Snyk vs Software Risk Manager ASPM comparison

Snyk and Black Duck are both solutions in the Application Security Posture Management (ASPM) category. Snyk is ranked #2 with an average rating of 8.3, while Black Duck is ranked #15. Snyk holds a 15.9% mindshare in ASPM, compared to Black Duck’s 4.1% mindshare. Additionally, 100% of Snyk users are willing to recommend the solution.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 11, 2026

Snyk and Software Risk Manager ASPM are competing in the application security space. Users find Snyk's features more satisfying, but Software Risk Manager ASPM offers comprehensive security analysis, preferred for in-depth risk assessment.

Features: Snyk stands out with efficient vulnerability scanning, seamless CI/CD integration, and intuitive navigation. Software Risk Manager ASPM focuses on extensive threat intelligence, robust risk management, and detailed risk insights.

Ease of Deployment and Customer Service: Snyk offers straightforward deployment and robust customer support with clear guidance. Software Risk Manager ASPM, despite having a complex setup, provides strategic support and consultancy for high-level analysis integration.

Pricing and ROI: Snyk is seen as cost-effective with a quick return on investment, appealing to budget-conscious users. Software Risk Manager ASPM has higher upfront costs but is valued for long-term investment with extensive coverage and insights.

To learn more, read our detailed Application Security Posture Management (ASPM) Report (Updated: May 2026).

Buyer's Guide

Application Security Posture Management (ASPM)

May 2026

Download the complete report

Helped 900,747 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex Cloud by Palo Alto N...

Mindshare comparison

As of June 2026, in the Application Security Posture Management (ASPM) category, the mindshare of Cortex Cloud by Palo Alto Networks is 2.2%, up from 0.2% compared to the previous year. The mindshare of Snyk is 15.9%, down from 20.7% compared to the previous year. The mindshare of Software Risk Manager ASPM is 4.1%, up from 2.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Posture Management (ASPM) Mindshare Distribution
Product	Mindshare (%)
Snyk	15.9%
Cortex Cloud by Palo Alto Networks	2.2%
Software Risk Manager ASPM	4.1%
Other	77.8%

Application Security Posture Management (ASPM)

Featured Reviews

Sonali Jha

Technical Solutions Architect at IBM

Cloud security has improved as AI-driven runtime protection detects threats and reduces incidents

In my opinion, Cortex Cloud by Palo Alto Networks could be improved or enhanced in various ways. I don't have an idea about that yet because for that you actually need to use two or three different other tools to make a basic comparison. If you ask me how good the tool is, I would fairly rate it quite high. The tool is very popular, and customers can already see that it is one of the cloud leaders in the security space. The platform had a very good feature which provides documentation links about how to use a specific feature on the UI. It takes you to the proper documentation page where it suggests what to do and tells you about the steps that need to be done for a resource deployment. My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella. It has XDR, XSOAR, and Cortex Cloud by Palo Alto Networks. Before, we used to have separate modules and separate environments for each of these capabilities or features. Right now, it is a little complex and users would take their own time to know the tool better. This is something that would have been way better, but I would say there would be different opinions on this. Talking about user-friendliness, it has decreased now.

Read full review

Abhishek-Goyal

Software Engineer at a computer software company with 11-50 employees

Improves security posture by actively reducing critical vulnerabilities and guiding remediation

Snyk's main features include open-source vulnerability scanning, code security, container security, infrastructure as code security, risk-based prioritization, development-first integration, continuous monitoring and alerting, automation, and remediation. The best features I appreciate are the vulnerability checking, vulnerability scanning, and code security capabilities, as Snyk scans all open-source dependencies for known vulnerabilities and helps with license compliance for open-source components. Snyk integrates into IDEs, allowing issues to be caught as they appear in the code dynamically and prioritizes risk while providing remediation advice. Snyk provides actionable remediation advice on where vulnerabilities can exist and where code security is compromised, automatically scanning everything and providing timely alerts. Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients. Snyk has helped reduce vulnerabilities significantly. Initially, the repository had 17 to 31 critical and high vulnerabilities, but Snyk has helped manage them down to just five vulnerabilities, which are now lower and not high or critical.

