Try our new research platform with insights from 80,000+ expert users

Snyk vs Software Risk Manager ASPM comparison

Snyk and Black Duck are both solutions in the Application Security Posture Management (ASPM) category. Snyk is ranked #2 with an average rating of 8.1, while Black Duck is ranked #14. Snyk holds a 16.5% mindshare in ASPM, compared to Black Duck’s 3.8% mindshare. Additionally, 100% of Snyk users are willing to recommend the solution.
Sponsored
Cortex Cloud by Palo Alto N...
Read 11 Cortex Cloud by Palo Alto Networks reviews
  • 1,955 Views
  • 176 Comparison Views
100% willing to recommend
Snyk
Read 51 Snyk reviews
  • 22,150 Views
  • 2,880 Comparison Views
100% willing to recommend
Software Risk Manager ASPM
Read 1 Software Risk Manager ASPM review
  • 1,390 Views
  • 528 Comparison Views
0% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jan 11, 2026

Snyk and Software Risk Manager ASPM are competing in the application security space. Users find Snyk's features more satisfying, but Software Risk Manager ASPM offers comprehensive security analysis, preferred for in-depth risk assessment.

Features: Snyk stands out with efficient vulnerability scanning, seamless CI/CD integration, and intuitive navigation. Software Risk Manager ASPM focuses on extensive threat intelligence, robust risk management, and detailed risk insights.

Ease of Deployment and Customer Service: Snyk offers straightforward deployment and robust customer support with clear guidance. Software Risk Manager ASPM, despite having a complex setup, provides strategic support and consultancy for high-level analysis integration.

Pricing and ROI: Snyk is seen as cost-effective with a quick return on investment, appealing to budget-conscious users. Software Risk Manager ASPM has higher upfront costs but is valued for long-term investment with extensive coverage and insights.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Application Security Posture Management (ASPM) Report (Updated: March 2026).
Buyer's Guide
Application Security Posture Management (ASPM)
March 2026
Download the complete report
Helped 884,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex Cloud by Palo Alto N...
Sponsored
Ranking in Application Security Posture Management (ASPM)
6th
Average Rating
8.6
Reviews Sentiment
5.7
Number of Reviews
11
Ranking in other categories
Vulnerability Management (27th), Cloud Workload Protection Platforms (CWPP) (13th), Cloud Security Posture Management (CSPM) (18th), Cloud-Native Application Protection Platforms (CNAPP) (12th), Data Security Posture Management (DSPM) (12th), Software Supply Chain Security (7th), Cloud Infrastructure Entitlement Management (CIEM) (6th), Cloud Detection and Response (CDR) (4th)
Snyk
Ranking in Application Security Posture Management (ASPM)
2nd
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
51
Ranking in other categories
Application Performance Monitoring (APM) and Observability (16th), Application Security Tools (6th), Static Application Security Testing (SAST) (6th), GRC (4th), Cloud Management (10th), Vulnerability Management (15th), Container Security (5th), Software Composition Analysis (SCA) (1st), Software Development Analytics (2nd), Cloud Security Posture Management (CSPM) (12th), DevSecOps (2nd), AI Security (11th)
Software Risk Manager ASPM
Ranking in Application Security Posture Management (ASPM)
14th
Average Rating
0.0
Reviews Sentiment
7.0
Number of Reviews
1
Ranking in other categories
Static Application Security Testing (SAST) (29th), Software Composition Analysis (SCA) (21st)
 

Mindshare comparison

As of March 2026, in the Application Security Posture Management (ASPM) category, the mindshare of Cortex Cloud by Palo Alto Networks is 1.8%. The mindshare of Snyk is 16.5%, down from 21.5% compared to the previous year. The mindshare of Software Risk Manager ASPM is 3.8%, up from 2.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Posture Management (ASPM) Mindshare Distribution
ProductMindshare (%)
Snyk16.5%
Cortex Cloud by Palo Alto Networks1.8%
Software Risk Manager ASPM3.8%
Other77.9%
Application Security Posture Management (ASPM)
 

