No more typing reviews! Try our Samantha, our new voice AI agent.

FOSSA vs Snyk comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

FOSSA
Ranking in Software Composition Analysis (SCA)
11th
Average Rating
8.6
Reviews Sentiment
7.9
Number of Reviews
15
Ranking in other categories
No ranking in other categories
Snyk
Ranking in Software Composition Analysis (SCA)
2nd
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
51
Ranking in other categories
Application Performance Monitoring (APM) and Observability (21st), Application Security Tools (7th), Static Application Security Testing (SAST) (5th), GRC (6th), Cloud Management (14th), Vulnerability Management (21st), Container Security (7th), Software Development Analytics (2nd), Cloud Security Posture Management (CSPM) (17th), DevSecOps (3rd), Application Security Posture Management (ASPM) (2nd), AI Security (10th)
 

Mindshare comparison

As of July 2026, in the Software Composition Analysis (SCA) category, the mindshare of FOSSA is 2.4%, down from 3.2% compared to the previous year. The mindshare of Snyk is 11.1%, down from 14.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA) Mindshare Distribution
ProductMindshare (%)
Snyk11.1%
FOSSA2.4%
Other86.5%
Software Composition Analysis (SCA)
 

Featured Reviews

reviewer2588340 - PeerSpot reviewer
Senior Software Engineer at a manufacturing company with 10,001+ employees
Dependency management enhanced with update suggestions but lacks precise vulnerability tracking
FOSSA does not show the exact line of code with vulnerabilities, which adds time to the process as we have to locate these manually. Some other tools like Check Point or SonarQube provide exact line numbers for bugs. Also, the process in FOSSA can be quite contradicting and not very straightforward for new users.
Abhishek-Goyal - PeerSpot reviewer
Software Engineer at a computer software company with 11-50 employees
Improves security posture by actively reducing critical vulnerabilities and guiding remediation
Snyk's main features include open-source vulnerability scanning, code security, container security, infrastructure as code security, risk-based prioritization, development-first integration, continuous monitoring and alerting, automation, and remediation. The best features I appreciate are the vulnerability checking, vulnerability scanning, and code security capabilities, as Snyk scans all open-source dependencies for known vulnerabilities and helps with license compliance for open-source components. Snyk integrates into IDEs, allowing issues to be caught as they appear in the code dynamically and prioritizes risk while providing remediation advice. Snyk provides actionable remediation advice on where vulnerabilities can exist and where code security is compromised, automatically scanning everything and providing timely alerts. Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients. Snyk has helped reduce vulnerabilities significantly. Initially, the repository had 17 to 31 critical and high vulnerabilities, but Snyk has helped manage them down to just five vulnerabilities, which are now lower and not high or critical.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It improves productivity, saving a lot of time for our software developers."
"What I really need from FOSSA, and it does a really good job of this, is to flag me when there are particular open source licenses that cause me or our legal department concern. It points out where a particular issue is, where it comes from, and the chain that brought it in, which is the most important part to me."
"It reduced the duration and the effort required to identify open-source licensing issues."
"FOSSA is at the heart of the license compliance part of our open-source management program."
"The most valuable feature is its ability to identify all of the components in a build, and then surface the licenses that are associated with it, allowing us to make a decision as to whether or not we allow a team to use the components. That eliminates the risk that comes with running consumer software that contains open source components."
"FOSSA suggests solutions for dependency mismatches."
"The scalability is excellent."
"FOSSA provided us with contextualized, easily actionable intelligence that alerted us to compliance issues. I could tell FOSSA exactly what I cared about and they would tell me when something was out of policy. I don't want to hear from the compliance tool unless I have an issue that I need to deal with. That was what was great about FOSSA is that it was basically "Here's my policy and only send me an alert if there's something without a policy." I thought that it was really good at doing that."
"Snyk is a good and scalable tool."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"It is a really nice tool if you really want to do the dependency check and security scanning of your code, which falls under static code analysis."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful."
 