Read full review

Saravanan_Radhakrishnan

Senior Manager at Happiest Minds Technologies

Facilitates continuous assessment of applications, covering both static and dynamic security aspects

Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable features I have found in Cortex Cloud by Palo Alto Networks are those that we provided to customers in a stock environment, as we have done some POCs and tried to check how it can help different organizations, and this same solution has been positioned for multiple customers."

"Overall, Cortex Cloud by Palo Alto Networks is a technically strong product, and I rate it ten out of ten."

"I have absolutely seen improvements in our incident close rates, with mean time to detect and respond reduced significantly, sometimes by at least forty to fifty percent."

"I have seen several benefits from using Cortex Cloud by Palo Alto Networks: It was easy to use and easy to migrate from the IBM platform."

"Cortex Cloud by Palo Alto Networks' cloud runtime security in terms of stopping attacks in real time is impressive."

"Cortex Cloud by Palo Alto Networks has impacted our organization positively by keeping our machines secure and our team using the dashboard to find issues quickly."

"Previously with Cortex Cloud by Palo Alto Networks, I deployed this product for one of my customers, and after three to four months, they said that previously they had around four hours of MTTR, and now it has reduced to just 15 to 20 minutes."

"The capabilities of Cortex Cloud by Palo Alto Networks are valuable because it is the best product in the market."

More Cortex Cloud by Palo Alto Networks pros

"The most valuable features are their GitLab and JIRA integrations. The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using."

"The valuable aspect is its security capabilities."

"It has an accurate database of vulnerabilities with a low amount of false positives."

"It helps us meet compliance requirements, by identifying and fixing vulnerabilities, and to have a robust vulnerability management program."

"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."

"It hits ROI for us very well in a couple of areas that we want to address: to ensure that we don't have surprises when it comes to vulnerabilities on our dependencies — libraries and images — and from a compliance point of view, we don't want to be in a situation where we're forced to publish code because someone has decided to use libraries that would force us to either publish everything under GPL or put us in a situation where licenses are not compatible and we would have to redo part of the code."

"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."

"From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."

More Snyk pros

"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."

Cons

"Some aspects of the GUI can be confusing and make it difficult for me to find certain options or navigate where needed."

"The negative aspects or areas for improvement in the product include the fact that the cost might be a bit high, which challenges commercials, but not technically."

"As per my experience with Cortex Cloud by Palo Alto Networks, the UI could be simpler."

"My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella."

"From the commercial perspective, we have some limitations because Palo Alto has a minimum number of users of endpoints set at 200, which is quite high for the Italian market."

"In my opinion, Cortex Cloud by Palo Alto Networks can be improved by addressing forensic information collection and storage, although I cannot suggest specific things right now, based on what customers might need."

"The pricing is high, making ROI challenging to justify, especially during transitions between solutions."

"Cortex Cloud by Palo Alto Networks is creating some confusion in terms of names because this is recent."

More Cortex Cloud by Palo Alto Networks cons

"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."

"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."

"For the areas that they're new in, it's very early stages for them. For example, their expertise is in looking at third-party components and packages, which is their bread-and-butter and what they've been doing for ages, but for newer features such as static analysis I don't think they've got compatibility for all the languages and frameworks yet."

"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."

"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."

"There are a lot of false positives that need to be identified and separated."

"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."

"Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app."

More Snyk cons

"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."

Pricing and Cost Advice

Information not available

"With Snyk, you get what you pay for. It is not a cheap solution, but you get a comprehensiveness and level of coverage that is very good. The dollars in the security budget only go so far. If I can maximize my value and be able to have some funds left over for other initiatives, I want to do that. That is what drives me to continue to say, "What's out there in the market? Snyk's expensive, but it's good. Is there something as good, but more affordable?" Ultimately, I find we could go cheaper, but we would lose the completeness of vision or scope. I am not willing to do that because Snyk does provide a pretty important benefit for us."

