Snyk vs Software Risk Manager ASPM comparison

Snyk and Black Duck are both solutions in the Application Security Posture Management (ASPM) category. Snyk is ranked #2 with an average rating of 7.9, while Black Duck is ranked #14. Additionally, 100% of Snyk users are willing to recommend the solution.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 11, 2026

Snyk and Software Risk Manager ASPM are competing in the application security space. Users find Snyk's features more satisfying, but Software Risk Manager ASPM offers comprehensive security analysis, preferred for in-depth risk assessment.

Features: Snyk stands out with efficient vulnerability scanning, seamless CI/CD integration, and intuitive navigation. Software Risk Manager ASPM focuses on extensive threat intelligence, robust risk management, and detailed risk insights.

Ease of Deployment and Customer Service: Snyk offers straightforward deployment and robust customer support with clear guidance. Software Risk Manager ASPM, despite having a complex setup, provides strategic support and consultancy for high-level analysis integration.

Pricing and ROI: Snyk is seen as cost-effective with a quick return on investment, appealing to budget-conscious users. Software Risk Manager ASPM has higher upfront costs but is valued for long-term investment with extensive coverage and insights.

To learn more, read our detailed Application Security Posture Management (ASPM) Report (Updated: February 2026).

Buyer's Guide

Application Security Posture Management (ASPM)

February 2026

Download the complete report

Helped 881,733 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex Cloud by Palo Alto N...

Featured Reviews

reviewer1980216

Business Development Manager For Palo Alto Networks at a tech services company with 1,001-5,000 employees

Unified security platform has simplified multi-cloud protection and improved threat response

From the commercial perspective, we have some limitations because Palo Alto has a minimum number of users of endpoints set at 200, which is quite high for the Italian market. Additionally, there is not a clear MSP model compared to other vendors such as CrowdStrike. These are significant limitations, especially today when managed services are becoming increasingly important for end users. Palo Alto decided to limit some functionalities because they want to stress more on Cortex XSIAM. I do not agree with this strategy because Cortex XSIAM is a completely different market compared to Cortex XDR. This is the main issue of Cortex—the commercial model Palo Alto is implementing. The product is very good; the problem is the commercial model. There are probably some areas for improvement because Palo Alto is growing too much. Today the challenge is to have skilled people, which I believe is the same issue everywhere. I do not agree with this decision.

Read full review

Abhishek-Goyal

Software Engineer at a computer software company with 11-50 employees

Improves security posture by actively reducing critical vulnerabilities and guiding remediation

Snyk's main features include open-source vulnerability scanning, code security, container security, infrastructure as code security, risk-based prioritization, development-first integration, continuous monitoring and alerting, automation, and remediation. The best features I appreciate are the vulnerability checking, vulnerability scanning, and code security capabilities, as Snyk scans all open-source dependencies for known vulnerabilities and helps with license compliance for open-source components. Snyk integrates into IDEs, allowing issues to be caught as they appear in the code dynamically and prioritizes risk while providing remediation advice. Snyk provides actionable remediation advice on where vulnerabilities can exist and where code security is compromised, automatically scanning everything and providing timely alerts. Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients. Snyk has helped reduce vulnerabilities significantly. Initially, the repository had 17 to 31 critical and high vulnerabilities, but Snyk has helped manage them down to just five vulnerabilities, which are now lower and not high or critical.

Read full review

Saravanan_Radhakrishnan

Senior Manager at Happiest Minds Technologies

Facilitates continuous assessment of applications, covering both static and dynamic security aspects

Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Cortex Cloud by Palo Alto Networks has impacted our organization positively by keeping our machines secure and our team using the dashboard to find issues quickly."

"I have absolutely seen improvements in our incident close rates, with mean time to detect and respond reduced significantly, sometimes by at least forty to fifty percent."

"The AI and automation features in detecting and responding to high-risk threats are impressive; it's one of the best tools regarding AI technology and unifies security in one platform in real-time, improving vulnerability analysis, incident response, and compliance reporting."

"The most beneficial aspect of Cortex Cloud by Palo Alto Networks and Palo Alto in general is that there is a single platform for all cloud providers for securitization."

"Overall, Cortex Cloud by Palo Alto Networks is a technically strong product, and I rate it ten out of ten."

"I have seen several benefits from using Cortex Cloud by Palo Alto Networks: It was easy to use and easy to migrate from the IBM platform."

"From a technical standpoint or pricing, Cortex Cloud by Palo Alto Networks is a stronger solution in the market at the moment compared to other products from ConnectWise or Symantec."

