Contrast Security Assess vs Snyk comparison

Read 44 Snyk reviews

13,724 Views
10,048 Comparison Views

100% willing to recommend

Contrast Security Assess

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Contrast Security Assess and Snyk are leading tools in the security space. Users find the pricing and support of Contrast Security Assess to be more favorable, while Snyk attracts with its richer features despite a higher cost.

Features: Contrast Security Assess offers comprehensive vulnerability analysis, robust integration capabilities, and easy deployment. Snyk provides open-source scanning, real-time monitoring, and broader support for multiple languages and platforms.

Room for Improvement: Contrast Security Assess could improve integration with newer technologies, enhance its documentation, and broaden language support. Snyk users desire better reporting capabilities, faster scanning processes, and more performance optimizations.

Ease of Deployment and Customer Service: Contrast Security Assess features a straightforward deployment model and supportive customer service. Snyk offers a simple deployment with rapid customer support response times, including swifter resolution times, which users find essential.

Pricing and ROI: Contrast Security Assess has a competitive setup cost and favorable ROI due to efficient integration capabilities. Snyk, despite a steeper initial cost, holds higher long-term value through a comprehensive feature set, though the initial investment remains a user consideration.

To learn more, read our detailed Contrast Security Assess vs. Snyk Report (Updated: December 2024).

Contrast Security Assess vs. Snyk

December 2024

Download the complete report

Helped 824,168 peers since 2012

Categories and Ranking

Contrast Security Assess

Ranking in Application Security Tools

28th

Average Rating

8.8

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (24th)

Snyk

Ranking in Application Security Tools

4th

Average Rating

8.2

Reviews Sentiment

7.3

Number of Reviews

Ranking in other categories

Container Security (7th), Software Composition Analysis (SCA) (3rd), Software Development Analytics (2nd), DevSecOps (1st)

Mindshare comparison

As of December 2024, in the Application Security Tools category, the mindshare of Contrast Security Assess is 0.4%, down from 0.5% compared to the previous year. The mindshare of Snyk is 7.6%, down from 8.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Featured Reviews

ToddMcAlister

Lead Application and Data Security Engineer at a insurance company with 5,001-10,000 employees

It has an excellent API interface to pull APIs.

Assess has brought our development time down because it helps create code the first time. Instead of going through the Jenkins process to build an application, they can see right off the bat that if there are errors in the code and fix them before it even goes to build.

Read full review

Jayashree Acharyya

Director at PepsiCo

Used for image scanning and identifying vulnerabilities, but its integration with other services could be improved

The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not. We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline. Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance. The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub. Overall, I rate the solution a seven out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The solution is very accurate in identifying vulnerabilities. In cases where we are performing application assessment using Contrast Assess, and also using legacy application security testing tools, Contrast successfully identifies the same vulnerabilities that the other tools have identified but it also identifies significantly more. In addition, it has visibility into application components that other testing methodologies are unaware of."

"It is a stable solution...Contrast Security Assess is one of the first players in this market, so they have experience and customers, especially abroad. Overall, it's a good product."

"The accuracy of the solution in identifying vulnerabilities is better than any other product we've used, far and away. In our internal comparisons among different tools, Contrast consistently finds more impactful vulnerabilities, and also identifies vulnerabilities that are nearly guaranteed to be there, meaning that the chance of false positives is very low."

"The most valuable feature is the continuous monitoring aspect: the fact that we don't have to wait for scans to complete for the tool to identify vulnerabilities. They're automatically identified through developers' business-as-usual processes."

"In our most critical applications, we have a deep dive in the code evaluation, which was something we usually did with periodic vulnerability assessments, code reviews, etc. Now, we have real time access to it. It's something that has greatly enhanced our code's quality. We have actually embedded a KPI in regards to the improvement of our code shell. For example, Contrast provides a baseline where libraries and the usability of the code are evaluated, and they produce a score. We always aim to improve that score. On a quarterly basis, we have added this to our KPIs."

"By far, the thing that was able to provide value was the immediate response while testing ahead of release, in real-time."