"Presently, my company uses an open-source version of the solution. The solution's pricing can be considered quite reasonable owing to the features they offer."

"Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."

"Snyk is an expensive solution."

"It is pretty expensive. It is not a cheap product."

"The product has good pricing."

"The product's price is okay."

"The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."

More Snyk pricing and cost advice

"It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Posture Management (ASPM) solutions are best for your needs.

See recommendations

900,747 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Manufacturing Company

17%

Construction Company

11%

Financial Services Firm

Outsourcing Company

Financial Services Firm

13%

Manufacturing Company

11%

Computer Software Company

10%

Comms Service Provider

Financial Services Firm

16%

Manufacturing Company

14%

University

10%

Construction Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	7
Midsize Enterprise	1
Large Enterprise	4

By reviewers
Company Size	Count
Small Business	20
Midsize Enterprise	10
Large Enterprise	23

No data available

Questions from the Community

What is your experience regarding pricing and costs for Cortex Cloud by Palo Alto Networks?

I am not fully aware of the pricing and licensing of Cortex Cloud by Palo Alto Networks. The pricing is also based on...

See all answers

What needs improvement with Cortex Cloud by Palo Alto Networks?

In my opinion, Cortex Cloud by Palo Alto Networks could be improved or enhanced in various ways. I don't have an idea...

See all answers

What is your primary use case for Cortex Cloud by Palo Alto Networks?

The usual use cases for Cortex Cloud by Palo Alto Networks that I have been working with mostly are as simple as dete...

See all answers

How does Snyk compare with SonarQube?

Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to...

See all answers

What needs improvement with Snyk?

There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false posi...

See all answers

What is your primary use case for Snyk?

I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the applica...

See all answers

Ask a question

Earn 20 points

Comparisons

Wiz vs Cortex Cloud by Palo Alto Networks

Compared 11% of the time

Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks

Compared 11% of the time

SentinelOne Singularity Cloud Security vs Cortex Cloud by Palo Alto Networks

Compared 8% of the time

WithSecure Elements Exposure Management (XM) vs Cortex Cloud by Palo Alto Networks

Compared 7% of the time

Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks

Compared 5% of the time

More Cortex Cloud by Palo Alto Networks Competitors

SonarQube vs Snyk

Compared 7% of the time

Black Duck SCA vs Snyk

Compared 2% of the time

Trivy vs Snyk

Compared 2% of the time

GitHub Advanced Security vs Snyk

Compared 2% of the time

JFrog Xray vs Snyk

Compared 2% of the time

More Snyk Competitors

PortSwigger Burp Suite Professional vs Software Risk Manager ASPM

Compared 24% of the time

Veracode vs Software Risk Manager ASPM

Compared 10% of the time

Polaris Platform vs Software Risk Manager ASPM

Compared 8% of the time

Checkmarx One vs Software Risk Manager ASPM

Compared 6% of the time

SonarQube vs Software Risk Manager ASPM

Compared 3% of the time

More Software Risk Manager ASPM Competitors

Product Reports

Buyer's Guide

Cortex Cloud by Palo Alto Networks

June 2026

Cortex Cloud by Palo Alto Networks report

Download Cortex Cloud by Palo Alto Networks product report

Buyer's Guide

Snyk

May 2026

Download Snyk product report

Buyer's Guide

Application Security Posture Management (ASPM)

May 2026

Download Software Risk Manager ASPM product report

Also Known As

No data available

Fugue, Snyk AppRisk

Code Dx

Overview

Cortex Cloud by Palo Alto Networks enhances cloud security with features like AI/ML threat detection and automated remediation, ensuring real-time protection and efficient management across cloud environments.

