# FOSSA, Semgrep vs Snyk Comparison | | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Star Rating** | 4.2 out of 5 | 4.6 out of 5 | 4.5 out of 5 | | **Total Reviews** | 15 | 55 | 132 | | **Largest Market Segment** | Small-Business (46.7% of reviews) | Enterprise (46.3% of reviews) | Mid-Market (45.4% of reviews) | | **Entry Level Price** | No pricing available | Starting at $40.00 1 contributor Per Month | Free | --- ## Top Pros & Cons ### FOSSA Pros: - Easy Integrations (1 reviews) - Issue Resolution (1 reviews) ### Semgrep Pros: - Ease of Use (16 reviews) - Features (14 reviews) Cons: - Not User-Friendly (7 reviews) - Limited Features (6 reviews) ### Snyk Pros: - Easy Integrations (5 reviews) - Vulnerability Detection (5 reviews) Cons: - Expensive (3 reviews) - False Positives (3 reviews) --- ## Ratings Comparison | Rating | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Meets Requirements** | 8.5 (11 reviews) | 8.8 (49 reviews) | 8.7 (94 reviews) | | **Ease of Use** | 8.9 (11 reviews) | 9.1 (50 reviews) | 8.8 (95 reviews) | | **Ease of Setup** | 8.3 (6 reviews) | 9.4 (37 reviews) | 9.1 (58 reviews) | | **Ease of Admin** | 9.3 (5 reviews) | 9.1 (22 reviews) | 8.9 (51 reviews) | | **Quality of Support** | 8.3 (9 reviews) | 8.8 (44 reviews) | 8.7 (79 reviews) | | **Has the product been a good partner in doing business?** | Not enough data | 9.6 (22 reviews) | 8.8 (48 reviews) | | **Product Direction (% positive)** | 8.9 (11 reviews) | 9.2 (45 reviews) | 8.8 (84 reviews) | --- ## Pricing ### FOSSA #### Entry-Level Pricing No pricing available #### Free Trial Yes ### Semgrep #### Entry-Level Pricing Plan: Semgrep Code, Supply Chain, and Secrets Detection Price: Starting at $40.00 1 contributor Per Month Description: Extensible AppSec for growing teams. Choose from Code (SAST), Supply Chain (SCA), and Secrets Detection to eliminate noise out of the box, streamline developer workflows, and give security teams full visibility. Key Features: - Choose from SAST, SCA, and Secrets Detection - Pro Rules and cross-file analysis - AI Assistant [Learn more about Semgrep](https://www.g2.com/products/semgrep/reviews) #### Free Trial Yes ### Snyk #### Entry-Level Pricing Plan: FREE - Limited Tests, Unlimited Developers Price: Free Description: For individual developers and small teams looking to secure while they build. Unlimited Developers. Key Features: - 200 Open Source tests per month - 100 Container tests per month - 300 IaC tests per month [Browse all 3 editions](https://www.g2.com/products/snyk/pricing) #### Free Trial No --- ## Features Comparison By Category ### Static Application Security Testing (SAST) | Product | Score | Reviews | |---|---|---| | **FOSSA** | N/A | N/A | | **Semgrep** | 8.4/10 | 22 | | **Snyk** | 7.8/10 | 25 | #### Administration | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **API / Integrations** | Not enough data | 9.0 (18 reviews) | 8.6 (22 reviews) | | **Extensibility** | Not enough data | 8.2 (17 reviews) | 8.1 (18 reviews) | #### Analysis | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Reporting and Analytics** | Not enough data | 8.4 (19 reviews) | 8.5 (23 reviews) | | **Issue Tracking** | Not enough data | 9.2 (22 reviews) | 8.3 (22 reviews) | | **Static Code Analysis** | Not enough data | 9.4 (22 reviews) | 8.7 (24 reviews) | | **Code Analysis** | Not enough data | 9.2 (22 reviews) | 8.9 (21 reviews) | #### Testing | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Command-Line Tools** | Not enough data | 8.7 (20 reviews) | 7.8 (18 reviews) | | **Manual Testing** | Not enough data | Feature Not Available | 6.5 (14 reviews) | | **Test Automation** | Not enough data | Feature Not Available | 7.8 (19 reviews) | | **Compliance Testing** | Not enough data | 7.7 (17 reviews) | 8.1 (15 reviews) | | **Black-Box Scanning** | Not enough data | 7.5 (18 reviews) | 6.2 (13 reviews) | | **Detection Rate** | Not enough data | 8.1 (19 reviews) | 7.5 (19 reviews) | | **False Positives** | Not enough data | 7.3 (21 reviews) | 6.4 (17 reviews) | #### Agentic AI - Static Application Security Testing (SAST) | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | 7.9 (11 reviews) | Not enough data | ### Dynamic Application Security Testing (DAST) | Product | Score | Reviews | |---|---|---| | **FOSSA** | N/A | N/A | | **Semgrep** | N/A | N/A | | **Snyk** | N/A | N/A | #### Administration | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **API / Integrations** | Not enough data | Feature Not Available | Not enough data | | **Extensibility** | Not enough data | Feature Not Available | Not enough data | #### Analysis | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Reporting and Analytics** | Not enough