Try our new research platform with insights from 80,000+ expert users

Invicti vs Snyk comparison

The compared Invicti and Snyk solutions aren't in the same category. Invicti is ranked #3 in DAST , with an average rating of 8.9, and holds a 12.6% mindshare in the category. Snyk is ranked #4 in AS , with an average rating of 7.9, and holds a 8.0% mindshare. Additionally, 96% of Invicti users are willing to recommend the solution, compared to 100% of Snyk users who would recommend it.
Invicti
Read 28 Invicti reviews
  • 518 Views
  • 276 Comparison Views
96% willing to recommend
Snyk
Read 44 Snyk reviews
  • 13,182 Views
  • 9,697 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jan 12, 2025

Invicti and Snyk compete in security solutions, each offering unique strengths. Invicti has the upper hand in support and affordability, while Snyk's advanced features outshine despite higher costs.

Features: Invicti offers comprehensive vulnerability assessment and detection capabilities, notable for its robust scanning engine. Its proof-based scanning reduces false positives, and it integrates seamlessly with various security tools. Snyk excels with developer-friendly open-source vulnerability scanning, seamless integration with IDEs, and a comprehensive vulnerability database that caters to modern development practices.

Room for Improvement: Invicti can enhance its integration flexibility and improve UI intuitiveness for better user interface experience, as well as expand its cloud capabilities. Snyk could expand its library and improve cost efficiency for wider accessibility. Additionally, enhancing offline capabilities and refining customer support could significantly improve user satisfaction.

Ease of Deployment and Customer Service: Invicti provides a flexible deployment model with excellent customer support for seamless integration. Snyk's cloud-based deployment enhances speed and accessibility, highly suitable for agile environments but may require improvement in detailed support services.

Pricing and ROI: Invicti offers competitive pricing and favorable ROI, appealing to cost-sensitive organizations valuing support and functionality. Snyk's higher costs are mitigated by advanced features and integrations, often yielding greater long-term ROI for those prioritizing cutting-edge security features despite an initial higher investment.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Invicti vs. Snyk Report (Updated: October 2024).
Buyer's Guide
Invicti vs. Snyk
October 2024
Download the complete report
Helped 832,138 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Invicti
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
28
Ranking in other categories
Static Application Security Testing (SAST) (14th), API Security (5th), Dynamic Application Security Testing (DAST) (3rd)
Snyk
Average Rating
8.2
Reviews Sentiment
7.4
Number of Reviews
44
Ranking in other categories
Application Security Tools (4th), Container Security (7th), Software Composition Analysis (SCA) (3rd), Software Development Analytics (2nd), DevSecOps (1st)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Invicti is designed for Dynamic Application Security Testing (DAST) and holds a mindshare of 12.6%, down 13.6% compared to last year.
Snyk, on the other hand, focuses on Application Security Tools, holds 8.0% mindshare, down 8.2% since last year.
Dynamic Application Security Testing (DAST)
Application Security Tools
 

Featured Reviews

JanetMuhia - PeerSpot reviewer
Streamlined our security efforts by allowing us to integrate with tools like Jira
From my experience, Invicti is an exceptionally stable solution for web application security. Here's what stands out: * Consistent Performance: Over the three years we’ve used it, the solution has demonstrated reliable and consistent performance, even during large-scale scanning operations. * Minimal Downtime: I have not encountered significant downtime or disruptions while using Invicti, which is critical for security tools that organizations rely on continuously. * Robust Architecture: Its ability to handle complex scanning tasks without crashes or lag reflects its well-engineered platform. * Regular Updates: Invicti frequently releases updates and patches, which enhance functionality and address any stability concerns proactively. Rating : I would confidently rate Invicti’s stability at 9.5 out of 10. It ensures uninterrupted operations and supports high-performance demands, which are essential for enterprise environments.
Read full review
meetharoon - PeerSpot reviewer
Affordable tool boosts code scanning efficiency but faces integration hurdles
The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Check Point. It is easy to consolidate Snyk across multiple entities within a large organization. Additionally, our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"One of the features I like about this program is the low number of false positives and the support it offers."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"High level of accuracy and quick scanning."
"Invicti is a good product, and its API testing is also good."
More Invicti pros
"It is easy for developers to use. The documentation is clear as well as the APIs are good and easily readable. It's a good solution overall."
"Snyk categorizes the level of vulnerability into high, medium, and low, which helps organizations prioritize which issues to tackle first."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
More Snyk pros
 

Cons

"Invicti takes too long with big applications, and there are issues with the login portal."
"The scannings are not sufficiently updated."
"Maybe the ability to make a good reporting format is needed."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"The scanning time, complexity, and authentication features of Invicti could be improved."
More Invicti cons
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"Basically the licensing costs are a little bit expensive."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
More Snyk cons
 

