Cancel
You must select at least 2 products to compare!
Snyk Logo
Read 16 Snyk reviews
37,184 views|27,040 comparisons
Sonar Logo
84,215 views|66,751 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Apr 10, 2022

We performed a comparison between Sync and SonarQube based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Reviewers agree that the installation of both solutions is a straightforward process.
  • Features: Users of both products are happy with their user-interface, stability, and scalability. Sync users say it integrates well and significantly reduces vulnerabilities. A couple of Sync users mentioned that they would like improved reporting visibility.

    SonarQube users say it is user-friendly, has good code analysis abilities, and supports multiple programming languages. Several users note that SonarQube should provide better exporting and sharing options.
  • Pricing: Most reviewers of both solutions say they are fairly priced.

  • ROI: Reviewers of both products report seeing an ROI.
  • Service and Support: Sync users report being very satisfied with the level of support they receive. Some SonarQube are satisfied with the support they receive while others write that their support’s response time is slow.

Comparison Results: Sync comes out on top in this comparison. It is secure and reliable. In addition, it has excellent support and a significant ROI.

To learn more, read our detailed Snyk vs. SonarQube Report (Updated: May 2023).
708,830 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The solution has great features and is quite stable.""Snyk helps me pinpoint security errors in my code.""There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best.""The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful.""Provides clear information and is easy to follow with good feedback regarding code practices.""Snyk performs software composition analysis (SCA) similar to other expensive tools.""Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue.""Our customers find container scans most valuable. They are always talking about it."

More Snyk Pros →

"This solution has helped with the integration and building of our CICD pipeline.""All the features of the solution are quite good.""Some of the most valuable features have been the latest up-to-date of the OWASP, the monitoring, the reporting, and the ease of use with the IDE plugins, in terms of integration.""It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go.""SonarQube is a fantastic tool which saves us precious time.""The software quality gate streamlines the product's quality.""The most valuable features are the dashboard, the ability to drill down to the code, user-friendly, and the technical debt estimation.""The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."

More SonarQube Pros →

Cons
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider.""The solution could improve the reports. They have been working on improving the reports but more work could be done.""The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve""Compatibility with other products would be great.""We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good.""It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front.""One area where Snyk could improve is in providing developers with the line where the error occurs.""For the areas that they're new in, it's very early stages for them. For example, their expertise is in looking at third-party components and packages, which is their bread-and-butter and what they've been doing for ages, but for newer features such as static analysis I don't think they've got compatibility for all the languages and frameworks yet."

More Snyk Cons →

"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed.""One thing to improve would be the integration. There is a steep learning curve to get it integrated.""We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved.""You may need to purchase add-ons to get the useability you desire.""Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer.""It should be user-friendly.""If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful.""We did have some trouble with the LDAP integration for the console."

More SonarQube Cons →

Pricing and Cost Advice
  • "Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."
  • "It is pretty expensive. It is not a cheap product."
  • "The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."
  • "I didn't think the price was that great, but it wasn't that bad, either. I'd rate their pricing as average in the market."
  • "We are using the open-source version for the scans."
  • "Cost-wise, it's similar to Veracode, but I don't know the exact cost."
  • "The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."
  • "The price of the solution is expensive compared to other solutions."
  • More Snyk Pricing and Cost Advice →

  • "This solution is free."
  • "We're using the Community Edition, and we don't pay for anything."
  • "It is very expensive. Its price should be improved."
  • "The price of the solution could be reduced."
  • "The price of this solution is more expensive than competitors. However, it works better than competitors."
  • "We pay €10 per month for this solution, which is good. It provides a good value for money."
  • "The solution has a free version and a license version. The license is priced reasonably, the cost of hiring one programmer is more expensive than the solution."
  • "We are using the community version of the solution and we plan on purchasing licenses for the upgraded version soon. There is a limitation on how many lines of code can be scanned and this is why we are going to purchase a license for an increased amount."
  • More SonarQube Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    708,830 professionals have used our research since 2012.
    Answers from the Community
    Tej Muchhala
    Vishal-Goyal - PeerSpot reviewerVishal-Goyal
    Real User

    @Tej Muchhala ​: Code Quality and Security are 2 different domains and depending on how deep you want to go, the choice of tools will vary.

    1. SonarQube - This has both community editions and commercial editions. The community has limited scope and no reporting. The enterprise version has a far broader scope covered with excellent reporting capabilities. SQ does have rules to compare against OWASP's Top 10 for both 2017 and 2021. Wrt Code Quality, SQ looks at unit-level issues and not necessarily module/design issues.

    2. CAST Software Intelligence - This has 2 products - CAST Highlights can do very rapid analysis and provide you software health and also open source safety assessment for 3rd party libraries you might be using. SQ does not look into 3rd party libraries' assessment. CAST also has a dedicated security dashboard that checks code against various industry standards like OWASP, ISO 5055, CWE Top 25, NIST, etc.

    3. Snyk again has multiple products to cater to different areas of security. This is a great product and has seamless integrations into your CI pipeline.

    Regards,
    Vishal.

    Lev Lesokhin - PeerSpot reviewerLev Lesokhin
    Real User

    Hi Tej, you should also check out CAST (castsoftware.com). Their kit does a very thorough analysis that may be a good option depending on the complexity of your codebase. 