Cortex Cloud by Palo Alto Networks offers comprehensive cloud security posture management and runtime protection. It reduces manual tasks and accelerates incident investigation through advanced threat detection and AI-driven anomaly detection. With integration to the MITRE ATT&CK framework, it boosts threat response while reducing incident resolution time. Although users find the UI complex and pricing high, its capabilities in securing AWS, Azure, and other environments, as well as its potential integration with CyberArk, emphasize its enterprise-ready design for cloud transformation across diverse industry sectors.

What are the key features of Cortex Cloud by Palo Alto Networks?

Runtime Protection: Ensures real-time security for workloads.
AI/ML-powered Threat Detection: Identifies threats using AI/ML technology.
Automated Remediation: Streamlines threat response through automation.
Comprehensive Detection Coverage: Offers extensive detection capabilities with unified data.
Integration with MITRE ATT&CK: Enhances threat response efficiency.

What benefits or ROI should users consider?

Enhanced Security Visibility: Provides dashboards for better security insights.
Reduced Manual Tasks: Automates processes for efficiency gains.
Improved Threat Response: Accelerates incident resolution with AI-driven anomaly detection.
Seamless Cloud Integration: Supports APIs and multi-cloud environments.

Cortex Cloud by Palo Alto Networks is deployed across industries like telecom, BFSI, and manufacturing for robust cloud security. It's leveraged for detecting misconfigurations and vulnerabilities, aiding cloud transformation and compliance with standards such as GDPR and NIST. The integration across cloud infrastructures, including AWS and Azure, supports policy creation and threat management strategies for diverse enterprises.

Palo Alto Networks

Snyk excels in integrating security within the development lifecycle, providing teams with an AI Trust Platform that combines speed with security efficiency, ensuring robust AI application development.

Snyk empowers developers with AI-ready engines offering broad coverage, accuracy, and speed essential for modern development. With AI-powered visibility and security, Snyk allows proactive threat prevention and swift threat remediation. The platform supports shifts toward LLM engineering and AI code analysis, enhancing security and development productivity. Snyk collaborates with GenAI coding assistants for improved productivity and AI application threat management. Platform extensibility supports evolving standards with API access and native integrations, ensuring comprehensive and seamless security embedding in development tools.

What are Snyk's standout features?

Simplicity and Integration: Easy to integrate across platforms like GitLab, GitHub, and Jira.
Comprehensive Vulnerability Database: Offers accurate reporting for effective vulnerability management.
Developer-Friendly Design: Supports multiple programming languages, appealing to developers.
Automation and Flexibility: Enhances workflow efficiency with automated capabilities.

What benefits can users expect?

Efficiency in Vulnerability Detection: Streamlines prioritization and remediation processes.
Cost-Effectiveness: Offers a competitive pricing model compared to alternatives.
Enhanced Workflow: Integration with DevOps tools improves development processes.

Industries leverage Snyk for security in CI/CD pipelines by automating checks for dependency vulnerabilities and managing open-source licenses. Its Docker and Kubernetes scanning capabilities enhance container security, supporting a proactive security approach. Integrations with platforms like GitHub and Azure DevOps optimize implementation across diverse software environments.

Snyk

Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.

Black Duck

Sample Customers

Information Not Available

StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief

Discover why companies like: CGI said, "Synopsys and Software Risk Manager have provided the results we’re looking for".

Buyer's Guide

Application Security Posture Management (ASPM)

May 2026

Download Free Report

Find out what your peers are saying about Veracode, Snyk, Checkmarx and others in Application Security Posture Management (ASPM). Updated: May 2026.

DOWNLOAD NOW

900,747 professionals have used our research since 2012.

See our list of best Application Security Posture Management (ASPM) vendors, best Static Application Security Testing (SAST) vendors, and best Software Composition Analysis (SCA) vendors.

We monitor all Application Security Posture Management (ASPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.