"When we access the application, it continuously monitors and detects vulnerabilities."

"No other tool does the runtime scanning like Contrast does. Other static analysis tools do static scanning, but Contrast is runtime analysis, when the routes are exercised. That's when the scan happens. This is a tool that has a very unique capability compared to other tools. That's what I like most about Contrast, that it's runtime."

More Contrast Security Assess pros

"Snyk is a developer-friendly product."

"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."

"The most valuable feature of Snyk is the software composition analysis."

"The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Check Point."

"The product's most valuable features are an open-source platform, remote functionality, and good pricing."

"Snyk is a good and scalable tool."

"The solution's vulnerability database, in terms of comprehensiveness and accuracy, is very high-level. As far as I know, it's the best among their competitors."

"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."

More Snyk pros

Cons

"Contrast's ability to support upgrades on the actual agents that get deployed is limited. Our environment is pretty much entirely Java. There are no updates associated with that. You have to actually download a new version of the .jar file and push that out to your servers where your app is hosted. That can be quite cumbersome from a change-management perspective."

"The setup of the solution is different for each application. That's the one thing that has been a challenge for us. The deployment itself is simple, but it's tough to automate because each application is different, so each installation process for Contrast is different."

"I would like to see them come up with more scanning rules."

"Regarding the solution's OSS feature, the one drawback that we do have is that it does not have client-side support. We'll be missing identification of libraries like jQuery or JavaScript, and such, that are client-side."

"The product's retesting part needs improvement. The tool also needs improvement in the suggestions provided for fixing vulnerabilities. It relies more on documentation rather than on quick fixes."

"To instrument an agent, it has to be running on a type of application technology that the agent recognizes and understands. It's excellent when it works. If we're using an application that is using an unsupported technology, then we can't instrument it at all. We do use PHP and Contrast presently doesn't support that, although it's on their roadmap. My primary hurdle is that it doesn't support all of the technologies that we use."

"Contrast Security Assess covers a wide range of applications like .NET Framework, Java, PSP, Node.js, etc. But there are some like Ubuntu and the .NET Core which are not covered. They have it in their roadmap to have these agents. If they have that, we will have complete coverage."

"The solution needs to improve flexibility...The scalability of the product is a problem in the solution, especially from a commercial perspective."

More Contrast Security Assess cons

"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."

"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."

"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."

"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."

"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."

"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."

"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."

"It would be great if they can include dynamic, interactive, and run-time scanning features. Checkmarx and Veracode provide dynamic, interactive, and run-time scanning, but Snyk doesn't do that. That's the reason there is more inclination towards Veracode, Checkmarx, or AppScan. These are a few tools available in the market that do all four types of scanning: static, dynamic, interactive, and run-time."

More Snyk cons

Pricing and Cost Advice

"I like the per-application licensing model... We just license the app and we look at different vulnerabilities on that app and we remediate within the app. It's simpler."

"It's a tiered licensing model. The more you buy, as you cross certain quantity thresholds, the pricing changes. If you have a smaller environment, your licensing costs are going to be different than a larger environment... The licensing is primarily per application. An application can be as many agents as you need. If you've got 10 development servers and 20 production servers and 50 QA servers, all of those agents can be reporting as a single application that utilizes one license."

"The product's pricing is low. I would rate it a two out of ten."

"The solution is expensive."

"For what it offers, it's a very reasonable cost. The way that it is priced is extremely straightforward. It works on the number of applications that you use, and you license a server. It is something that is extremely fair, because it doesn't take into consideration the number of requests, etc. It is only priced based on the number of onboarded applications. It suits our model as well, because we have huge traffic. Our number of applications is not that large, so the pricing works great for us."

"The good news is that the agent itself comes in two different forms: the unlicensed form and the licensed form. Unlicensed gives use of that software composition analysis for free. Thereafter, if you apply a license to that same agent, that's when the instrumentation takes hold. So one of my suggestions is to do what we're doing: Deploy the agent to as many applications as possible, with just the SCA feature turned on with no license applied, and then you can be more choosy and pick which teams will get the license applied."