data | Not enough data | Not enough data | | **Issue Tracking** | Not enough data | Not enough data | Not enough data | | **Static Code Analysis** | Not enough data | Not enough data | Not enough data | | **Vulnerability Scan** | Not enough data | Not enough data | Not enough data | | **Code Analysis** | Not enough data | Not enough data | Not enough data | #### Testing | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Manual Testing** | Not enough data | Feature Not Available | Not enough data | | **Test Automation** | Not enough data | Feature Not Available | Not enough data | | **Compliance Testing** | Not enough data | Feature Not Available | Not enough data | | **Black-Box Scanning** | Not enough data | Not enough data | Not enough data | | **Detection Rate** | Not enough data | Not enough data | Not enough data | | **False Positives** | Not enough data | Not enough data | Not enough data | ### Container Security | Product | Score | Reviews | |---|---|---| | **FOSSA** | N/A | N/A | | **Semgrep** | N/A | N/A | | **Snyk** | 7.5/10 | 32 | #### Administration | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Risk Scoring** | Not enough data | Not enough data | 8.4 (29 reviews) | | **Secrets Management** | Not enough data | Not enough data | Feature Not Available | | **Security Auditing** | Not enough data | Not enough data | 7.9 (26 reviews) | | **Configuration Management** | Not enough data | Not enough data | 7.5 (19 reviews) | #### Monitoring | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Continuous Image Assurance** | Not enough data | Not enough data | 8.0 (17 reviews) | | **Behavior Monitoring** | Not enough data | Not enough data | 6.5 (13 reviews) | | **Observability** | Not enough data | Not enough data | 7.1 (15 reviews) | #### Protection | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Dynamic Image Scanning** | Not enough data | Not enough data | 7.4 (16 reviews) | | **Runtime Protection** | Not enough data | Not enough data | 7.5 (17 reviews) | | **Workload Protection** | Not enough data | Not enough data | 7.4 (14 reviews) | | **Network Segmentation** | Not enough data | Not enough data | 6.9 (12 reviews) | ### Vulnerability Scanner | Product | Score | Reviews | |---|---|---| | **FOSSA** | N/A | N/A | | **Semgrep** | 8.1/10 | 12 | | **Snyk** | 8.1/10 | 43 | #### Performance | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Issue Tracking** | Not enough data | 8.2 (12 reviews) | 8.5 (36 reviews) | | **Detection Rate** | Not enough data | 8.0 (11 reviews) | 8.5 (40 reviews) | | **False Positives** | Not enough data | 8.0 (11 reviews) | 6.7 (32 reviews) | | **Automated Scans** | Not enough data | 9.0 (10 reviews) | 9.1 (41 reviews) | #### Network | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Compliance Testing** | Not enough data | 8.5 (10 reviews) | 8.1 (25 reviews) | | **Perimeter Scanning** | Not enough data | 7.8 (10 reviews) | 7.9 (19 reviews) | | **Configuration Monitoring** | Not enough data | 8.0 (10 reviews) | 8.2 (20 reviews) | #### Application | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Manual Application Testing** | Not enough data | Feature Not Available | 7.8 (17 reviews) | | **Static Code Analysis** | Not enough data | 8.9 (11 reviews) | 8.5 (34 reviews) | | **Black Box Testing** | Not enough data | 8.5 (11 reviews) | 7.4 (13 reviews) | #### Agentic AI - Vulnerability Scanner | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | 6.9 (6 reviews) | Not enough data | | **Proactive Assistance** | Not enough data | 7.5 (6 reviews) | Not enough data | ### Software Composition Analysis | Product | Score | Reviews | |---|---|---| | **FOSSA** | 8.8/10 | 8 | | **Semgrep** | 8.4/10 | 18 | | **Snyk** | 8.4/10 | 37 | #### Functionality - Software Composition Analysis | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Language Support** | 8.8 (7 reviews) | 8.4 (18 reviews) | 8.1 (24 reviews) | | **Integration** | 9.2 (6 reviews) | 8.2 (18 reviews) | 8.7 (30 reviews) | | **Transparency** | 8.8 (8 reviews) | 8.5 (18 reviews) | 8.3 (31 reviews) | #### Effectiveness - Software Composition Analysis | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Remediation Suggestions** | 8.1 (7 reviews) | 8.5 (18 reviews) | 8.3 (32 reviews) | | **Continuous Monitoring** | 8.5 (8 reviews) | 8.3 (18 reviews) | 8.7 (30 reviews) | | **Thorough Detection** | 9.4 (8 reviews) | 8.3 (18 reviews) | 8.2 (32 reviews) | ### Secure Code Review | Product | Score | Reviews | |---|---|---| | **FOSSA** | N/A | N/A | | **Semgrep** | 8.4/10 | 21 | | **Snyk** | N/A | N/A | #### Documentation | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Feedback** | Not enough data | 8.9 (19 reviews) | Not enough data | | **Prioritization** | Not enough data | 9.3 (20 reviews) | Not enough data | | **Remediation Suggestions** | Not enough data | 8.2 (20 reviews) | Not enough data | #### Security | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **False Positives** | Not enough data | 7.4 (21 reviews) | Not enough data | | **Custom Compliance** | Not enough data | 7.9 (17 reviews) | Not enough data | | **Agility** | Not enough data | 8.9 (17 reviews) | Not enough data | ### Software Supply Chain Security Tools | Product | Score | Reviews | |---|---|---| | **FOSSA** | N/A | N/A | | **Semgrep** | N/A | N/A | | **Snyk** | N/A | N/A | #### Security | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Tampering** | Not enough data | Not enough data | Not enough data | | **Malicious Code** | Not enough data | Not enough data | Not enough data | | **Verification** | Not enough data | Not enough data | Not enough data | | **Security Risks** | Not enough data | Not enough data | Not enough data | #### Tracking | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Bill of Materials** | Not enough data | Not enough data | Not enough data | | **Audit Trails** | Not enough data | Not enough data | Not enough data | | **Monitoring** | Not enough data | Not enough data | Not enough data | ### Software Bill of Materials (SBOM) | Product | Score | Reviews | |---|---|---| | **FOSSA** | N/A | N/A | | **Semgrep** | N/A | N/A | | **Snyk** | N/A | N/A | #### Functionality - Software Bill of Materials (SBOM) | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Format Support** | Not enough data | Not enough data | Not enough data | | **Annotations** | Not enough data | Not enough data | Not enough data | | **Attestation** | Not enough data | Not enough data | Not enough data | #### Management - Software Bill of Materials (SBOM) | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Monitoring** | Not enough data | Not enough data | Not enough data | | **Dashboards** | Not enough data | Not enough data | Not enough data | | **User Provisioning** | Not enough data | Not enough data | Not enough data | ### Static Code Analysis | Product | Score | Reviews | |---|---|---| | **FOSSA** | N/A | N/A | | **Semgrep** | 7.7/10 | 10 | | **Snyk** | N/A | N/A | #### Agentic AI - Static Code Analysis | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Adaptive Learning** | Not enough data | 7.7 (10 reviews) | Not enough data | | **Natural Language Interaction** | Not enough data | 7.6 (9 reviews) | Not enough data | | **Proactive Assistance** | Not enough data | 7.7 (10 reviews) | Not enough data | ### AI AppSec Assistants | Product | Score | Reviews | |---|---|---| | **FOSSA** | N/A | N/A | | **Semgrep** | N/A | N/A | | **Snyk** | N/A | N/A | #### Performance - AI AppSec Assistants | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Remediation** | Not enough data | Not enough data | Not enough data | | **Real-time Vulnerability Detection** | Not enough data | Not enough data | Not enough data | | **Accuracy** | Not enough data | Not enough data | Not enough data | #### Integration - AI AppSec Assistants | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Stack Integration** | Not enough data | Not enough data | Not enough data | | **Workflow Integration** | Not enough data | Not enough data | Not enough data | | **Codebase Contextual Awareness** | Not enough data | Not enough data | Not enough data | ### Interactive Application Security Testing (IAST) | Product | Score | Reviews | |---|---|---| | **FOSSA** | N/A | N/A | | **Semgrep** | N/A | N/A | | **Snyk** | N/A | N/A | #### Agentic AI - Interactive Application Security Testing (IAST) | Feature | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | Not enough data | --- ## Categories **Shared Categories (2):** [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner), [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis) **Unique to FOSSA (1):** [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom) **Unique to Semgrep (6):** [AI AppSec Assistants](https://www.g2.com/categories/ai-appsec-assistants), [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast), [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis), [Secure Code Review Software](https://www.g2.com/categories/secure-code-review), [Interactive Application Security Testing (IAST) Software](https://www.g2.com/categories/interactive-application-security-testing-iast), [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast) **Unique to Snyk (5):** [Software Supply Chain Security Solutions](https://www.g2.com/categories/software-supply-chain-security-tools), [AI AppSec Assistants](https://www.g2.com/categories/ai-appsec-assistants), [Container Security