Veracode and Snyk compete in the application security sector, each distinguished by specific strengths. Veracode appears to have the upper hand with its comprehensive suite ideal for larger organizations needing high security and compliance standards, while Snyk excels in developer-friendly, open-source, and cloud-native environments.
Features: Veracode offers static, dynamic, and software composition analysis, enhancing regulatory compliance and language support. It integrates into the SDLC to aid in vulnerability management and remediation consultations. Snyk specializes in container security with developer-centric tools and robust vulnerability notification and remediation capabilities, ideal for teams using open-source components.
Room for Improvement: Veracode faces challenges with false positives and integrating with newer technologies and frameworks such as microservices and mobile apps. Improvements could include user complexity and native language support. Snyk, praised for ease of use, has occasional false positives and needs enhancements in integration extensiveness and automated vulnerability fixes. Better API functionalities could also expand its utility across various setups.
Ease of Deployment and Customer Service: Veracode supports public and hybrid cloud environments, known for comprehensive support although some user feedback indicates response times could improve. It requires a learning curve, though it is adaptable. Snyk is flexible and easy in public cloud setups, offering high-rated customer support and user satisfaction in issue resolution, appealing to agile teams.
Pricing and ROI: Veracode, with its extensive features, is better suited for large enterprises, offering a strong ROI by reducing costs related to vulnerability management despite a higher price point. Snyk, while also premium-priced, is deemed cost-effective in fast vulnerability detection and remediation with modular plans that offer good value for dynamic, development-led teams.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
Our long-standing association has ensured smooth communication, resulting in favorable support experiences and satisfactory issue resolution.
Their response time aligns with their SLA commitments.
Access to the engineering team is crucial for faster feedback on the product fix process.
I have communicated with the technical support of Veracode a couple of times, and this was a really great experience because these professionals know their material.
They share detailed information via email, including screenshots or further clarification about the issue.
Snyk allows for scaling across large organizations, accommodating tens of thousands of applications and over 60,000 repositories.
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
Implementing these features into our normal CI/CD was good, so I can say that scalability is really good.
If the Veracode server is down, we experience many issues during the scan.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for that functionality.
The inclusion of AI to remove false positives would be beneficial.
As we are moving toward GenAI, we expect Snyk to leverage AI features to improve code scanning findings.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
Snyk is recognized as the cheapest option we have evaluated.
After negotiations, we received a special package with a good price point.
It's not the most expensive solution.
Overall, Veracode's pricing is lower and more scalable than many alternatives in the market.
If there's a security gap, you'll never know the cost or effect.
Our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.
Snyk helps detect vulnerabilities before code moves to production, allowing for integration with DevOps and providing a shift-left advantage by identifying and fixing bugs before deployment.
The best feature of Snyk is the integration with our ticketing system, which is Jira.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
| Product | Market Share (%) |
|---|---|
| Veracode | 8.0% |
| Snyk | 6.5% |
| Other | 85.5% |
| Company Size | Count |
|---|---|
| Small Business | 20 |
| Midsize Enterprise | 8 |
| Large Enterprise | 21 |
| Company Size | Count |
|---|---|
| Small Business | 69 |
| Midsize Enterprise | 43 |
| Large Enterprise | 112 |
Snyk's AI Trust Platform empowers developers to innovate securely in AI-driven environments, ensuring rapid and secure software development with enhanced policy governance.
Snyk’s platform integrates AI-ready engines across the software development lifecycle, offering broad coverage with high speed and accuracy essential for fast-paced coding environments. AI-driven features include visibility, prioritization, and tailored security policies that enable proactive threat prevention and quick remediation. By focusing on LLM engineering and AI code analysis, Snyk supports secure and productive development processes. The platform's partnerships, including GenAI code assistants, enhance AI application security by addressing new threats and code velocity challenges.
What are the key features of Snyk?Snyk is implemented across industries focusing on agile development and DevSecOps, enhancing software delivery speed and security. It is widely used for continuous monitoring and adherence to security and licensing standards, especially in environments relying on Docker image security and CI/CD pipeline integration.
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.
What are the key features of Veracode?
What benefits should users consider in Veracode reviews?
Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.
Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