    Ayub  Shaik - PeerSpot reviewerAyub Shaik
    Real User

    Hi Tej, as per my experience, SonarQube provides a better understanding of the code, it gives you a detailed analysis of the code up to the line level. It finds vulnerabilities in the code and runs test cases for you (if you add them). Also, you can customize the quality gate rules to define the parameters your code should pass like reliability, repetition of lines, etc. On the other hand, Snyk offers you an overview of the tools you are using, or the APIs you are using inside the code and gives vulnerability notifications and fixes. SonarQube doesn't fix or doesn't give any suggestions but Snyk will give you suggestions on which version of that dependency should be used and why. I have integrated both Snyk and SonarQube as both are open source up to a certain level. 

    Questions from the Community
    Top Answer:Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you are… more »
    Top Answer:Snyk performs software composition analysis (SCA) similar to other expensive tools.
    Top Answer:Snyk can be improved on the reporting aspect regarding the traceability of SCA. It also doesn't have storage. For instance, if you are scanning version 'X' and then you're scanning on another version… more »
    Top Answer:I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have  a look… more »
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    Ranking
    Views
    37,184
    Comparisons
    27,040
    Reviews
    14
    Average Words per Review
    545
    Rating
    7.9
    Views
    84,215
    Comparisons
    66,751
    Reviews
    39
    Average Words per Review
    463
    Rating
    8.1
    Comparisons
    Also Known As
    Sonar
    Learn More
    Overview

    Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.

    Benefits of Snyk

    Some of the benefits of using Snyk include:

    • Conserves resources: Snyk easily integrates with other security solutions and uses their security features to ensure that the work that users are doing is completely secure. These integrations allow them to protect themselves without pulling resources from their continued integration or continued delivery workflows. Resources can be conserved for areas of the greatest need.
    • Highly flexible: Snyk enables users to customize the system’s security automation features to meet their needs. Users can guarantee that the automation performs the functions that are most essential for their current project. Additionally, users are able to maintain platform governance consistency across their system.
    • Keeps users ahead of emerging threats. Snyk employs a database of threats that help it detect and keep track of potential issues. This database is constantly being updated to reflect the changes that take place in the realm of cybersecurity. It also uses machine learning. Users are prepared to deal with new issues as they arise.
    • Automatically scans projects for threats. Snyk’s command-line interface enables users to schedule the solution to run automatic scans of their projects. Time and manpower can be conserved for the areas of greatest need without sacrificing security.

    Reviews from Real Users

    Snyk is a security platform for developers that stands out among its competitors for a number of reasons. Two major ones are its ability to integrate with other security solutions and important insights that it can enable users to discover. Snyk enables users to combine its already existing security features with those of other solutions to create far more robust and flexible layers of security than what it can supply on its own. It gives users the ability to dig into the security issues that they may experience. Users are given a clear view of the root causes of these problems. This equips them to address the problem and prevent similar issues in the future.

    Cameron G., a security software engineer at a tech company, writes, “The most valuable features are their GitLab and JIRA integrations.The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using. Snyk is something of a bridge that we use; we get our projects into it and then get the information out of it. Those two integrations are crucial for us to be able to do that pretty simply.”

    Sean M., the chief information security officer of a technology vendor, writes, "From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."

    SonarQube is the leading tool for continuously inspecting Code Quality and Code Security, and guiding development teams during code reviews. SonarQube provides clear remediation guidance for 27 languages so developers can understand and fix issues, and so teams can deliver better and safer software. SonarQube integrates into your workflow to provide the right feedback at the right time: in-IDE with SonarLint, in pull requests, and in SonarQube itself. With over 225,000 deployments helping small development teams and global organizations, SonarQube provides the means for teams and companies around the world to own and impact their Code Quality and Code Security.

    Offer
    Learn more about Snyk
    Learn more about SonarQube
    Sample Customers
    StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
    Bank of America, Siemens, Cognizant, Thales, Cisco, eBay
    Top Industries
    REVIEWERS
    Computer Software Company27%
    Financial Services Firm18%
    Individual & Family Service9%
    Comms Service Provider9%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm13%
    Manufacturing Company6%
    Insurance Company6%
    REVIEWERS
    Computer Software Company28%
    Financial Services Firm20%
    Comms Service Provider9%
    Insurance Company6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company17%
    Manufacturing Company9%
    Government7%
    Company Size
    REVIEWERS
    Small Business44%
    Midsize Enterprise28%
    Large Enterprise28%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise14%
    Large Enterprise64%
    REVIEWERS
    Small Business25%
    Midsize Enterprise17%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise12%
    Large Enterprise72%
    Buyer's Guide
    Snyk vs. SonarQube
    May 2023
    Find out what your peers are saying about Snyk vs. SonarQube and other solutions. Updated: May 2023.
    708,830 professionals have used our research since 2012.

    Snyk is ranked 5th in Application Security Tools with 16 reviews while SonarQube is ranked 1st in Application Security Tools with 40 reviews. Snyk is rated 8.0, while SonarQube is rated 8.2. The top reviewer of Snyk writes "Does a good analysis from the licensing and open-source perspective, but the UI, reporting, and scanning should be better". On the other hand, the top reviewer of SonarQube writes "Open-source, stable, and finds the problems for you and tells you where they are". Snyk is most compared with Black Duck, Checkmarx, Prisma Cloud by Palo Alto Networks, Mend.io and Aqua Security, whereas SonarQube is most compared with Checkmarx, Coverity, Veracode, SonarCloud and Sonatype Nexus Lifecycle. See our Snyk vs. SonarQube report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.