No more typing reviews! Try our Samantha, our new voice AI agent.

IBM Tivoli Composite Application Manager vs Snyk comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

IBM Tivoli Composite Applic...
Ranking in Application Performance Monitoring (APM) and Observability
64th
Average Rating
6.6
Reviews Sentiment
4.3
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Snyk
Ranking in Application Performance Monitoring (APM) and Observability
21st
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
51
Ranking in other categories
Application Security Tools (7th), Static Application Security Testing (SAST) (5th), GRC (6th), Cloud Management (14th), Vulnerability Management (21st), Container Security (7th), Software Composition Analysis (SCA) (2nd), Software Development Analytics (2nd), Cloud Security Posture Management (CSPM) (17th), DevSecOps (3rd), Application Security Posture Management (ASPM) (2nd), AI Security (10th)
 

Mindshare comparison

As of July 2026, in the Application Performance Monitoring (APM) and Observability category, the mindshare of IBM Tivoli Composite Application Manager is 0.6%, up from 0.3% compared to the previous year. The mindshare of Snyk is 1.2%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Performance Monitoring (APM) and Observability Mindshare Distribution
ProductMindshare (%)
Snyk1.2%
IBM Tivoli Composite Application Manager0.6%
Other98.2%
Application Performance Monitoring (APM) and Observability
 

Featured Reviews

CC
Sales manager at Prodeo Innovation
Integrates well with IBM technologies, but it's outdated and lacks essential features
Implementing synthetic monitoring for our Internet banking site has been challenging. The installation process is difficult, requiring continuous support and specialist expertise due to our limited knowledge of managing it effectively. I have concerns about the complexity of the tool and the challenges in managing it effectively. The support provided is not satisfactory, and the specialists available lack sufficient training and expertise in using the tool.
Abhishek-Goyal - PeerSpot reviewer
Software Engineer at a computer software company with 11-50 employees
Improves security posture by actively reducing critical vulnerabilities and guiding remediation
Snyk's main features include open-source vulnerability scanning, code security, container security, infrastructure as code security, risk-based prioritization, development-first integration, continuous monitoring and alerting, automation, and remediation. The best features I appreciate are the vulnerability checking, vulnerability scanning, and code security capabilities, as Snyk scans all open-source dependencies for known vulnerabilities and helps with license compliance for open-source components. Snyk integrates into IDEs, allowing issues to be caught as they appear in the code dynamically and prioritizes risk while providing remediation advice. Snyk provides actionable remediation advice on where vulnerabilities can exist and where code security is compromised, automatically scanning everything and providing timely alerts. Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients. Snyk has helped reduce vulnerabilities significantly. Initially, the repository had 17 to 31 critical and high vulnerabilities, but Snyk has helped manage them down to just five vulnerabilities, which are now lower and not high or critical.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"IBM's main value lies in its integration with its own technologies, which can be seen as a benefit in environments where IBM products are extensively used."
"The solution is very stable, and we never had any issues with stability."
"Snyk is a developer-friendly product."
"Snyk allows developers and development managers to identify open-source vulnerabilities in every stage, and as a result the fix is much cheaper than identifying something in production, being up to 100 times less expensive and enabling a few early bug fixes to cover all the license fees for the annual subscription of Snyk."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"Snyk allows us to spend less time securing applications, increasing their productivity."
 

Cons

"The user interface was not good."
"The installation process is difficult, requiring continuous support and specialist expertise due to our limited knowledge of managing it effectively."
"I use Snyk alongside Sonar, and Snyk tends to generate a lot of false positives. Improving the overall report quality and reducing false positives would be beneficial. I don't need additional features; just improving the existing ones would be enough."
"The solution's integration with JFrog Artifactory could be improved."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."
"Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR."
 

Pricing and Cost Advice

"I would rate the pricing a nine to ten. It is very expensive."
"I didn't think the price was that great, but it wasn't that bad, either. I'd rate their pricing as average in the market."
"The product has good pricing."
"The price is good. Snyk had a good price compared to the competition, who had higher pricing than them. Also, their licensing and billing are clear."
"The product's price is okay."
"Cost-wise, it's similar to Veracode, but I don't know the exact cost."
"Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."
"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."
"Compared to Veracode, Snyk is definitely a cheaper tool."
report
Use our free recommendation engine to learn which Application Performance Monitoring (APM) and Observability solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
26%
Construction Company
12%
Government
12%
Healthcare Company
7%
Financial Services Firm
13%
Manufacturing Company
11%
Computer Software Company
9%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise10
Large Enterprise23
 

Questions from the Community

Ask a question
Earn 20 points
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What needs improvement with Snyk?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false positives would be beneficial. So far, I've not seen any AI features to enhance vuln...
What is your primary use case for Snyk?
I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the application. It integrates with Jenkins ( /products/jenkins-reviews ).
 

Also Known As

Tivoli Composite Application Manager
Fugue, Snyk AppRisk
 

Overview

 

Sample Customers

Michelin Tire Corp
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about IBM Tivoli Composite Application Manager vs. Snyk and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.