Pricing and Cost Advice

"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"We never had any issues with the licensing; the price was within our assigned limits."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"It is competitive in the security market."
"OWASP Zap is free and it has live updates, so that's a big plus."
"The price should be 20% lower"
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
More Invicti pricing and cost advice
"Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."
"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."
"Snyk is an expensive solution."
"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."
"We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon"
"The price of the solution is expensive compared to other solutions."
"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing a three. It is a cheap solution."
"It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website."
More Snyk pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
See recommendations
832,138 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
56%
Financial Services Firm
8%
Computer Software Company
6%
Manufacturing Company
5%
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.
See all answers
What do you like most about Invicti?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
See all answers
What needs improvement with Invicti?
Currently, there is nothing I would like to improve.
See all answers
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
See all answers
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.
See all answers
What needs improvement with Snyk?
Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR. It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for...
See all answers
 

Comparisons

Acunetix vs Invicti Logo
Acunetix vs Invicti
Compared 17% of the time
OWASP Zap vs Invicti Logo
OWASP Zap vs Invicti
Compared 15% of the time
Qualys Web Application Scanning vs Invicti Logo
Qualys Web Application Scanning vs Invicti
Compared 7% of the time
SonarQube Server (formerly SonarQube) vs Invicti Logo
SonarQube Server (formerly SonarQube) vs Invicti
Compared 6% of the time
PortSwigger Burp Suite Professional vs Invicti Logo
PortSwigger Burp Suite Professional vs Invicti
Compared 6% of the time
More Invicti Competitors
GitHub Advanced Security vs Snyk Logo
GitHub Advanced Security vs Snyk
Compared 13% of the time
SonarQube Server (formerly SonarQube) vs Snyk Logo
SonarQube Server (formerly SonarQube) vs Snyk
Compared 11% of the time
Black Duck vs Snyk Logo
Black Duck vs Snyk
Compared 9% of the time
Wiz vs Snyk Logo
Wiz vs Snyk
Compared 7% of the time
Trivy vs Snyk Logo
Trivy vs Snyk
Compared 5% of the time
More Snyk Competitors
 

Product Reports

Buyer's Guide
Invicti
January 2025
Invicti reportDownload Invicti product report
Buyer's Guide
Snyk
January 2025
Snyk reportDownload Snyk product report
 

Also Known As

Netsparker
No data available
 

Overview

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Invicti

Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.

Benefits of Snyk

Some of the benefits of using Snyk include:

  • Conserves resources: Snyk easily integrates with other security solutions and uses their security features to ensure that the work that users are doing is completely secure. These integrations allow them to protect themselves without pulling resources from their continued integration or continued delivery workflows. Resources can be conserved for areas of the greatest need.
  • Highly flexible: Snyk enables users to customize the system’s security automation features to meet their needs. Users can guarantee that the automation performs the functions that are most essential for their current project. Additionally, users are able to maintain platform governance consistency across their system.
  • Keeps users ahead of emerging threats. Snyk employs a database of threats that help it detect and keep track of potential issues. This database is constantly being updated to reflect the changes that take place in the realm of cybersecurity. It also uses machine learning. Users are prepared to deal with new issues as they arise.
  • Automatically scans projects for threats. Snyk’s command-line interface enables users to schedule the solution to run automatic scans of their projects. Time and manpower can be conserved for the areas of greatest need without sacrificing security.

Reviews from Real Users

Snyk is a security platform for developers that stands out among its competitors for a number of reasons. Two major ones are its ability to integrate with other security solutions and important insights that it can enable users to discover. Snyk enables users to combine its already existing security features with those of other solutions to create far more robust and flexible layers of security than what it can supply on its own. It gives users the ability to dig into the security issues that they may experience. Users are given a clear view of the root causes of these problems. This equips them to address the problem and prevent similar issues in the future.

Cameron G., a security software engineer at a tech company, writes, “The most valuable features are their GitLab and JIRA integrations.The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using. Snyk is something of a bridge that we use; we get our projects into it and then get the information out of it. Those two integrations are crucial for us to be able to do that pretty simply.”

Sean M., the chief information security officer of a technology vendor, writes, "From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."

Snyk
 

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Buyer's Guide
Invicti vs. Snyk
October 2024
Free Report: Invicti vs. Snyk
Find out what your peers are saying about Invicti vs. Snyk and other solutions. Updated: October 2024.
DOWNLOAD NOW
832,138 professionals have used our research since 2012.
See our Invicti vs. Snyk report.

We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.