Fortify Application Defender0.8%
Other92.7%
Application Security Tools
 

Featured Reviews

Saroj-Patnaik - PeerSpot reviewer
Reliable solution with excellent machine learning algorithms but expensive and lacking support
I primarily use Fortify Application Defender to assess whether our products can defend against applications Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications. Fortify Application Defender gives…
meetharoon - PeerSpot reviewer
Affordable tool boosts code scanning efficiency but faces integration hurdles
The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Check Point. It is easy to consolidate Snyk across multiple entities within a large organization. Additionally, our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"Its ability to find security defects is valuable."
"The product saves us cost and time."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The most valuable feature is that it analyzes data in real-time."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The solution helped us to improve the code quality of our organization."
"The valuable aspect is its security capabilities."
"A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"I am impressed with the product's security vulnerability detection. My peers in security are praising the tool for its accuracy to detect security vulnerabilities. The product is very easy to onboard. It doesn't require a lot of preparation or prerequisites. It's a bit of a plug-and-play as long as you're using a package manager or for example, you are using a GitHub repository. And that is an advantage for this tool because developers don't want to add more tools to what they're currently using."
"The solution's vulnerability database, in terms of comprehensiveness and accuracy, is very high-level. As far as I know, it's the best among their competitors."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"It has an accurate database of vulnerabilities with a low amount of false positives."
 

Cons

"Fortify Application Defender gives a lot of false positives."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"The solution is quite expensive."
"Support for older compilers/IDEs is lacking."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"The licensing can be a little complex."
"The workbench is a little bit complex when you first start using it."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
"A feature we would like to see is the ability to archive and store historical data, without actually deleting it. It's a problem because it throws my numbers off. When I'm looking at the dashboard's current vulnerabilities, it's not accurate."
"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."
"Basically the licensing costs are a little bit expensive."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
 

Pricing and Cost Advice

"The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
"The price of this solution could be less expensive."
"Fortify Application Defender is very expensive."
"The base licensing costs for the SaaS platform is about $900 USD per application, per year."
"I rate the solution's pricing a five out of ten. It comes as an annual cloud subscription. The tool's pricing is around 50 lakhs."
"The product’s price is much higher than other tools."
"Their licensing model is fairly robust and scalable for our needs. I believe we have reached a reasonable agreement on the licensing to enable hundreds of developers to participate in this product offering. The solution is very tailored towards developers and its licensing model works well for us."
"Snyk is an expensive solution."
"I didn't think the price was that great, but it wasn't that bad, either. I'd rate their pricing as average in the market."
"Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."
"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."
"The pricing is reasonable."
"It's good value. That's the primary thing. It's not cheap-cheap, but it's good value."
"The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
867,676 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Manufacturing Company
14%
Computer Software Company
12%
Government
10%
Financial Services Firm
15%
Computer Software Company
13%
Manufacturing Company
9%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise8
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise8
Large Enterprise21
 

Questions from the Community

What do you like most about Fortify Application Defender?
I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy.
What needs improvement with Fortify Application Defender?
The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and...
What is your primary use case for Fortify Application Defender?
We use the solution for fast code review. It is integrated into our DevOps pipeline.
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.
What needs improvement with Snyk?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false positives would be beneficial. So far, I've not seen any AI features to enhance vuln...
 

Also Known As

HPE Fortify Application Defender, Micro Focus Fortify Application Defender
Fugue
 

Overview

 

Sample Customers

ServiceMaster, Saltworks, SAP
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about Fortify Application Defender vs. Snyk and other solutions. Updated: September 2025.
867,676 professionals have used our research since 2012.