We performed a comparison between Snyk and WhiteSource based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Snyk is the winner in this comparison. It is high performing with a good UI. In addition, it has excellent customer support and its users feel that it is reasonably priced.
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"The vulnerability analysis is the best aspect of the solution."
"What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently."
"We set the solution up and enabled it and we had everything running pretty quickly."
"The solution has great features and is quite stable."
"The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"Our customers find container scans most valuable. They are always talking about it."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"The code scans on the source code itself were valuable."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"The only thing that I don't find support for on Mend Prioritize is C++."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"The solution's reporting and storage could be improved."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"The feature for automatic fixing of security breaches could be improved."
"For the areas that they're new in, it's very early stages for them. For example, their expertise is in looking at third-party components and packages, which is their bread-and-butter and what they've been doing for ages, but for newer features such as static analysis I don't think they've got compatibility for all the languages and frameworks yet."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
Mend.io is ranked 3rd in Software Composition Analysis (SCA) with 11 reviews while Snyk is ranked 2nd in Software Composition Analysis (SCA) with 17 reviews. Mend.io is rated 8.4, while Snyk is rated 7.8. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of Snyk writes "A cost-effective solution that makes scanning your repositories a cinch". Mend.io is most compared with SonarQube, Black Duck, Veracode, Checkmarx and Sonatype Nexus Lifecycle, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Checkmarx and JFrog Security Essentials. See our Mend.io vs. Snyk report.
See our list of best Software Composition Analysis (SCA) vendors and best Application Security Tools vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.