When comparing SonarQube vs Snyk, the Slant community recommends SonarQube for most people. In the question“What are the best DevOps security tools?” SonarQube is ranked 1st while Snyk is ranked 4th. The most important reason people chose SonarQube is:
Quick installation/configuration and code review. This follows rules that support industry standards.(across of installation of plugins). Quality model (Bugs track code, Vulnerabilities, Code Smells all are raised on code in a simple user interface)
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro Continuous code quality as a service
Quick installation/configuration and code review. This follows rules that support industry standards.(across of installation of plugins). Quality model (Bugs track code, Vulnerabilities, Code Smells all are raised on code in a simple user interface)
Pro Integrations
Snyk can connect directly to GitHub, GitLab, Heroku, AWS Lambda, Bitbucket Server etc. It is also possible to use the CLI.
Pro TeamCity plugin
TeamCity plugin available.
Pro Multi language support
Snyk supports .NET, GO, Java. Node.js, PHP, Python, Ruby, Scala.
Cons
Con Enterprise deployment
The Enterprise Deployment version has commercial value.
Con Shallow .NET support
Only seems to check the NuGet packages and not much else.
Con ASP.NET Core is "High risk"
The TeamCity plugin fails the build for all ASP.NET Core applications stating that it is vulnerable to DOS attacks and that "there is no fix available".