# Semgrep, Snyk vs Black Duck Comparison | | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Star Rating** | 4.6 out of 5 | 4.5 out of 5 | 4.0 out of 5 | | **Total Reviews** | 55 | 132 | 28 | | **Largest Market Segment** | Enterprise (46.3% of reviews) | Mid-Market (45.4% of reviews) | Enterprise (48.1% of reviews) | | **Entry Level Price** | Starting at $40.00 1 contributor Per Month | Free | No pricing available | --- ## Top Pros & Cons ### Semgrep Pros: - Ease of Use (16 reviews) - Features (14 reviews) Cons: - Not User-Friendly (7 reviews) - Limited Features (6 reviews) ### Snyk Pros: - Vulnerability Detection (3 reviews) - Vulnerability Identification (3 reviews) Cons: - False Positives (2 reviews) - Poor Interface Design (2 reviews) ### Black Duck Pros: - Accuracy of Findings (1 reviews) - Open Source (1 reviews) Cons: - Resource Constraints (1 reviews) --- ## Ratings Comparison | Rating | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Meets Requirements** | 8.8 (49 reviews) | 8.7 (94 reviews) | 7.9 (16 reviews) | | **Ease of Use** | 9.1 (50 reviews) | 8.8 (95 reviews) | 7.8 (16 reviews) | | **Ease of Setup** | 9.4 (37 reviews) | 9.1 (58 reviews) | 7.8 (10 reviews) | | **Ease of Admin** | 9.1 (22 reviews) | 8.9 (51 reviews) | 8.3 (9 reviews) | | **Quality of Support** | 8.8 (44 reviews) | 8.7 (79 reviews) | 7.7 (13 reviews) | | **Has the product been a good partner in doing business?** | 9.6 (22 reviews) | 8.8 (48 reviews) | 8.3 (11 reviews) | | **Product Direction (% positive)** | 9.2 (45 reviews) | 8.8 (84 reviews) | 6.6 (17 reviews) | --- ## Pricing ### Semgrep #### Entry-Level Pricing Plan: Semgrep Code, Supply Chain, and Secrets Detection Price: Starting at $40.00 1 contributor Per Month Description: Extensible AppSec for growing teams. Choose from Code (SAST), Supply Chain (SCA), and Secrets Detection to eliminate noise out of the box, streamline developer workflows, and give security teams full visibility. Key Features: - Choose from SAST, SCA, and Secrets Detection - Pro Rules and cross-file analysis - AI Assistant [Learn more about Semgrep](https://www.g2.com/products/semgrep/reviews) #### Free Trial Yes ### Snyk #### Entry-Level Pricing Plan: FREE - Limited Tests, Unlimited Developers Price: Free Description: For individual developers and small teams looking to secure while they build. Unlimited Developers. Key Features: - 200 Open Source tests per month - 100 Container tests per month - 300 IaC tests per month [Browse all 3 editions](https://www.g2.com/products/snyk/pricing) #### Free Trial No ### Black Duck #### Entry-Level Pricing No pricing available #### Free Trial Yes --- ## Features Comparison By Category ### Static Application Security Testing (SAST) | Product | Score | Reviews | |---|---|---| | **Semgrep** | 8.4/10 | 22 | | **Snyk** | 7.8/10 | 25 | | **Black Duck** | N/A | N/A | #### Administration | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **API / Integrations** | 9.0 (18 reviews) | 8.6 (22 reviews) | Not enough data | | **Extensibility** | 8.2 (17 reviews) | 8.1 (18 reviews) | Not enough data | #### Analysis | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Reporting and Analytics** | 8.4 (19 reviews) | 8.5 (23 reviews) | Not enough data | | **Issue Tracking** | 9.2 (22 reviews) | 8.3 (22 reviews) | Not enough data | | **Static Code Analysis** | 9.4 (22 reviews) | 8.7 (24 reviews) | Not enough data | | **Code Analysis** | 9.2 (22 reviews) | 8.9 (21 reviews) | Not enough data | #### Testing | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Command-Line Tools** | 8.7 (20 reviews) | 7.8 (18 reviews) | Not enough data | | **Manual Testing** | Feature Not Available | 6.5 (14 reviews) | Not enough data | | **Test Automation** | Feature Not Available | 7.8 (19 reviews) | Not enough data | | **Compliance Testing** | 7.7 (17 reviews) | 8.1 (15 reviews) | Not enough data | | **Black-Box Scanning** | 7.5 (18 reviews) | 6.2 (13 reviews) | Not enough data | | **Detection Rate** | 8.1 (19 reviews) | 7.5 (19 reviews) | Not enough data | | **False Positives** | 7.3 (21 reviews) | 6.4 (17 reviews) | Not enough data | #### Agentic AI - Static Application Security Testing (SAST) | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Autonomous Task Execution** | 7.9 (11 reviews) | Not enough data | Not enough data | ### Dynamic Application Security Testing (DAST) | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **Snyk** | N/A | N/A | | **Black Duck** | N/A | N/A | #### Administration | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **API / Integrations** | Feature Not Available | Not enough data | Not enough data | | **Extensibility** | Feature Not Available | Not enough data | Not enough data | #### Analysis | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Reporting and Analytics** | Not enough data | Not enough data | Not enough data | | **Issue Tracking** | Not enough data | Not enough data | Not enough data | | **Static Code Analysis** | Not enough data | Not enough data | Not enough data | | **Vulnerability Scan** | Not enough data | Not enough data | Not enough data | | **Code Analysis** | Not enough data | Not enough data | Not enough data | #### Testing | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Manual Testing** | Feature Not Available | Not enough data | Not enough data | | **Test Automation** | Feature Not Available | Not enough data | Not enough data | | **Compliance Testing** | Feature Not Available | Not enough data | Not enough data | | **Black-Box Scanning** | Not enough data | Not enough data | Not enough data | | **Detection Rate** | Not enough data | Not enough data | Not enough data | | **False Positives** | Not enough data | Not enough data | Not enough data | ### Container Security | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **Snyk** | 7.5/10 | 32 | | **Black Duck** | N/A | N/A | #### Administration | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Risk Scoring** | Not enough data | 8.4 (29 reviews) | Not enough data | | **Secrets Management** | Not enough data | Feature Not Available | Not enough data | | **Security Auditing** | Not enough data | 7.9 (26 reviews) | Not enough data | | **Configuration Management** | Not enough data | 7.5 (19 reviews) | Not enough data | #### Monitoring | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Continuous Image Assurance** | Not enough data | 8.0 (17 reviews) | Not enough data | | **Behavior Monitoring** | Not enough data | 6.5 (13 reviews) | Not enough data | | **Observability** | Not enough data | 7.1 (15 reviews) | Not enough data | #### Protection | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Dynamic Image Scanning** | Not enough data | 7.4 (16 reviews) | Not enough data | | **Runtime Protection** | Not enough data | 7.5 (17 reviews) | Not enough data | | **Workload Protection** | Not enough data | 7.4 (14 reviews) | Not enough data | | **Network Segmentation** | Not enough data | 6.9 (12 reviews) | Not enough data | ### Vulnerability Scanner | Product | Score | Reviews | |---|---|---| | **Semgrep** | 8.1/10 | 12 | | **Snyk** | 8.1/10 | 43 | | **Black Duck** | N/A | N/A | #### Performance | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Issue Tracking** | 8.2 (12 reviews) | 8.5 (36 reviews) | Not enough data | | **Detection Rate** | 8.0 (11 reviews) | 8.5 (40 reviews) | Not enough data | | **False Positives** | 8.0 (11 reviews) | 6.7 (32 reviews) | Not enough data | | **Automated Scans** | 9.0 (10 reviews) | 9.1 (41 reviews) | Not enough data | #### Network | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Compliance Testing** | 8.5 (10 reviews) | 8.1 (25 reviews) | Not enough data | | **Perimeter Scanning** | 7.8 (10 reviews) | 7.9 (19 reviews) | Not enough data | | **Configuration Monitoring** | 8.0 (10 reviews) | 8.2 (20 reviews) | Not enough data | #### Application | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Manual Application Testing** | Feature Not Available | 7.8 (17 reviews) | Not enough data | | **Static Code Analysis** | 8.9 (11 reviews) | 8.5 (34 reviews) | Not enough data | | **Black Box Testing** | 8.5 (11 reviews) | 7.4 (13 reviews) | Not enough data | #### Agentic AI - Vulnerability Scanner | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Autonomous Task Execution** | 6.9 (6 reviews) | Not enough data | Not enough data | | **Proactive Assistance** | 7.5 (6 reviews) | Not enough data | Not enough data | ### Software Composition Analysis | Product | Score | Reviews | |---|---|---| | **Semgrep** | 8.4/10 | 18 | | **Snyk** | 8.4/10 | 37 | | **Black Duck** | 8.6/10 | 7 | #### Functionality - Software Composition Analysis | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Language Support** | 8.4 (18 reviews) | 8.1 (24 reviews) | Not enough data | | **Integration** | 8.2 (18 reviews) | 8.7 (30 reviews) | 8.0 (5 reviews) | | **Transparency** | 8.5 (18 reviews) | 8.3 (31 reviews) | 9.3 (5 reviews) | #### Effectiveness - Software Composition Analysis | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Remediation Suggestions** | 8.5 (18 reviews) | 8.3 (32 reviews) | 8.3 (5 reviews) | | **Continuous Monitoring** | 8.3 (18 reviews) | 8.7 (30 reviews) | 8.3 (6 reviews) | | **Thorough Detection** | 8.3 (18 reviews) | 8.2 (32 reviews) | 9.3 (5 reviews) | ### Secure Code Review | Product | Score | Reviews | |---|---|---| | **Semgrep** | 8.4/10 | 21 | | **Snyk** | N/A | N/A | | **Black Duck** | N/A | N/A | #### Documentation | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Feedback** | 8.9 (19 reviews) | Not enough data | Not enough data | | **Prioritization** | 9.3 (20 reviews) | Not enough data | Not enough data | | **Remediation Suggestions** | 8.2 (20 reviews) | Not enough data | Not enough data | #### Security | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **False Positives** | 7.4 (21 reviews) | Not enough data | Not enough data | | **Custom Compliance** | 7.9 (17 reviews) | Not enough data | Not enough data | | **Agility** | 8.9 (17 reviews) | Not enough data | Not enough data | ### Software Supply Chain Security Tools | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **Snyk** | N/A | N/A | | **Black Duck** | N/A | N/A | #### Security | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Tampering** | Not enough data | Not enough data | Not enough data | | **Malicious Code** | Not enough data | Not enough data | Not enough data | | **Verification** | Not enough data | Not enough data | Not enough data | | **Security Risks** | Not enough data | Not enough data | Not enough data | #### Tracking | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Bill of Materials** | Not enough data | Not enough data | Not enough data | | **Audit Trails** | Not enough data | Not enough data | Not enough data | | **Monitoring** | Not enough data | Not enough data | Not enough data | ### Software Bill of Materials (SBOM) | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **Snyk** | N/A | N/A | | **Black Duck** | N/A | N/A | #### Functionality - Software Bill of Materials (SBOM) | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Format Support** | Not enough data | Not enough data | Not enough data | | **Annotations** | Not enough data | Not enough data | Not enough data | | **Attestation** | Not enough data | Not enough data | Not enough data | #### Management - Software Bill of Materials (SBOM) | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Monitoring** | Not enough data | Not enough data | Not enough data | | **Dashboards** | Not enough data | Not enough data | Not enough data | | **User Provisioning** | Not enough data | Not enough data | Not enough data | ### Static Code Analysis | Product | Score | Reviews | |---|---|---| | **Semgrep** | 7.7/10 | 10 | | **Snyk** | N/A | N/A | | **Black Duck** | N/A | N/A | #### Agentic AI - Static Code Analysis | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Adaptive Learning** | 7.7 (10 reviews) | Not enough data | Not enough data | | **Natural Language Interaction** | 7.6 (9 reviews) | Not enough data | Not enough data | | **Proactive Assistance** | 7.7 (10 reviews) | Not enough data | Not enough data | ### AI AppSec Assistants | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **Snyk** | N/A | N/A | | **Black Duck** | N/A | N/A | #### Performance - AI AppSec Assistants | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Remediation** | Not enough data | Not enough data | Not enough data | | **Real-time Vulnerability Detection** | Not enough data | Not enough data | Not enough data | | **Accuracy** | Not enough data | Not enough data | Not enough data | #### Integration - AI AppSec Assistants | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Stack Integration** | Not enough data | Not enough data | Not enough data | | **Workflow Integration** | Not enough data | Not enough data | Not enough data | | **Codebase Contextual Awareness** | Not enough data | Not enough data | Not enough data | ### Interactive Application Security Testing (IAST) | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **Snyk** | N/A | N/A | | **Black Duck** | N/A | N/A | #### Agentic AI - Interactive Application Security Testing (IAST) | Feature | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | Not enough data | --- ## Categories **Shared Categories (2):** [AI AppSec Assistants](https://www.g2.com/categories/ai-appsec-assistants), [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis) **Unique to Semgrep (6):** [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast), [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis), [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner), [Secure Code Review Software](https://www.g2.com/categories/secure-code-review), [Interactive Application Security Testing (IAST) Software](https://www.g2.com/categories/interactive-application-security-testing-iast), [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast) **Unique to Snyk (5):** [Software Supply Chain Security Solutions](https://www.g2.com/categories/software-supply-chain-security-tools), [Container