2021-09-26T12:29:00Z
NC
Content Manager at PeerSpot (formerly IT Central Station)
  • 2
  • 401

How does Snyk compare with SonarQube?

Which is better?

1
PeerSpot user
1 Answer
User
Top 5
2021-10-27T17:40:00Z
Oct 27, 2021

Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you are using so you don’t have to scan projects all the time. This solution fixed vulnerabilities quickly - even ones we didn’t know were there.


SonarQube is easy to deploy and configure. It also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. It is great if you want to quickly focus on functional requirements. This solution is very easy to use and understand.


Snyk has some scalability issues, especially if you are using a lot of code. This may potentially slow things down, affecting productivity. The notifications regarding vulnerabilities seem too broad to me. I think it would be better if there was a filtering process to more precisely report varied vulnerabilities. Snyk is also lacking slightly on the documentation end; we can’t always figure out how to fix an issue because proper documentation is not there, so it takes us longer to find the fix.


There were some security issues with our code that SonarQube did not find. Defining the quality of rules should be improved to ensure that low-performance code does not move forward to production. We would like to see better security scanning and statistical analysis from this solution


Conclusion


These tools provide many of the same valuable problem-solving traits and resolutions. They are both very good. We liked Snyk better for its ease of use and great integration with other tools. We also found that the information Snyk provided with regard to issues and resolutions were what our team liked best.




VG
Chief Architect at Peristent Systems
Real User
Top 5Leaderboard
Dec 8, 2021

@reviewer1650858 : Did you use Snyk for both SAST and SCA analysis. If yes, for SAST, did you upload source code to synk platform for getting results. As per documentation, they need source code to be uploaded for 24 hrs after which they remove it.

PeerSpot user
Find out what your peers are saying about Snyk vs. SonarQube and other solutions. Updated: March 2023.
686,748 professionals have used our research since 2012.
Product comparison that may be of interest to you
Related Questions
Meri Harutyunyan - PeerSpot reviewer
DevSecOps Engineer at a financial services firm with 1,001-5,000 employees
Nov 1, 2022
Hello community,  After the first full scan with Snyk, when the programmer changes something in the code, does he scan the code again completely or only the changes? Thank you for your help.
VG
Chief Architect at Peristent Systems
Aug 12, 2022
Dear experts, I wanted to check with those who have experience in using both SonarQube Community Edition and SonarQube Enterprise Edition. What real advantages do you see in spending money to procure an enterprise license vs using community edition which is free? I'm aware enterprise provides better programming languages coverage, strong reporting and more rules. But I wanted to hear feedbac...
See 1 answer
AQ
Independent Professional at Studio Dott. Ing. Angelo Quaglia
Aug 12, 2022
Decoration of pull requests is pretty cool.
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 25, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Container Security Tools to help y...
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 19, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 5 Software Composition Analysis (SCA...
Product Comparisons
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 25, 2022
Top 6 Container Security Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 19, 2022
Top 5 Software Composition Analysis (SCA) Solutions 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our FREE report comparing Snyk and SonarQube based on reviews, features, and more! Updated: March 2023.
DOWNLOAD NOW
686,748 professionals have used our research since 2012.