No more typing reviews! Try our Samantha, our new voice AI agent.

FOSSA vs Snyk comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

FOSSA
Ranking in Software Composition Analysis (SCA)
9th
Average Rating
8.6
Reviews Sentiment
7.9
Number of Reviews
15
Ranking in other categories
No ranking in other categories
Snyk
Ranking in Software Composition Analysis (SCA)
3rd
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
51
Ranking in other categories
Application Performance Monitoring (APM) and Observability (23rd), Application Security Tools (8th), Static Application Security Testing (SAST) (7th), GRC (4th), Cloud Management (14th), Vulnerability Management (20th), Container Security (7th), Software Development Analytics (2nd), Cloud Security Posture Management (CSPM) (18th), DevSecOps (3rd), Application Security Posture Management (ASPM) (2nd), AI Security (9th)
 

Mindshare comparison

As of April 2026, in the Software Composition Analysis (SCA) category, the mindshare of FOSSA is 2.8%, down from 3.3% compared to the previous year. The mindshare of Snyk is 10.6%, down from 15.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA) Mindshare Distribution
ProductMindshare (%)
Snyk10.6%
FOSSA2.8%
Other86.6%
Software Composition Analysis (SCA)
 

Featured Reviews

reviewer2588340 - PeerSpot reviewer
Senior Software Engineer at a manufacturing company with 10,001+ employees
Dependency management enhanced with update suggestions but lacks precise vulnerability tracking
FOSSA does not show the exact line of code with vulnerabilities, which adds time to the process as we have to locate these manually. Some other tools like Check Point or SonarQube provide exact line numbers for bugs. Also, the process in FOSSA can be quite contradicting and not very straightforward for new users.
Abhishek-Goyal - PeerSpot reviewer
Software Engineer at a computer software company with 11-50 employees
Improves security posture by actively reducing critical vulnerabilities and guiding remediation
Snyk's main features include open-source vulnerability scanning, code security, container security, infrastructure as code security, risk-based prioritization, development-first integration, continuous monitoring and alerting, automation, and remediation. The best features I appreciate are the vulnerability checking, vulnerability scanning, and code security capabilities, as Snyk scans all open-source dependencies for known vulnerabilities and helps with license compliance for open-source components. Snyk integrates into IDEs, allowing issues to be caught as they appear in the code dynamically and prioritizes risk while providing remediation advice. Snyk provides actionable remediation advice on where vulnerabilities can exist and where code security is compromised, automatically scanning everything and providing timely alerts. Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients. Snyk has helped reduce vulnerabilities significantly. Initially, the repository had 17 to 31 critical and high vulnerabilities, but Snyk has helped manage them down to just five vulnerabilities, which are now lower and not high or critical.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"What I really need from FOSSA, and it does a really good job of this, is to flag me when there are particular open source licenses that cause me or our legal department concern. It points out where a particular issue is, where it comes from, and the chain that brought it in, which is the most important part to me."
"FOSSA suggests solutions for dependency mismatches."
"FOSSA allows us to keep track of all dependencies to ensure they are up to date and not causing any vulnerabilities."
"Being able to know the licenses of the libraries is most valuable because we sell products, and we need to provide to the customers the licenses that we are using."
"One of the things that I really like about FOSSA is that it allows you to go very granular. For example, if there's a package that's been flagged because it's subject to a license that may be conflicts with or raises a concern with one of the policies that I've set, then FOSSA enables you to go really granular into that package to see which aspects of the package are subject to which licenses. We can ultimately determine with our engineering teams if we really need this part of the package or not. If it's raising this flag, we can make really actionable decisions at a very micro level to enable the build to keep pushing forward."
"FOSSA is at the heart of the license compliance part of our open-source management program."
"I am impressed with the tool’s seamless integration and quick results."
"The most valuable feature is its ability to identify all of the components in a build, and then surface the licenses that are associated with it, allowing us to make a decision as to whether or not we allow a team to use the components. That eliminates the risk that comes with running consumer software that contains open source components."
"We went from 15 vulnerabilities in it to four or five, and those four or five were un-upgradable and we were not affected by them."
"We feel more secure because we do have a way to measure the security and the risk factors of projects."
"We have hundreds of source code repositories, and Snyk scans them in minutes (it just looks at package management files to identify the dependency tree), Snyk uses the same infrastructure to scan for all customers on the cloud which gives it lots of scalability opportunities compared to some other vendors where the software is installed on-prem or on a dedicated instance which makes the software pricy and limited."
"The most valuable feature of Snyk is the software composition analysis."
"The most valuable feature of Snyk is the SBOM."
"Snyk's focus on security is a valuable feature. Also Snyk supports multiple programming languages, which has positively affected my security practices. I use only two or three languages, and when I change the language in a file, it detects it in the same suite. I find the AI-powered scanning overall beneficial.Using Snyk's AI-powered scanning, I can detect around ten or twenty errors in my project with about twenty thousand lines of code, so it helps improve my project by identifying a lot of potential vulnerabilities."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"The most prominent reason why everybody goes with Snyk as a starting point is because they have an open source offering, and as such, it is a developer-friendly solution that our developers really like, deliberately made to be developer-friendly from the start with lots of integrations that fit with other tools."
 