Featured Reviews

SJ
Sonali Jha
Technical Solutions Architect at IBM
Cloud security has improved as AI-driven runtime protection detects threats and reduces incidents
In my opinion, Cortex Cloud by Palo Alto Networks could be improved or enhanced in various ways. I don't have an idea about that yet because for that you actually need to use two or three different other tools to make a basic comparison. If you ask me how good the tool is, I would fairly rate it quite high. The tool is very popular, and customers can already see that it is one of the cloud leaders in the security space. The platform had a very good feature which provides documentation links about how to use a specific feature on the UI. It takes you to the proper documentation page where it suggests what to do and tells you about the steps that need to be done for a resource deployment. My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella. It has XDR, XSOAR, and Cortex Cloud by Palo Alto Networks. Before, we used to have separate modules and separate environments for each of these capabilities or features. Right now, it is a little complex and users would take their own time to know the tool better. This is something that would have been way better, but I would say there would be different opinions on this. Talking about user-friendliness, it has decreased now.
Read full review
Abhishek-Goyal - PeerSpot reviewer
Abhishek-Goyal
Software Engineer at a computer software company with 11-50 employees
Improves security posture by actively reducing critical vulnerabilities and guiding remediation
Snyk's main features include open-source vulnerability scanning, code security, container security, infrastructure as code security, risk-based prioritization, development-first integration, continuous monitoring and alerting, automation, and remediation. The best features I appreciate are the vulnerability checking, vulnerability scanning, and code security capabilities, as Snyk scans all open-source dependencies for known vulnerabilities and helps with license compliance for open-source components. Snyk integrates into IDEs, allowing issues to be caught as they appear in the code dynamically and prioritizes risk while providing remediation advice. Snyk provides actionable remediation advice on where vulnerabilities can exist and where code security is compromised, automatically scanning everything and providing timely alerts. Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients. Snyk has helped reduce vulnerabilities significantly. Initially, the repository had 17 to 31 critical and high vulnerabilities, but Snyk has helped manage them down to just five vulnerabilities, which are now lower and not high or critical.
Read full review
Saravanan_Radhakrishnan - PeerSpot reviewer
Saravanan_Radhakrishnan
Senior Manager at Happiest Minds Technologies
Facilitates continuous assessment of applications, covering both static and dynamic security aspects
Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex Cloud by Palo Alto Networks has impacted our organization positively by keeping our machines secure and our team using the dashboard to find issues quickly."
"I have absolutely seen improvements in our incident close rates, with mean time to detect and respond reduced significantly, sometimes by at least forty to fifty percent."
"I have seen several benefits from using Cortex Cloud by Palo Alto Networks: It was easy to use and easy to migrate from the IBM platform."
"Previously with Cortex Cloud by Palo Alto Networks, I deployed this product for one of my customers, and after three to four months, they said that previously they had around four hours of MTTR, and now it has reduced to just 15 to 20 minutes."
"The most valuable features I have found in Cortex Cloud by Palo Alto Networks are those that we provided to customers in a stock environment, as we have done some POCs and tried to check how it can help different organizations, and this same solution has been positioned for multiple customers."
"Overall, Cortex Cloud by Palo Alto Networks is a technically strong product, and I rate it ten out of ten."
"Cortex Cloud by Palo Alto Networks' cloud runtime security in terms of stopping attacks in real time is impressive."
"The AI and automation features in detecting and responding to high-risk threats are impressive; it's one of the best tools regarding AI technology and unifies security in one platform in real-time, improving vulnerability analysis, incident response, and compliance reporting."
More Cortex Cloud by Palo Alto Networks pros
"Snyk provides a lot of information on vulnerabilities, the packages being used, and their dependencies, giving good insight into the security of those packages."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients."
"Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients."
More Snyk pros
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
 

Cons

"In my opinion, Cortex Cloud by Palo Alto Networks can be improved by addressing forensic information collection and storage, although I cannot suggest specific things right now, based on what customers might need."
"Some aspects of the GUI can be confusing and make it difficult for me to find certain options or navigate where needed."
"From the commercial perspective, we have some limitations because Palo Alto has a minimum number of users of endpoints set at 200, which is quite high for the Italian market."
"My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella."
"The negative aspects or areas for improvement in the product include the fact that the cost might be a bit high, which challenges commercials, but not technically."
"The pricing is high, making ROI challenging to justify, especially during transitions between solutions."
"Overall, I rate Cortex Cloud by Palo Alto Networks as an eight out of ten. I think that it could improve on price, as I know that the Google solution has the best price, and this is one of the conditions."
"Cortex Cloud by Palo Alto Networks is creating some confusion in terms of names because this is recent."
More Cortex Cloud by Palo Alto Networks cons
"The tool's initial use is complex."
"Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
"Snyk should improve the scanning capabilities for other languages. For example, Veracode is strong with different languages such as Java, C#, and others."
"One area where Snyk could improve is in providing developers with the line where the error occurs."
More Snyk cons
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
 