Tools](https://www.g2.com/categories/container-security-tools), [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast), [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom) --- ## Reviewer Demographics ### By Company Size | Segment | FOSSA | Semgrep | Snyk | |---|---|---|---| | **Small-Business** | 46.7% | 11.1% | 35.4% | | **Mid-Market** | 33.3% | 42.6% | 45.4% | | **Enterprise** | 20.0% | 46.3% | 19.2% | ### By Industry #### FOSSA - **Computer Software:** 40.0% - **Telecommunications:** 6.7% - **Mechanical or Industrial Engineering:** 6.7% - **Leisure, Travel & Tourism:** 6.7% - **Information Technology and Services:** 6.7% - **Health, Wellness and Fitness:** 6.7% - **Construction:** 6.7% - **Civic & Social Organization:** 6.7% - **Chemicals:** 6.7% - **Business Supplies and Equipment:** 6.7% #### Semgrep - **Information Technology and Services:** 24.1% - **Computer Software:** 20.4% - **Financial Services:** 16.7% - **Computer & Network Security:** 5.6% - **Semiconductors:** 5.6% - **Manufacturing:** 5.6% - **Insurance:** 3.7% - **International Affairs:** 1.9% - **Information Services:** 1.9% - **Hospital & Health Care:** 1.9% - **Other:** 13.0% #### Snyk - **Computer Software:** 22.3% - **Information Technology and Services:** 20.8% - **Computer & Network Security:** 9.2% - **Hospital & Health Care:** 5.4% - **Financial Services:** 5.4% - **Telecommunications:** 3.1% - **Banking:** 3.1% - **Education Management:** 2.3% - **Internet:** 2.3% - **Retail:** 1.5% - **Other:** 24.6% --- ## Alternatives ### Alternatives to FOSSA - [Mend.io](https://www.g2.com/products/mend-io/reviews) — 4.3/5 stars (112 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (795 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (893 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2363 reviews) - [Red Hat Ansible Automation Platform](https://www.g2.com/products/red-hat-ansible-automation-platform/reviews) — 4.6/5 stars (377 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (310 reviews) - [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) — 4.5/5 stars (302 reviews) - [Gearset DevOps](https://www.g2.com/products/gearset-devops/reviews) — 4.7/5 stars (292 reviews) - [Harness Platform](https://www.g2.com/products/harness-platform/reviews) — 4.6/5 stars (281 reviews) - [Orca Security](https://www.g2.com/products/orca-security/reviews) — 4.6/5 stars (271 reviews) ### Alternatives to Semgrep - [SonarQube](https://www.g2.com/products/sonarqube/reviews) — 4.4/5 stars (141 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2363 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (893 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (795 reviews) - [Red Hat Ansible Automation Platform](https://www.g2.com/products/red-hat-ansible-automation-platform/reviews) — 4.6/5 stars (377 reviews) - [Replit](https://www.g2.com/products/replit/reviews) — 4.5/5 stars (354 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (310 reviews) - [GitHub Copilot](https://www.g2.com/products/github-copilot/reviews) — 4.5/5 stars (311 reviews) - [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) — 4.5/5 stars (302 reviews) - [Gearset DevOps](https://www.g2.com/products/gearset-devops/reviews) — 4.7/5 stars (292 reviews) ### Alternatives to Snyk - [Aikido Security](https://www.g2.com/products/aikido-security/reviews) — 4.6/5 stars (141 reviews) - [Mend.io](https://www.g2.com/products/mend-io/reviews) — 4.3/5 stars (112 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (26 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (795 reviews) - [SonarQube](https://www.g2.com/products/sonarqube/reviews) — 4.4/5 stars (141 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (893 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2363 reviews) - [SOOS](https://www.g2.com/products/soos/reviews) — 4.6/5 stars (41 reviews) - [FortiCNAPP](https://www.g2.com/products/forticnapp/reviews) — 4.4/5 stars (386 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (310 reviews) --- ## Top Discussions ### FOSSA No discussions available for this product. ### Semgrep No discussions available for this product. ### Snyk - Title: [What is Snyk scanning?](https://www.g2.com/discussions/what-is-snyk-scanning) — 2 comments, 2 upvotes > **Top comment:** "Codebase and open source libraries" - Title: [Is Snyk a SaaS?](https://www.g2.com/discussions/is-snyk-a-saas) — 2 comments > **Top comment:** "No" - Title: [How good is Snyk?](https://www.g2.com/discussions/how-good-is-snyk) — 2 comments > **Top comment:** "very. it's basically like dependabot, but more fleshed out" --- **Source:** [G2.com](https://www.g2.com) | [Comparison Page](https://www.g2.com/compare/fossa-vs-semgrep-vs-snyk)