sonarqube or snyk #109437
-
Select Topic AreaQuestion BodyDo you guys prefer Snyk or Sonarqube and why? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
I found this: We have made comparisons and benchmarks at Snyk. The short answer is simple: Sonarqube is focused on Code Quality and is fairly good at that. But the security scan is an add on and very limited (in language supported, in rule coverage, amount of false positive) and rarely considered as a SAST tool |
Beta Was this translation helpful? Give feedback.
I found this:
We have made comparisons and benchmarks at Snyk. The short answer is simple:
Sonarqube is focused on Code Quality and is fairly good at that. But the security scan is an add on and very limited (in language supported, in rule coverage, amount of false positive) and rarely considered as a SAST tool
Snyk does not support quality (just some rules in IDE) but heavily focused on security. With fast scans, accuracy, depth in the number of CVEs covered for SAST and wide language coverage. Plus, Snyk has a strong SCA support. Hope that helps.
I personally ran a comparison on this repo: https://github.com/OWASP-Benchmark/BenchmarkJava and the results are clear. Hope that helps.