Pricing and Cost Advice

Information not available
"The pricing is reasonable."
"It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website."
"The product has good pricing."
"Presently, my company uses an open-source version of the solution. The solution's pricing can be considered quite reasonable owing to the features they offer."
"It is pretty expensive. It is not a cheap product."
"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."
"It's good value. That's the primary thing. It's not cheap-cheap, but it's good value."
"The solution is less expensive than Black Duck."
More Snyk pricing and cost advice
"It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Posture Management (ASPM) solutions are best for your needs.
See recommendations
884,873 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
9%
Manufacturing Company
8%
Performing Arts
8%
Computer Software Company
7%
Financial Services Firm
14%
Computer Software Company
11%
Manufacturing Company
10%
Comms Service Provider
6%
Financial Services Firm
19%
University
9%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise1
Large Enterprise4
By reviewers
Company SizeCount
Small Business21
Midsize Enterprise9
Large Enterprise22
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Cortex Cloud by Palo Alto Networks?
The solution is costly, with high-end capabilities suitable for enterprises. It is less affordable for startups or sm...
See all answers
What needs improvement with Cortex Cloud by Palo Alto Networks?
As per my experience with Cortex Cloud by Palo Alto Networks, the UI could be simpler. There are few features which a...
See all answers
What is your primary use case for Cortex Cloud by Palo Alto Networks?
My use case for Cortex Cloud by Palo Alto Networks is for CSPM, application security, and IAM. I use it for checking ...
See all answers
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to...
See all answers
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilit...
See all answers
What needs improvement with Snyk?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false posi...
See all answers
Ask a question
Earn 20 points
 

Comparisons

Wiz vs Cortex Cloud by Palo Alto Networks Logo
Wiz vs Cortex Cloud by Palo Alto Networks
Compared 16% of the time
Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks Logo
Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks
Compared 15% of the time
SentinelOne Singularity Cloud Security vs Cortex Cloud by Palo Alto Networks Logo
SentinelOne Singularity Cloud Security vs Cortex Cloud by Palo Alto Networks
Compared 9% of the time
Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks Logo
Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks
Compared 6% of the time
FortiCNAPP vs Cortex Cloud by Palo Alto Networks Logo
FortiCNAPP vs Cortex Cloud by Palo Alto Networks
Compared 3% of the time
More Cortex Cloud by Palo Alto Networks Competitors
SonarQube vs Snyk Logo
SonarQube vs Snyk
Compared 12% of the time
Trivy vs Snyk Logo
Trivy vs Snyk
Compared 3% of the time
GitHub Advanced Security vs Snyk Logo
GitHub Advanced Security vs Snyk
Compared 3% of the time
Black Duck SCA vs Snyk Logo
Black Duck SCA vs Snyk
Compared 2% of the time
JFrog Xray vs Snyk Logo
JFrog Xray vs Snyk
Compared 2% of the time
More Snyk Competitors
PortSwigger Burp Suite Professional vs Software Risk Manager ASPM Logo
PortSwigger Burp Suite Professional vs Software Risk Manager ASPM
Compared 21% of the time
Polaris Platform vs Software Risk Manager ASPM Logo
Polaris Platform vs Software Risk Manager ASPM
Compared 8% of the time
Veracode vs Software Risk Manager ASPM Logo
Veracode vs Software Risk Manager ASPM
Compared 8% of the time
Checkmarx One vs Software Risk Manager ASPM Logo
Checkmarx One vs Software Risk Manager ASPM
Compared 7% of the time
Ivanti Neurons for ASPM vs Software Risk Manager ASPM Logo
Ivanti Neurons for ASPM vs Software Risk Manager ASPM
Compared 5% of the time
More Software Risk Manager ASPM Competitors
 

