Try our new research platform with insights from 80,000+ expert users

Snyk vs Veracode comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 4, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
6.7
Snyk significantly boosts productivity and ROI by enhancing vulnerability management, offering quick integration, and providing cost-saving preventative measures.
Sentiment score
6.8
Veracode saves time, reduces manual processes, decreases penetration tests, enhances compliance, and improves code quality to prevent costly breaches.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
 

Customer Service

Sentiment score
7.5
Snyk's support is generally praised for direct expert access and proactive communication, though some desire faster, clearer responses.
Sentiment score
7.3
Veracode's support is praised for expertise and responsiveness, but experiences vary, especially with complex issues and staffing.
Our long-standing association has ensured smooth communication, resulting in favorable support experiences and satisfactory issue resolution.
Their response time aligns with their SLA commitments.
Access to the engineering team is crucial for faster feedback on the product fix process.
They are very responsive and quick to help with queries within our scope.
They respond very quickly since security is something critical.
 

Scalability Issues

Sentiment score
7.3
Snyk scales well with extensive repositories, though users want faster bulk processing and improved UI, appreciating integration ease.
Sentiment score
7.5
Veracode offers robust scalability, efficiently managing diverse usage scenarios and volumes, maintaining smooth performance for various organizational sizes.
Snyk allows for scaling across large organizations, accommodating tens of thousands of applications and over 60,000 repositories.
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
 

Stability Issues

Sentiment score
7.8
Snyk is stable with minimal downtime, reliable performance, responsive support, and highly rated stability for cloud and on-prem setups.
Sentiment score
7.9
Users find Veracode stable and reliable, with minimal downtime and effective workload handling despite minor issues.
If the Veracode server is down, we experience many issues during the scan.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
 

Room For Improvement

Snyk requires improved language support, IDE integration, UI, accuracy, reporting, automation, documentation, API access, and AI-driven vulnerability detection.
Users seek improved false positives, dynamic scanning, UI/UX, language support, integration, reporting, and pricing in Veracode.
It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for that functionality.
The inclusion of AI to remove false positives would be beneficial.
As we are moving toward GenAI, we expect Snyk to leverage AI features to improve code scanning findings.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
 

Setup Cost

Snyk offers competitive, scalable pricing based on committers, providing value and flexibility for large-scale enterprise deployments.
Veracode's pricing is high but valued for comprehensive features, with flexible options and discounts available for enterprises.
Snyk is recognized as the cheapest option we have evaluated.
After negotiations, we received a special package with a good price point.
It's not the most expensive solution.
If there's a security gap, you'll never know the cost or effect.
Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode.
 

Valuable Features

Snyk excels with its ease of integration, extensive vulnerability management, and cost-effective support for multiple development tools and languages.
Veracode offers scalable security with static/dynamic analysis, seamless integrations, low false positives, and compliance-focused reporting, enhancing developer workflows.
Our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.
Snyk helps detect vulnerabilities before code moves to production, allowing for integration with DevOps and providing a shift-left advantage by identifying and fixing bugs before deployment.
The best feature of Snyk is the integration with our ticketing system, which is Jira.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
 

Categories and Ranking

Snyk
Ranking in Application Security Tools
5th
Ranking in Static Application Security Testing (SAST)
8th
Ranking in Container Security
5th
Ranking in Software Composition Analysis (SCA)
2nd
Ranking in Application Security Posture Management (ASPM)
1st
Average Rating
8.0
Reviews Sentiment
7.4
Number of Reviews
48
Ranking in other categories
Cloud Management (14th), Software Development Analytics (2nd), Cloud Security Posture Management (CSPM) (16th), DevSecOps (2nd)
Veracode
Ranking in Application Security Tools
2nd
Ranking in Static Application Security Testing (SAST)
2nd
Ranking in Container Security
8th
Ranking in Software Composition Analysis (SCA)
3rd
Ranking in Application Security Posture Management (ASPM)
2nd
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
201
Ranking in other categories
Static Code Analysis (1st)
 

Mindshare comparison

As of July 2025, in the Application Security Tools category, the mindshare of Snyk is 7.5%, down from 8.1% compared to the previous year. The mindshare of Veracode is 9.0%, down from 10.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

meetharoon - PeerSpot reviewer
Affordable tool boosts code scanning efficiency but faces integration hurdles
The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Check Point. It is easy to consolidate Snyk across multiple entities within a large organization. Additionally, our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.
Sajal Sharma - PeerSpot reviewer
Offers shift-left security strategy and helps us with the latest security configurations, OWASP standards, and SAST standards
It's robustness is the main benefit to the organization. As it gets upgraded with time, it also improves the coverage – security configuration coverages and vulnerability coverages. It also updates itself with the latest known vulnerabilities that are uploaded to the NVD, OWASP, or other databases. So it gets upgraded itself with that. And so with each upgrade, it gets better and better. The solution offers the ability to prevent vulnerable code from going into production. It provides us with a report containing multiple remediations and mitigations for each vulnerability. For example, if it finds a cross-site scripting vulnerability, it will also include references like CWE and CVE records, instructions on how to fix it, and the specific line of code or module where the vulnerability is present. This helps us fix the issues accordingly. I'm a penetration tester and DevSecOps engineer. I evaluate the findings, mark false positives, and manually exploit vulnerabilities if they exist. If we need further clarification, we raise a ticket with the Veracode team and get consultancy from them. We are a software development team. If we find a vulnerability, I exploit it and come back with the best possible mitigation, and the dev team fixes it. If we use Veracode Fix, it might use third-party implementations or make changes we aren't aware of. We need to be very aware of what our application is using internally. It should be known to us. As per my experience, the solution's policy reporting ensures compliance with industry standards. It comes with multiple features. I get the most out of it, and it's good. The solution provides visibility into application status at every phase of development. Like static analysis, dynamic analysis, software composition, and manual penetration tests - throughout the SDLC We have a pipeline that I maintain. I use the Veracode API account and have integrated it with AWS and our Jenkins pipeline. We use Snyk for SCA and Veracode for SAST scanning. At the earliest stage of the build, the SAST scan runs along with the JS and PHP files. It provides us with reports, which are then handed over to the other tools we depend on. If I validate the report or check the Veracode dashboard and find vulnerabilities, I mark them as false positives or existing issues. We work on multiple projects, but the one I'm handling these days only uses Veracode for SAST. It's been about one and a half years since I've been working with Veracode and this project. It is quite impressive. There are some things Veracode cannot find, like code obfuscations inside the code and some insecure randoms. Sometimes, it misses those flaws. But overall, if I compare it with other tools, it is better. I will definitely recommend others to use this tool. We run the scan before each deployment. If the dev team builds a new module or something, we scan it along with all the files. If we find anything, we get it fixed. That's how it works. Veracode is quite important to the organization's shift-left security strategy because we make a scan for each deployment. Sometimes, if I think we need to perform a shift-left, I just make a scan before deployment and check for any misconfiguration or vulnerability in the code.
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
860,711 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
14%
Manufacturing Company
9%
Insurance Company
7%
Computer Software Company
16%
Financial Services Firm
16%
Manufacturing Company
8%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.
What needs improvement with Snyk?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false positives would be beneficial. So far, I've not seen any AI features to enhance vuln...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What do you like most about Veracode?
The SAST and DAST modules are great.
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
 

Also Known As

Fugue
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about Snyk vs. Veracode and other solutions. Updated: June 2025.
860,711 professionals have used our research since 2012.