Software Alternatives & Reviews

Snyk VS SonarQube

Compare Snyk VS SonarQube and see what are their differences


Snyk helps you use open source and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and much more.

SonarQube is code review and management software. The software is developed by SonarSource, which was founded in 2008 by Freddy Mallet, Simon Brandhof and Olivier Gaudin. Read more about SonarQube.
Snyk Landing Page
Snyk Landing Page
SonarQube Landing Page
SonarQube Landing Page

Snyk details

Categories
Security Open Source Security Monitoring Security CI
Website snyk.io  
Pricing URL Official Snyk Pricing  

SonarQube details

Categories
Code Analysis Code Review Code Coverage Code Quality Python IDE
Website sonarqube.org  
Pricing URL-

Snyk videos

Why Asurion Chose Snyk with Mark Geeslin and Simon Maple

More videos:

  • - Snyk Introduction and Review

SonarQube videos

What is SonarQube?

More videos:

  • - What is SonarQube? How to configure a maven project for Code Coverage | Tech Primers
  • - How to analyze code quality using SonarQube | Easy tutorial

Category Popularity

0-100% (relative to Snyk and SonarQube)
100
100%
0%
0
0
0%
100%
100
100
100%
0%
0
0
0%
100%
100

Reviews

These are some of the external sources and on-site user reviews we've used to compare Snyk and SonarQube

Snyk Reviews

We have no reviews of Snyk yet.
Be the first one to post

SonarQube Reviews

TOP 40 Static Code Analysis Tools (Best Source Code Analysis Tools)
It is possible to integrate it into Visual Studio, IntelliJ IDEA, and other widespread IDE. The results of the analysis can be imported into SonarQube.
Top 4 Open Source Security Testing Tools to Test Web Application
Though written in Java, it can analyze over twenty different programming languages. It can easily integrate with continuous integration tools like Jenkins server, etc. The results will be populated to the SonarQube server with ‘green’ and ‘red lights’.
11 Interesting Tools for Auditing and Managing Code Quality
SonarQube is the most popular code quality and security analysis tool in the market. With the support of the open-source community, Sonarqube presently can analyze and produce outputs for over 25 programming languages, which are higher than most tools in the market.
Source: geekflare.com

Social recommendations and mentions

Based on our record, Snyk seems to be more popular. It has been mentiond 27 times since March 2021. We are tracking product recommendations and mentions on Reddit, HackerNews and some other platforms. They can help you identify which product is more popular and what people think of it.

Snyk mentions (27)

  • Day 1: Project Scaffolding
    Add a Code Coverage CI step using Coveralls.io Add Dependency monitoring using Snyk. - Source: dev.to / 19 days ago
  • About to run relay, want to make sure image isnt compromised
    You can use a free account on https://snyk.io to scan a few hundred images per month. Clair is a another free option, but requires setup. - Source: Reddit / 22 days ago
  • CI with Snyk using GitHub Actions
    GitHub Actions can be used as a CI tool for building, testing and deploying our code. With the aid of Synk, it can also automate the process of checking vulnerabilities. - Source: dev.to / 26 days ago
  • Scaffolding Spring Boot, Freemarker and JDI - Building DDTJ, Day 2
    Finally, I added Snyk which seems to be essential with the current state of vulnerabilities. Since it’s free for open source projects we should probably try to get it on all our repos. Integration was trivial, which is great. Unfortunately currently the badge seems to be suffering from this issue. - Source: dev.to / 29 days ago
  • How can I update Debian packages so that "docker scan" reports zero security vulnerabilities?
    I'm setting up "docker scan" (using Snyk) to scan my Docker images for vulnerabilities. I was surprised to see that Snyk reports 38 security issues for the latest official Debian Docker image: docker scan debian. - Source: Reddit / about 1 month ago
View more

SonarQube mentions (0)

We have not tracked any mentions of SonarQube yet. Tracking of SonarQube recommendations started around Mar 2021.

What are some alternatives?

When comparing Snyk and SonarQube, you can also consider the following products

Qualys - Qualys helps your business automate the full spectrum of auditing, compliance and protection of your IT systems and web applications.

Codacy - Automatically reviews code style, security, duplication, complexity, and coverage on every change while tracking code quality throughout your sprints.

WhiteSource - Find & fix security and compliance issues in open source libraries in real-time.

Checkmarx - Read More ›

Dependabot - Automated dependency updates for your Ruby, Python, JavaScript, PHP, .NET, Go, Elixir, Rust, Java and Elm.

CodeClimate - Code Climate provides automated code review for your apps, letting you fix quality and security issues before they hit production. We check every commit, branch and pull request for changes in quality and potential vulnerabilities.

User reviews

Share your experience with using Snyk and SonarQube. For example, how are they different and which one is better?

Post a review