"The customization is excellent."

"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."

"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."

"Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients."

"What is valuable about Snyk is its simplicity."

"Snyk's focus on security is a valuable feature. Also Snyk supports multiple programming languages, which has positively affected my security practices. I use only two or three languages, and when I change the language in a file, it detects it in the same suite. I find the AI-powered scanning overall beneficial.Using Snyk's AI-powered scanning, I can detect around ten or twenty errors in my project with about twenty thousand lines of code, so it helps improve my project by identifying a lot of potential vulnerabilities."

"Snyk performs software composition analysis (SCA) similar to other expensive tools."

"Provides clear information and is easy to follow with good feedback regarding code practices."

More Snyk pros

"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."

Cons

"Overall, I rate Cortex Cloud by Palo Alto Networks as an eight out of ten. I think that it could improve on price, as I know that the Google solution has the best price, and this is one of the conditions."

"From the commercial perspective, we have some limitations because Palo Alto has a minimum number of users of endpoints set at 200, which is quite high for the Italian market."

"The pricing is high, making ROI challenging to justify, especially during transitions between solutions."

"The negative aspects or areas for improvement in the product include the fact that the cost might be a bit high, which challenges commercials, but not technically."

"Some aspects of the GUI can be confusing and make it difficult for me to find certain options or navigate where needed."

"Cortex Cloud by Palo Alto Networks is creating some confusion in terms of names because this is recent."

"Basically the licensing costs are a little bit expensive."

"The feature for automatic fixing of security breaches could be improved."

"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."

"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."

"Generating reports and visibility through reports are definitely things they can do better."

"Could include other types of security scanning and statistical analysis"

"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."

"Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR."

More Snyk cons

"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."

Pricing and Cost Advice

Information not available

"It is pretty expensive. It is not a cheap product."

"The price of the solution is expensive compared to other solutions."

"The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."

"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."

"Snyk is an expensive solution."

"The price is good. Snyk had a good price compared to the competition, who had higher pricing than them. Also, their licensing and billing are clear."

"Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."

"Cost-wise, it's similar to Veracode, but I don't know the exact cost."

More Snyk pricing and cost advice

"It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Posture Management (ASPM) solutions are best for your needs.

See recommendations

881,733 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Performing Arts

10%

Financial Services Firm

10%

Manufacturing Company

Computer Software Company

Financial Services Firm

14%

Computer Software Company

11%

Manufacturing Company

10%

Comms Service Provider

Financial Services Firm

18%

Manufacturing Company

10%

Government

University

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	4
Midsize Enterprise	1
Large Enterprise	2

By reviewers
Company Size	Count
Small Business	21
Midsize Enterprise	9
Large Enterprise	21

No data available

Questions from the Community

What is your experience regarding pricing and costs for Cortex Cloud by Palo Alto Networks?

The solution is costly, with high-end capabilities suitable for enterprises. It is less affordable for startups or sm...

See all answers

What needs improvement with Cortex Cloud by Palo Alto Networks?

Regarding areas for improvement, the tool performs its functions well, but frequent name changes across Palo Alto Net...

See all answers

What is your primary use case for Cortex Cloud by Palo Alto Networks?

Cortex Cloud by Palo Alto Networks serves as our primary tool for understanding our assets and performing API integra...

See all answers

How does Snyk compare with SonarQube?

Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to...

See all answers

What do you like most about Snyk?

The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilit...

See all answers

What needs improvement with Snyk?

There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false posi...

See all answers

Ask a question

Earn 20 points

Comparisons

Wiz vs Cortex Cloud by Palo Alto Networks

Compared 18% of the time

Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks

Compared 17% of the time

SentinelOne Singularity Cloud Security vs Cortex Cloud by Palo Alto Networks

Compared 8% of the time

Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks

Compared 8% of the time

AWS Security Hub vs Cortex Cloud by Palo Alto Networks

Compared 3% of the time

More Cortex Cloud by Palo Alto Networks Competitors

SonarQube vs Snyk

Compared 15% of the time

Trivy vs Snyk

Compared 4% of the time

GitHub Advanced Security vs Snyk

Compared 4% of the time

Black Duck SCA vs Snyk

Compared 2% of the time

Wiz vs Snyk

Compared 2% of the time

More Snyk Competitors

PortSwigger Burp Suite Professional vs Software Risk Manager ASPM

Compared 16% of the time

Polaris Platform vs Software Risk Manager ASPM

Compared 10% of the time

Veracode vs Software Risk Manager ASPM

Compared 8% of the time

Checkmarx One vs Software Risk Manager ASPM

Compared 8% of the time

SonarQube vs Software Risk Manager ASPM

Compared 7% of the time

More Software Risk Manager ASPM Competitors

Product Reports

Buyer's Guide

Cortex Cloud by Palo Alto Networks

February 2026

Cortex Cloud by Palo Alto Networks report

Download Cortex Cloud by Palo Alto Networks product report

Buyer's Guide

Snyk

January 2026

Download Snyk product report

Buyer's Guide

Application Security Posture Management (ASPM)