Security Tools](https://www.g2.com/categories/container-security-tools), [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast), [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner), [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom) --- ## Reviewer Demographics ### By Company Size | Segment | Semgrep | Snyk | Black Duck | |---|---|---|---| | **Small-Business** | 11.1% | 35.4% | 14.8% | | **Mid-Market** | 42.6% | 45.4% | 37.0% | | **Enterprise** | 46.3% | 19.2% | 48.1% | ### By Industry #### Semgrep - **Information Technology and Services:** 24.1% - **Computer Software:** 20.4% - **Financial Services:** 16.7% - **Computer & Network Security:** 5.6% - **Semiconductors:** 5.6% - **Manufacturing:** 5.6% - **Insurance:** 3.7% - **International Affairs:** 1.9% - **Information Services:** 1.9% - **Hospital & Health Care:** 1.9% - **Other:** 13.0% #### Snyk - **Computer Software:** 22.3% - **Information Technology and Services:** 20.8% - **Computer & Network Security:** 9.2% - **Hospital & Health Care:** 5.4% - **Financial Services:** 5.4% - **Telecommunications:** 3.1% - **Banking:** 3.1% - **Education Management:** 2.3% - **Internet:** 2.3% - **Retail:** 1.5% - **Other:** 24.6% #### Black Duck - **Information Technology and Services:** 29.6% - **Computer Software:** 29.6% - **Computer & Network Security:** 7.4% - **Utilities:** 3.7% - **Telecommunications:** 3.7% - **Printing:** 3.7% - **Financial Services:** 3.7% - **Entertainment:** 3.7% - **Computer Hardware:** 3.7% - **Chemicals:** 3.7% - **Other:** 7.4% --- ## Alternatives ### Alternatives to Semgrep - [SonarQube](https://www.g2.com/products/sonarqube/reviews) — 4.4/5 stars (141 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2346 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (890 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (786 reviews) - [Red Hat Ansible Automation Platform](https://www.g2.com/products/red-hat-ansible-automation-platform/reviews) — 4.6/5 stars (377 reviews) - [Replit](https://www.g2.com/products/replit/reviews) — 4.5/5 stars (350 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (308 reviews) - [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) — 4.5/5 stars (301 reviews) - [Gearset DevOps](https://www.g2.com/products/gearset-devops/reviews) — 4.7/5 stars (292 reviews) - [GitHub Copilot](https://www.g2.com/products/github-copilot/reviews) — 4.5/5 stars (293 reviews) ### Alternatives to Snyk - [Aikido Security](https://www.g2.com/products/aikido-security/reviews) — 4.6/5 stars (141 reviews) - [Mend.io](https://www.g2.com/products/mend-io/reviews) — 4.3/5 stars (112 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (786 reviews) - [SonarQube](https://www.g2.com/products/sonarqube/reviews) — 4.4/5 stars (141 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (25 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (890 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2346 reviews) - [SOOS](https://www.g2.com/products/soos/reviews) — 4.6/5 stars (42 reviews) - [FortiCNAPP](https://www.g2.com/products/forticnapp/reviews) — 4.4/5 stars (386 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (308 reviews) ### Alternatives to Black Duck - [SonarQube](https://www.g2.com/products/sonarqube/reviews) — 4.4/5 stars (141 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (25 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2346 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (890 reviews) - [Mend.io](https://www.g2.com/products/mend-io/reviews) — 4.3/5 stars (112 reviews) - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) — 4.2/5 stars (36 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (786 reviews) - [Replit](https://www.g2.com/products/replit/reviews) — 4.5/5 stars (350 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (308 reviews) - [HCL AppScan](https://www.g2.com/products/hcl-appscan/reviews) — 4.1/5 stars (76 reviews) --- ## Top Discussions ### Semgrep No discussions available for this product. ### Snyk - Title: [What is Snyk scanning?](https://www.g2.com/discussions/what-is-snyk-scanning) — 2 comments, 2 upvotes > **Top comment:** "Codebase and open source libraries" - Title: [Is Snyk a SaaS?](https://www.g2.com/discussions/is-snyk-a-saas) — 2 comments > **Top comment:** "No" - Title: [How good is Snyk?](https://www.g2.com/discussions/how-good-is-snyk) — 2 comments > **Top comment:** "very. it's basically like dependabot, but more fleshed out" ### Black Duck No discussions available for this product. --- **Source:** [G2.com](https://www.g2.com) | [Comparison Page](https://www.g2.com/compare/semgrep-vs-snyk-vs-black-duck)