Cons

"One thing that can sometimes be difficult with FOSSA is understanding all that it can do."
"On the legal and policy sides, there is some room for improvement. I know that our legal team has raised complaints about having to approve the same dependency multiple times, as opposed to having them it across the entire organization."
"FOSSA does not show the exact line of code with vulnerabilities, which adds time to the process as we have to locate these manually."
"The technical support has room for improvement."
"I wish there was a way that you could have a more global rollout of it, instead of having to do it in each repository individually. It's possible, that's something that is offered now, or maybe if you were using the CI Jenkins, you'd be able to do that. But with Travis, there wasn't an easy way to do that. At least not that I could find. That was probably the biggest issue."
"I would like more customized categories because our company is so big."
"The reports don't really work that well for us. They do provide good information but they perform poorly with either the number of projects, or components, in the system."
"The solution provides contextualized, actionable, intelligence that alerts us to compliance issues, but there is still a little bit of work to be done on it. One of the issues that I have raised with FOSSA is that when it identifies an issue that is an error, why is it in error? What detail can they give to me? They've improved, but that still needs some work. They could provide more information that helps me to identify the dependencies and then figure out where they originated from."
"The product is very expensive."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"You need to go to the tool, export it as a CSV, and then find it, which is ridiculous."
"The general input I have is that there is an opportunity for them to better align with other similar tools and better align with similar capabilities that cloud suppliers deliver natively."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry."
"Although Snyk is strong, sometimes it flags vulnerabilities that are not reachable, not exploitable, and not relevant to a project."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
 

Pricing and Cost Advice

"FOSSA is a fairly priced product. It is not either cheaper or expensive. The pricing lies somewhere in the middle. The solution is worth the money that we are spending to use it."
"The solution's pricing is good and reasonable because you can literally use a lot of it for free."
"The solution's cost is a five out of ten."
"Its price is reasonable as compared to the market. It is competitively priced in comparison to other similar solutions on the market. It is also quite affordable in terms of the value that it delivers as compared to its alternative of hiring a team."
"FOSSA is not cheap, but their offering is top-notch. It is very much a "you get what you pay for" scenario. Regardless of the price, I highly recommend FOSSA."
"Presently, my company uses an open-source version of the solution. The solution's pricing can be considered quite reasonable owing to the features they offer."
"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."
"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."
"It is pretty expensive. It is not a cheap product."
"I would rate the pricing of Snyk at two. I'm currently using the free version, which the company offers before buying the full version. So, the price is affordable, especially for an enterprise."
"For what Snyk offers, it has the best cost-benefit I have ever seen because you're buying the license per user."
"Cost-wise, it's similar to Veracode, but I don't know the exact cost."
"The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
19%
Financial Services Firm
13%
Comms Service Provider
8%
Educational Organization
7%
Financial Services Firm
13%
Manufacturing Company
11%
Computer Software Company
9%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise1
Large Enterprise8
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise10
Large Enterprise23
 

Questions from the Community

What is your experience regarding pricing and costs for FOSSA?
The solution's pricing is good and reasonable because you can literally use a lot of it for free. You have to pay for the features you need, which I think is fair. If you want to get value for free...
What needs improvement with FOSSA?
FOSSA does not show the exact line of code with vulnerabilities, which adds time to the process as we have to locate these manually. Some other tools like Check Point or SonarQube provide exact lin...
What is your primary use case for FOSSA?
I have worked with FOSSA primarily to manage the dependencies in our projects. For example, if I take a Spring Boot application, FOSSA helps in identifying mismatches or unsupported dependencies th...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What needs improvement with Snyk?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false positives would be beneficial. So far, I've not seen any AI features to enhance vuln...
What is your primary use case for Snyk?
I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the application. It integrates with Jenkins ( /products/jenkins-reviews ).
 

Comparisons

 

Also Known As

No data available
Fugue, Snyk AppRisk
 

Overview

 

Sample Customers

AppDyanmic, Uber, Twitter, Zendesk, Confluent
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about FOSSA vs. Snyk and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.