February 2026

Download Software Risk Manager ASPM product report

Also Known As

No data available

Fugue, Snyk AppRisk

Code Dx

Overview

Cortex Cloud by Palo Alto Networks provides comprehensive cybersecurity management, focusing on enhancing security operations with advanced automation and threat intelligence, addressing complex security challenges efficiently.

Cortex Cloud by Palo Alto Networks integrates cloud-scale data analytics and automation to streamline security operations, enabling faster threat detection and response. It leverages AI and machine learning to provide real-time threat intelligence and automate routine tasks, reducing the burden on security teams. Users benefit from improved visibility across networks and greater operational efficiency, making it crucial for enterprises aiming to secure their digital assets against evolving cyber threats.

What are the key features of Cortex Cloud by Palo Alto Networks?

Automated Threat Detection: Identifies and mitigates threats in real-time using AI algorithms.
Advanced Analytics: Provides in-depth data insights for proactive threat prevention.
Incident Management: Streamlines incident response with automated workflows.
Scalable Architecture: Offers flexibility to grow with organizational needs.

What benefits or ROI should you expect from Cortex Cloud by Palo Alto Networks reviews?

Increased Efficiency: Automation reduces manual efforts in threat management.
Enhanced Security Posture: Improved visibility leads to better threat preparedness.
Cost Savings: Minimizes expenses related to manual threat detection and response.
Scalability: Grows with the organization, reducing the need for constant upgrades.

Cortex Cloud by Palo Alto Networks is favored in sectors like finance, healthcare, and telecommunications, where data security is paramount. Its ability to integrate with existing infrastructure and provide real-time insights makes it a preferred choice for securing sensitive information and ensuring compliance within industry regulations.

Palo Alto Networks

Snyk excels in integrating security within the development lifecycle, providing teams with an AI Trust Platform that combines speed with security efficiency, ensuring robust AI application development.

Snyk empowers developers with AI-ready engines offering broad coverage, accuracy, and speed essential for modern development. With AI-powered visibility and security, Snyk allows proactive threat prevention and swift threat remediation. The platform supports shifts toward LLM engineering and AI code analysis, enhancing security and development productivity. Snyk collaborates with GenAI coding assistants for improved productivity and AI application threat management. Platform extensibility supports evolving standards with API access and native integrations, ensuring comprehensive and seamless security embedding in development tools.

What are Snyk's standout features?

Simplicity and Integration: Easy to integrate across platforms like GitLab, GitHub, and Jira.
Comprehensive Vulnerability Database: Offers accurate reporting for effective vulnerability management.
Developer-Friendly Design: Supports multiple programming languages, appealing to developers.
Automation and Flexibility: Enhances workflow efficiency with automated capabilities.

What benefits can users expect?

Efficiency in Vulnerability Detection: Streamlines prioritization and remediation processes.
Cost-Effectiveness: Offers a competitive pricing model compared to alternatives.
Enhanced Workflow: Integration with DevOps tools improves development processes.

Industries leverage Snyk for security in CI/CD pipelines by automating checks for dependency vulnerabilities and managing open-source licenses. Its Docker and Kubernetes scanning capabilities enhance container security, supporting a proactive security approach. Integrations with platforms like GitHub and Azure DevOps optimize implementation across diverse software environments.

Snyk

Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.

Black Duck

Sample Customers

Information Not Available

StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief

Discover why companies like: CGI said, "Synopsys and Software Risk Manager have provided the results we’re looking for".

Buyer's Guide

Application Security Posture Management (ASPM)

February 2026

Download Free Report

Find out what your peers are saying about Veracode, Snyk, Checkmarx and others in Application Security Posture Management (ASPM). Updated: February 2026.

DOWNLOAD NOW

881,733 professionals have used our research since 2012.

See our list of best Application Security Posture Management (ASPM) vendors, best Static Application Security Testing (SAST) vendors, and best Software Composition Analysis (SCA) vendors.

We monitor all Application Security Posture Management (ASPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.