Product Reports

Buyer's Guide
Cortex Cloud by Palo Alto Networks
March 2026
Cortex Cloud by Palo Alto Networks reportDownload Cortex Cloud by Palo Alto Networks product report
Buyer's Guide
Snyk
February 2026
Snyk reportDownload Snyk product report
Buyer's Guide
Application Security Posture Management (ASPM)
March 2026
Software Risk Manager ASPM reportDownload Software Risk Manager ASPM product report
 

Also Known As

No data available
Fugue, Snyk AppRisk
Code Dx
 

Overview

Cortex Cloud by Palo Alto Networks provides comprehensive cybersecurity management, focusing on enhancing security operations with advanced automation and threat intelligence, addressing complex security challenges efficiently.

Cortex Cloud by Palo Alto Networks integrates cloud-scale data analytics and automation to streamline security operations, enabling faster threat detection and response. It leverages AI and machine learning to provide real-time threat intelligence and automate routine tasks, reducing the burden on security teams. Users benefit from improved visibility across networks and greater operational efficiency, making it crucial for enterprises aiming to secure their digital assets against evolving cyber threats.

What are the key features of Cortex Cloud by Palo Alto Networks?

  • Automated Threat Detection: Identifies and mitigates threats in real-time using AI algorithms.
  • Advanced Analytics: Provides in-depth data insights for proactive threat prevention.
  • Incident Management: Streamlines incident response with automated workflows.
  • Scalable Architecture: Offers flexibility to grow with organizational needs.

What benefits or ROI should you expect from Cortex Cloud by Palo Alto Networks reviews?

  • Increased Efficiency: Automation reduces manual efforts in threat management.
  • Enhanced Security Posture: Improved visibility leads to better threat preparedness.
  • Cost Savings: Minimizes expenses related to manual threat detection and response.
  • Scalability: Grows with the organization, reducing the need for constant upgrades.

Cortex Cloud by Palo Alto Networks is favored in sectors like finance, healthcare, and telecommunications, where data security is paramount. Its ability to integrate with existing infrastructure and provide real-time insights makes it a preferred choice for securing sensitive information and ensuring compliance within industry regulations.

Palo Alto Networks

Snyk excels in integrating security within the development lifecycle, providing teams with an AI Trust Platform that combines speed with security efficiency, ensuring robust AI application development.

Snyk empowers developers with AI-ready engines offering broad coverage, accuracy, and speed essential for modern development. With AI-powered visibility and security, Snyk allows proactive threat prevention and swift threat remediation. The platform supports shifts toward LLM engineering and AI code analysis, enhancing security and development productivity. Snyk collaborates with GenAI coding assistants for improved productivity and AI application threat management. Platform extensibility supports evolving standards with API access and native integrations, ensuring comprehensive and seamless security embedding in development tools.

What are Snyk's standout features?

  • Simplicity and Integration: Easy to integrate across platforms like GitLab, GitHub, and Jira.
  • Comprehensive Vulnerability Database: Offers accurate reporting for effective vulnerability management.
  • Developer-Friendly Design: Supports multiple programming languages, appealing to developers.
  • Automation and Flexibility: Enhances workflow efficiency with automated capabilities.

What benefits can users expect?

  • Efficiency in Vulnerability Detection: Streamlines prioritization and remediation processes.
  • Cost-Effectiveness: Offers a competitive pricing model compared to alternatives.
  • Enhanced Workflow: Integration with DevOps tools improves development processes.

Industries leverage Snyk for security in CI/CD pipelines by automating checks for dependency vulnerabilities and managing open-source licenses. Its Docker and Kubernetes scanning capabilities enhance container security, supporting a proactive security approach. Integrations with platforms like GitHub and Azure DevOps optimize implementation across diverse software environments.

Snyk

Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.

Black Duck
 

Sample Customers

Information Not Available
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Discover why companies like: CGI said, "Synopsys and Software Risk Manager have provided the results we’re looking for".
Buyer's Guide
Application Security Posture Management (ASPM)
March 2026
Download Free Report
Find out what your peers are saying about Veracode, Snyk, Checkmarx and others in Application Security Posture Management (ASPM). Updated: March 2026.
DOWNLOAD NOW
884,873 professionals have used our research since 2012.

We monitor all Application Security Posture Management (ASPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.