6

I need to do a comparison between the features and functionality of Snyk and Sonarcloud/Sonarqube and the only thing I can find is a speed comparison:

https://snyk.io/blog/sast-tools-speed-comparison-snyk-code-sonarqube-lgtm/

....does anyone know if there are any comparison of features and functionality between two? If so, please can you let me know where to look?

thanks very much in advance for any help with this.

mark11
  • 63
  • 3
  • I found this https://www.peerspot.com/products/comparisons/snyk_vs_sonarqube – Joand Feb 02 '22 at 16:39
  • Did you found a SOLID answer for this question dear questioner? – Kasir Barati Dec 27 '22 at 11:03
  • What are you looking for, only SAST? Snyk is much more than just SAST, it does SCA, Container Image Scanning, IaC scans and more. I don't think there is any detailed list out there that lists any single feature compared in a table. [Disclaimer: I'm a Solutions Engineer at Snyk] – Mathias Conradt Apr 07 '23 at 11:36

1 Answers1

5

We have made comparisons and benchmarks at Snyk. The short answer is simple:

  • Sonarqube is focused on Code Quality and is fairly good at that. But the security scan is an add on and very limited (in language supported, in rule coverage, amount of false positive) and rarely considered as a SAST tool
  • Snyk does not support quality (just some rules in IDE) but heavily focused on security. With fast scans, accuracy, depth in the number of CVEs covered for SAST and wide language coverage. Plus, Snyk has a strong SCA support. Hope that helps.

I personally ran a comparison on this repo: https://github.com/OWASP-Benchmark/BenchmarkJava and the results are clear. Hope that helps.

Mathias Conradt
  • 28,420
  • 21
  • 138
  • 192
Jonathan Gruber
  • 408
  • 1
  • 16