No more typing reviews! Try our Samantha, our new voice AI agent.

FOSSA vs Snyk comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

FOSSA
Ranking in Software Composition Analysis (SCA)
11th
Average Rating
8.6
Reviews Sentiment
7.9
Number of Reviews
15
Ranking in other categories
No ranking in other categories
Snyk
Ranking in Software Composition Analysis (SCA)
2nd
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
51
Ranking in other categories
Application Performance Monitoring (APM) and Observability (21st), Application Security Tools (7th), Static Application Security Testing (SAST) (5th), GRC (6th), Cloud Management (14th), Vulnerability Management (21st), Container Security (7th), Software Development Analytics (2nd), Cloud Security Posture Management (CSPM) (17th), DevSecOps (3rd), Application Security Posture Management (ASPM) (2nd), AI Security (10th)
 

Mindshare comparison

As of July 2026, in the Software Composition Analysis (SCA) category, the mindshare of FOSSA is 2.4%, down from 3.2% compared to the previous year. The mindshare of Snyk is 11.1%, down from 14.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA) Mindshare Distribution
ProductMindshare (%)
Snyk11.1%
FOSSA2.4%
Other86.5%
Software Composition Analysis (SCA)
 

Featured Reviews

reviewer2588340 - PeerSpot reviewer
Senior Software Engineer at a manufacturing company with 10,001+ employees
Dependency management enhanced with update suggestions but lacks precise vulnerability tracking
FOSSA does not show the exact line of code with vulnerabilities, which adds time to the process as we have to locate these manually. Some other tools like Check Point or SonarQube provide exact line numbers for bugs. Also, the process in FOSSA can be quite contradicting and not very straightforward for new users.
Abhishek-Goyal - PeerSpot reviewer
Software Engineer at a computer software company with 11-50 employees
Improves security posture by actively reducing critical vulnerabilities and guiding remediation
Snyk's main features include open-source vulnerability scanning, code security, container security, infrastructure as code security, risk-based prioritization, development-first integration, continuous monitoring and alerting, automation, and remediation. The best features I appreciate are the vulnerability checking, vulnerability scanning, and code security capabilities, as Snyk scans all open-source dependencies for known vulnerabilities and helps with license compliance for open-source components. Snyk integrates into IDEs, allowing issues to be caught as they appear in the code dynamically and prioritizes risk while providing remediation advice. Snyk provides actionable remediation advice on where vulnerabilities can exist and where code security is compromised, automatically scanning everything and providing timely alerts. Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients. Snyk has helped reduce vulnerabilities significantly. Initially, the repository had 17 to 31 critical and high vulnerabilities, but Snyk has helped manage them down to just five vulnerabilities, which are now lower and not high or critical.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's easy to use, it's easy to maintain, and it saves you time on your open-source license compliance work."
"FOSSA is easy to use and set up, provides relatively accurate results, and doesn't require armies of people to get value from its use."
"I found FOSSA's out-of-the-box policy engine to be accurate and that it was tuned appropriately to the settings that we were looking for. The policy engine is pretty straightforward... I find it to be very straightforward to make small modifications to, but it's very rare that we have to make modifications to it. It's easy to use. It's a four-category system that handles most cases pretty well."
"FOSSA is not cheap, but their offering is top-notch."
"Having it as a resource to very quickly triage incredibly high volumes of open-source coming into the company through agile development programs was invaluable."
"The scalability is excellent."
"FOSSA allows us to keep track of all dependencies to ensure they are up to date and not causing any vulnerabilities."
"The support team has just been amazing, and it helps us to have a great support team from FOSSA. They are there to triage and answer all our questions which come up by using their product."
"It is easy for developers to use. The documentation is clear as well as the APIs are good and easily readable. It's a good solution overall."
"Snyk is a developer-friendly product."
"Our overall security has improved, we are running fewer severities and vulnerabilities in our packages, and we fixed a lot of the vulnerabilities that we didn't know were there."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"Snyk has given us really good results because it is fully automated. We don't have to scan projects every time to find vulnerabilities, as it already stores the dependencies that we are using. It monitors 24/7 to find out if there are any issues that have been reported out on the Internet."
"We have hundreds of source code repositories, and Snyk scans them in minutes (it just looks at package management files to identify the dependency tree), Snyk uses the same infrastructure to scan for all customers on the cloud which gives it lots of scalability opportunities compared to some other vendors where the software is installed on-prem or on a dedicated instance which makes the software pricy and limited."
"It helps us meet compliance requirements, by identifying and fixing vulnerabilities, and to have a robust vulnerability management program."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
 

