Compare Black Duck and Snyk 
- Users report that Black Duck Software Composition Analysis excels in its Automated Scans feature, scoring a high 9.1, which allows for efficient and thorough scanning of open-source components. In contrast, Snyk also offers strong automated scanning capabilities but falls slightly behind with a score of 8.0.
- Reviewers mention that Snyk shines in Ease of Setup, achieving a score of 9.0, making it particularly user-friendly for teams looking to implement security measures quickly. Black Duck, while still respectable at 8.3, does not match this level of ease.
- G2 users highlight that Black Duck's Risk Scoring feature, with a score of 8.4, provides detailed insights into vulnerabilities, which is crucial for enterprise-level users. Snyk, while effective, has a lower score of 7.8 in this area, indicating it may not offer the same depth of analysis.
- Users on G2 report that Snyk's Quality of Support is notably better, with a score of 8.6 compared to Black Duck's 7.5. This difference suggests that Snyk may provide more responsive and helpful customer service, which is vital for users needing assistance.
- Reviewers mention that Black Duck's Static Code Analysis feature is highly regarded, scoring 8.5, which helps in identifying vulnerabilities in code before deployment. Snyk also performs well in this area but scores slightly lower at 8.0, indicating a potential gap in effectiveness.
- Users say that Snyk's Continuous Monitoring feature, with a score of 8.3, is a strong point, allowing for ongoing assessment of security risks. Black Duck, while effective, scores 8.0, suggesting that Snyk may offer a more robust solution for ongoing security management.
- 200 Open Source tests per month
- 100 Container tests per month
- 300 IaC tests per month
It gives you the information about security issues and licence constraints of known 3rd party libraries your project is using. Usually you don't have control or knowledge over all 3rd party libraries used in your project it is crucial to know whether...
Still too many incorrect identifications. There is no support for a workflow to manage mitigations of vulnerabilities in a particular component in one version of a project, then apply those comments and actions to future versions, or to the same component...
-Easy integration available for GIthub -Vulenrabilities false positive rate is slightly better than other tools -Can be easily integrated within CI/Cd pipline. -Automatic code scanning and report generation available -Works with almost all...
Customer support is slow to respond, usually not helpful and ended up escalating to a developer, that's when we lost all contact and did not get a solution to a clear bug that prevents us from using the product. Another really important note around SBOM,...
It gives you the information about security issues and licence constraints of known 3rd party libraries your project is using. Usually you don't have control or knowledge over all 3rd party libraries used in your project it is crucial to know whether...
-Easy integration available for GIthub -Vulenrabilities false positive rate is slightly better than other tools -Can be easily integrated within CI/Cd pipline. -Automatic code scanning and report generation available -Works with almost all...
Still too many incorrect identifications. There is no support for a workflow to manage mitigations of vulnerabilities in a particular component in one version of a project, then apply those comments and actions to future versions, or to the same component...
Customer support is slow to respond, usually not helpful and ended up escalating to a developer, that's when we lost all contact and did not get a solution to a clear bug that prevents us from using the product. Another really important note around SBOM,...