Cons

"I would like more customized categories because our company is so big. This is doable for them. They are still in the stages of trying to figure this out since we are one of their biggest companies that they support."
"Security scanning is an area for improvement. At this point, our experience is that we're only scanning for license information in components, and we're not scanning for security vulnerability information."
"One thing that can sometimes be difficult with FOSSA is understanding all that it can do."
"One thing that can sometimes be difficult with FOSSA is understanding all that it can do. One of the ways that I've been able to unlock some of those more advanced features is through conversations with the absolutely awesome customer success team at FOSSA, but it has been a little bit difficult to find some of that information separately on my own through FAQs and other information channels that FOSSA has. The improvement is less about the product itself and more about empowering FOSSA customers to know and understand how to unlock its full potential."
"I want the product to include binary scanning which is missing at the moment. Binary scanning includes code and component matching through dependency management. It also includes the actual scanning and reverse engineering of the boundaries and finding out what is inside."
"FOSSA does not show the exact line of code with vulnerabilities, which adds time to the process as we have to locate these manually."
"I wish there was a way that you could have a more global rollout of it, instead of having to do it in each repository individually. It's possible, that's something that is offered now, or maybe if you were using the CI Jenkins, you'd be able to do that. But with Travis, there wasn't an easy way to do that. At least not that I could find. That was probably the biggest issue."
"I wish there was a way that you could have a more global rollout of it, instead of having to do it in each repository individually."
"One area where Snyk could improve is in providing developers with the line where the error occurs."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, for example, even introduce full automation for dependencies supposed to have no impact on the business side of things."
"Could include other types of security scanning and statistical analysis"
"Scalability has some issues because we have a lot of code and its use is mandatory."
"Basically the licensing costs are a little bit expensive."
"I think they could improve the feature for automatic fixing of security breaches."
"It would be ideal if there was customization with a focus on specific cybersecurity areas or capabilities."
 

Pricing and Cost Advice

"The solution's cost is a five out of ten."
"Its price is reasonable as compared to the market. It is competitively priced in comparison to other similar solutions on the market. It is also quite affordable in terms of the value that it delivers as compared to its alternative of hiring a team."
"The solution's pricing is good and reasonable because you can literally use a lot of it for free."
"FOSSA is not cheap, but their offering is top-notch. It is very much a "you get what you pay for" scenario. Regardless of the price, I highly recommend FOSSA."
"FOSSA is a fairly priced product. It is not either cheaper or expensive. The pricing lies somewhere in the middle. The solution is worth the money that we are spending to use it."
"Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."
"Snyk is an expensive solution."
"The product's price is okay."
"It's good value. That's the primary thing. It's not cheap-cheap, but it's good value."
"Despite Snyk's coverage, scalability, reliability, and stability, it is available at a very competitive price."
"The pricing is reasonable."
"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."
"I would rate the pricing of Snyk at two. I'm currently using the free version, which the company offers before buying the full version. So, the price is affordable, especially for an enterprise."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
889,855 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
18%
Financial Services Firm
11%
Comms Service Provider
8%
Educational Organization
7%
Financial Services Firm
14%
Computer Software Company
10%
Manufacturing Company
9%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise1
Large Enterprise8
By reviewers
Company SizeCount
Small Business21
Midsize Enterprise9
Large Enterprise22
 

Questions from the Community

What is your experience regarding pricing and costs for FOSSA?
The solution's pricing is good and reasonable because you can literally use a lot of it for free. You have to pay for the features you need, which I think is fair. If you want to get value for free...
What needs improvement with FOSSA?
FOSSA does not show the exact line of code with vulnerabilities, which adds time to the process as we have to locate these manually. Some other tools like Check Point or SonarQube provide exact lin...
What is your primary use case for FOSSA?
I have worked with FOSSA primarily to manage the dependencies in our projects. For example, if I take a Spring Boot application, FOSSA helps in identifying mismatches or unsupported dependencies th...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What needs improvement with Snyk?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false positives would be beneficial. So far, I've not seen any AI features to enhance vuln...
What is your primary use case for Snyk?
I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the application. It integrates with Jenkins ( /products/jenkins-reviews ).
 

Comparisons

 

Also Known As

No data available
Fugue, Snyk AppRisk
 

Overview

 

Sample Customers

AppDyanmic, Uber, Twitter, Zendesk, Confluent
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about FOSSA vs. Snyk and other solutions. Updated: April 2026.
889,855 professionals have used our research since 2012.