Cons

"The technical support has room for improvement."
"One thing that can sometimes be difficult with FOSSA is understanding all that it can do."
"One thing that can sometimes be difficult with FOSSA is understanding all that it can do. One of the ways that I've been able to unlock some of those more advanced features is through conversations with the absolutely awesome customer success team at FOSSA, but it has been a little bit difficult to find some of that information separately on my own through FAQs and other information channels that FOSSA has. The improvement is less about the product itself and more about empowering FOSSA customers to know and understand how to unlock its full potential."
"I would like more customized categories because our company is so big."
"I would like the FOSSA API to be broader. I would like not to have to interact with the GUI at all, to do the work that I want to do. I would like them to do API-first development, rather than a focus on the GUI."
"I would like more customized categories because our company is so big. This is doable for them. They are still in the stages of trying to figure this out since we are one of their biggest companies that they support."
"If you have thousands of applications, organizing them all into teams or tags is challenging."
"I wish there was a way that you could have a more global rollout of it, instead of having to do it in each repository individually. It's possible, that's something that is offered now, or maybe if you were using the CI Jenkins, you'd be able to do that. But with Travis, there wasn't an easy way to do that. At least not that I could find. That was probably the biggest issue."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side."
"Technically, we have better vulnerabilities detection in Checkmarx and Veracode. Both of them are more precise about vulnerabilities detection."
"The general input I have is that there is an opportunity for them to better align with other similar tools and better align with similar capabilities that cloud suppliers deliver natively."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
"Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message."
"Although Snyk is strong, sometimes it flags vulnerabilities that are not reachable, not exploitable, and not relevant to a project."
"I think they could improve the feature for automatic fixing of security breaches."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
 

Pricing and Cost Advice

"The solution's pricing is good and reasonable because you can literally use a lot of it for free."
"FOSSA is not cheap, but their offering is top-notch. It is very much a "you get what you pay for" scenario. Regardless of the price, I highly recommend FOSSA."
"The solution's cost is a five out of ten."
"FOSSA is a fairly priced product. It is not either cheaper or expensive. The pricing lies somewhere in the middle. The solution is worth the money that we are spending to use it."
"Its price is reasonable as compared to the market. It is competitively priced in comparison to other similar solutions on the market. It is also quite affordable in terms of the value that it delivers as compared to its alternative of hiring a team."
"The price of the solution is expensive compared to other solutions."
"I didn't think the price was that great, but it wasn't that bad, either. I'd rate their pricing as average in the market."
"You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it."
"We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon"
"The price is good. Snyk had a good price compared to the competition, who had higher pricing than them. Also, their licensing and billing are clear."
"With Snyk, you get what you pay for. It is not a cheap solution, but you get a comprehensiveness and level of coverage that is very good. The dollars in the security budget only go so far. If I can maximize my value and be able to have some funds left over for other initiatives, I want to do that. That is what drives me to continue to say, "What's out there in the market? Snyk's expensive, but it's good. Is there something as good, but more affordable?" Ultimately, I find we could go cheaper, but we would lose the completeness of vision or scope. I am not willing to do that because Snyk does provide a pretty important benefit for us."
"The solution is less expensive than Black Duck."
"Compared to Veracode, Snyk is definitely a cheaper tool."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
904,054 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
19%
Financial Services Firm
13%
Comms Service Provider
9%
Educational Organization
7%
Financial Services Firm
14%
Manufacturing Company
11%
Computer Software Company
9%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise1
Large Enterprise8
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise10
Large Enterprise23
 

Questions from the Community

What is your experience regarding pricing and costs for FOSSA?
The solution's pricing is good and reasonable because you can literally use a lot of it for free. You have to pay for the features you need, which I think is fair. If you want to get value for free...
What needs improvement with FOSSA?
FOSSA does not show the exact line of code with vulnerabilities, which adds time to the process as we have to locate these manually. Some other tools like Check Point or SonarQube provide exact lin...
What is your primary use case for FOSSA?
I have worked with FOSSA primarily to manage the dependencies in our projects. For example, if I take a Spring Boot application, FOSSA helps in identifying mismatches or unsupported dependencies th...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What needs improvement with Snyk?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false positives would be beneficial. So far, I've not seen any AI features to enhance vuln...
What is your primary use case for Snyk?
I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the application. It integrates with Jenkins ( /products/jenkins-reviews ).
 

Comparisons

 

Also Known As

No data available
Fugue, Snyk AppRisk
 

Overview

 

Sample Customers

AppDyanmic, Uber, Twitter, Zendesk, Confluent
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about FOSSA vs. Snyk and other solutions. Updated: June 2026.
904,054 professionals have used our research since 2012.