"You only get one license for an application. Ours are very big, monolithic applications with millions of lines of code. We were able to apply one license to one monolithic application, which is great. We are happy with the licensing. Pricing-wise, they are industry-standard, which is fine."

"The pricing is reasonable."

"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."

"You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it."

"The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."

"Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."

"It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website."

"We are using the open-source version for the scans."

"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."

More Snyk pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

824,168 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

20%

Manufacturing Company

12%

Computer Software Company

11%

Government

Financial Services Firm

16%

Computer Software Company

15%

Manufacturing Company

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Contrast Security Assess?

When we access the application, it continuously monitors and detects vulnerabilities.

What is your experience regarding pricing and costs for Contrast Security Assess?

The product's pricing is low. I would rate it a two out of ten.

What needs improvement with Contrast Security Assess?

Technical support for the solution should be faster. We have to further analyze what kind of CVEs are in the reported libraries and what part of the code is affected. That analysis can be added to ...

How does Snyk compare with SonarQube?

Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...

What do you like most about Snyk?

The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.

What needs improvement with Snyk?

Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR. It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for...

Seeker vs Contrast Security Assess

Comparisons

Compared 19% of the time

Veracode vs Contrast Security Assess

Compared 15% of the time

OWASP Zap vs Contrast Security Assess

Compared 10% of the time

SonarQube Server (formerly SonarQube) vs Contrast Security Assess

Compared 10% of the time

Mend.io vs Contrast Security Assess

Compared 7% of the time

More Contrast Security Assess Competitors

GitHub Advanced Security vs Snyk

Compared 13% of the time

SonarQube Server (formerly SonarQube) vs Snyk

Compared 11% of the time

Black Duck vs Snyk

Compared 10% of the time

Wiz vs Snyk

Compared 7% of the time

Fortify Static Code Analyzer vs Snyk

Compared 6% of the time

More Snyk Competitors

Product Reports

Download Contrast Security Assess product report

Contrast Security Assess

December 2024

Download Snyk product report

November 2024

Also Known As

Contrast Assess

No data available

Learn More

Contrast Security

Overview

Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.

Benefits of Snyk

Some of the benefits of using Snyk include:

Conserves resources: Snyk easily integrates with other security solutions and uses their security features to ensure that the work that users are doing is completely secure. These integrations allow them to protect themselves without pulling resources from their continued integration or continued delivery workflows. Resources can be conserved for areas of the greatest need.

Highly flexible: Snyk enables users to customize the system’s security automation features to meet their needs. Users can guarantee that the automation performs the functions that are most essential for their current project. Additionally, users are able to maintain platform governance consistency across their system.

Keeps users ahead of emerging threats. Snyk employs a database of threats that help it detect and keep track of potential issues. This database is constantly being updated to reflect the changes that take place in the realm of cybersecurity. It also uses machine learning. Users are prepared to deal with new issues as they arise.

Automatically scans projects for threats. Snyk’s command-line interface enables users to schedule the solution to run automatic scans of their projects. Time and manpower can be conserved for the areas of greatest need without sacrificing security.

Reviews from Real Users

Snyk is a security platform for developers that stands out among its competitors for a number of reasons. Two major ones are its ability to integrate with other security solutions and important insights that it can enable users to discover. Snyk enables users to combine its already existing security features with those of other solutions to create far more robust and flexible layers of security than what it can supply on its own. It gives users the ability to dig into the security issues that they may experience. Users are given a clear view of the root causes of these problems. This equips them to address the problem and prevent similar issues in the future.

Cameron G., a security software engineer at a tech company, writes, “The most valuable features are their GitLab and JIRA integrations.The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using. Snyk is something of a bridge that we use; we get our projects into it and then get the information out of it. Those two integrations are crucial for us to be able to do that pretty simply.”

Sean M., the chief information security officer of a technology vendor, writes, "From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."

Sample Customers

Williams-Sonoma, Autodesk, HUAWEI, Chromeriver, RingCentral, Demandware.

StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief