No more typing reviews! Try our Samantha, our new voice AI agent.

Invicti vs Snyk comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex Cloud by Palo Alto N...
Sponsored
Ranking in Application Security Posture Management (ASPM)
7th
Average Rating
8.6
Reviews Sentiment
5.7
Number of Reviews
11
Ranking in other categories
Vulnerability Management (30th), Cloud Workload Protection Platforms (CWPP) (13th), Cloud Security Posture Management (CSPM) (16th), Cloud-Native Application Protection Platforms (CNAPP) (12th), Data Security Posture Management (DSPM) (11th), Software Supply Chain Security (8th), Cloud Infrastructure Entitlement Management (CIEM) (7th), Cloud Detection and Response (CDR) (5th)
Invicti
Ranking in Application Security Posture Management (ASPM)
8th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Static Application Security Testing (SAST) (12th), Container Security (26th), Software Composition Analysis (SCA) (10th), API Security (10th), Dynamic Application Security Testing (DAST) (4th)
Snyk
Ranking in Application Security Posture Management (ASPM)
2nd
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
51
Ranking in other categories
Application Performance Monitoring (APM) and Observability (21st), Application Security Tools (7th), Static Application Security Testing (SAST) (5th), GRC (6th), Cloud Management (14th), Vulnerability Management (21st), Container Security (7th), Software Composition Analysis (SCA) (2nd), Software Development Analytics (2nd), Cloud Security Posture Management (CSPM) (17th), DevSecOps (3rd), AI Security (10th)
 

Mindshare comparison

As of July 2026, in the Application Security Posture Management (ASPM) category, the mindshare of Cortex Cloud by Palo Alto Networks is 2.3%, up from 0.3% compared to the previous year. The mindshare of Invicti is 4.1%, up from 2.7% compared to the previous year. The mindshare of Snyk is 15.8%, down from 20.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Posture Management (ASPM) Mindshare Distribution
ProductMindshare (%)
Snyk15.8%
Cortex Cloud by Palo Alto Networks2.3%
Invicti4.1%
Other77.8%
Application Security Posture Management (ASPM)
 

Featured Reviews

SJ
Technical Solutions Architect at IBM
Cloud security has improved as AI-driven runtime protection detects threats and reduces incidents
In my opinion, Cortex Cloud by Palo Alto Networks could be improved or enhanced in various ways. I don't have an idea about that yet because for that you actually need to use two or three different other tools to make a basic comparison. If you ask me how good the tool is, I would fairly rate it quite high. The tool is very popular, and customers can already see that it is one of the cloud leaders in the security space. The platform had a very good feature which provides documentation links about how to use a specific feature on the UI. It takes you to the proper documentation page where it suggests what to do and tells you about the steps that need to be done for a resource deployment. My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella. It has XDR, XSOAR, and Cortex Cloud by Palo Alto Networks. Before, we used to have separate modules and separate environments for each of these capabilities or features. Right now, it is a little complex and users would take their own time to know the tool better. This is something that would have been way better, but I would say there would be different opinions on this. Talking about user-friendliness, it has decreased now.
Valavan Sivgalingam - PeerSpot reviewer
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.
Abhishek-Goyal - PeerSpot reviewer
Software Engineer at a computer software company with 11-50 employees
Improves security posture by actively reducing critical vulnerabilities and guiding remediation
Snyk's main features include open-source vulnerability scanning, code security, container security, infrastructure as code security, risk-based prioritization, development-first integration, continuous monitoring and alerting, automation, and remediation. The best features I appreciate are the vulnerability checking, vulnerability scanning, and code security capabilities, as Snyk scans all open-source dependencies for known vulnerabilities and helps with license compliance for open-source components. Snyk integrates into IDEs, allowing issues to be caught as they appear in the code dynamically and prioritizes risk while providing remediation advice. Snyk provides actionable remediation advice on where vulnerabilities can exist and where code security is compromised, automatically scanning everything and providing timely alerts. Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients. Snyk has helped reduce vulnerabilities significantly. Initially, the repository had 17 to 31 critical and high vulnerabilities, but Snyk has helped manage them down to just five vulnerabilities, which are now lower and not high or critical.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I have absolutely seen improvements in our incident close rates, with mean time to detect and respond reduced significantly, sometimes by at least forty to fifty percent."
"The most valuable features I have found in Cortex Cloud by Palo Alto Networks are those that we provided to customers in a stock environment, as we have done some POCs and tried to check how it can help different organizations, and this same solution has been positioned for multiple customers."
"The AI and automation features in detecting and responding to high-risk threats are impressive; it's one of the best tools regarding AI technology and unifies security in one platform in real-time, improving vulnerability analysis, incident response, and compliance reporting."
"The capabilities of Cortex Cloud by Palo Alto Networks are valuable because it is the best product in the market."
"The most beneficial aspect of Cortex Cloud by Palo Alto Networks and Palo Alto in general is that there is a single platform for all cloud providers for securitization."
"Cortex Cloud by Palo Alto Networks has impacted our organization positively by keeping our machines secure and our team using the dashboard to find issues quickly."
"Cortex Cloud by Palo Alto Networks' cloud runtime security in terms of stopping attacks in real time is impressive."
"I have seen several benefits from using Cortex Cloud by Palo Alto Networks: It was easy to use and easy to migrate from the IBM platform."
"The scanner is light on the network and does not impact the network when scans are running."
"I like that it's stable and technical support is great."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"I would tell potential users that it's really one of the best products in the market for web application security or Dynamic Application Security Testing (DAST)."
"Netsparker has valuable features, including the ability to scan our website, an interactive approach, and security data integration."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"The solution generates reports automatically and quickly and it's a very user-friendly product."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"Our customers find container scans most valuable. They are always talking about it."
"From this perspective, Snyk looks like the most promising solution."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"Based on all our products, including Snyk, we have seen a 50 percent reduction in the amount of time it takes to fix problems."
"Snyk provides a lot of information on vulnerabilities, the packages being used, and their dependencies, giving good insight into the security of those packages."
"There are many valuable features, for example the way the scanning feature works and the integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID and there I can do the scanning, that is the part I like best."
"Snyk has allowed our developers to spend less time securing applications, increasing their productivity."
 

Cons

"Cortex Cloud by Palo Alto Networks is creating some confusion in terms of names because this is recent."
"Overall, I rate Cortex Cloud by Palo Alto Networks as an eight out of ten. I think that it could improve on price, as I know that the Google solution has the best price, and this is one of the conditions."
"From the commercial perspective, we have some limitations because Palo Alto has a minimum number of users of endpoints set at 200, which is quite high for the Italian market."
"As per my experience with Cortex Cloud by Palo Alto Networks, the UI could be simpler."
"My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella."
"In my opinion, Cortex Cloud by Palo Alto Networks can be improved by addressing forensic information collection and storage, although I cannot suggest specific things right now, based on what customers might need."
"Some aspects of the GUI can be confusing and make it difficult for me to find certain options or navigate where needed."
"The negative aspects or areas for improvement in the product include the fact that the cost might be a bit high, which challenges commercials, but not technically."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"Perhaps the custom attack preparation screen might be improved."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"Speed: It spends about one hour on scanning; I would like it to be less than 30 minutes."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"Right now, they are missing the static application security part, especially web application security."
"They need to improve their support in the documentation. Their support mechanism is missing. Their responsiveness, technical staff, and these types of things need to be improved, and comprehensive documentation is required. They should have good self-service portal enhancement"
"The support's response time could be faster since we are in different time zones."
"Technically, we have better vulnerabilities detection in Checkmarx and Veracode. Both of them are more precise about vulnerabilities detection."
"Then there's the issue of their support. It's not very good, to be honest, and it hasn't been the best experience to deal with them."
"Snyk can be improved on the reporting aspect regarding the traceability of SCA."
"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."
"The tool needs improvement in license compliance. I would like to see the integration of better policy management in the product's future release. When it comes to the organization that I work for, there are a lot of business units since we are a group of companies. Each of these companies has its specific requirements and its own appetite for risk. This should be able to reflect in flexible policies. We need to be able to configure policies that can be adjusted later or overridden by the business unit that is using the product."
"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
 

Pricing and Cost Advice

Information not available
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"OWASP Zap is free and it has live updates, so that's a big plus."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"It is competitive in the security market."
"We never had any issues with the licensing; the price was within our assigned limits."
"You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it."
"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."
"Despite Snyk's coverage, scalability, reliability, and stability, it is available at a very competitive price."
"The pricing is reasonable."
"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."
"With Snyk, you get what you pay for. It is not a cheap solution, but you get a comprehensiveness and level of coverage that is very good. The dollars in the security budget only go so far. If I can maximize my value and be able to have some funds left over for other initiatives, I want to do that. That is what drives me to continue to say, "What's out there in the market? Snyk's expensive, but it's good. Is there something as good, but more affordable?" Ultimately, I find we could go cheaper, but we would lose the completeness of vision or scope. I am not willing to do that because Snyk does provide a pretty important benefit for us."
"It is pretty expensive. It is not a cheap product."
"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing a three. It is a cheap solution."
report
Use our free recommendation engine to learn which Application Security Posture Management (ASPM) solutions are best for your needs.
904,016 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Construction Company
11%
Financial Services Firm
8%
Outsourcing Company
7%
Financial Services Firm
16%
Manufacturing Company
9%
Construction Company
7%
Computer Software Company
6%
Financial Services Firm
14%
Manufacturing Company
11%
Computer Software Company
9%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise1
Large Enterprise4
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise10
Large Enterprise23
 

Questions from the Community

What is your experience regarding pricing and costs for Cortex Cloud by Palo Alto Networks?
I am not fully aware of the pricing and licensing of Cortex Cloud by Palo Alto Networks. The pricing is also based on...
What needs improvement with Cortex Cloud by Palo Alto Networks?
In my opinion, Cortex Cloud by Palo Alto Networks could be improved or enhanced in various ways. I don't have an idea...
What is your primary use case for Cortex Cloud by Palo Alto Networks?
The usual use cases for Cortex Cloud by Palo Alto Networks that I have been working with mostly are as simple as dete...
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150...
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-t...
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with r...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to...
What needs improvement with Snyk?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false posi...
What is your primary use case for Snyk?
I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the applica...
 

Also Known As

No data available
Netsparker
Fugue, Snyk AppRisk
 

Overview

 

Sample Customers

Information Not Available
Samsung, The Walt Disney Company, T-Systems, ING Bank
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about Invicti vs. Snyk and other solutions. Updated: June 2026.
904,016 professionals have used our research since 2012.