Mobile Security Framework (MobSF) vs. Snyk

MobSF is good for checking for vulnerabilities in your app. It will also give suggestions on how to address them. Another thing is can do is find code that may be incorrect. It is not, however, a substitute for a system that actually checks your code for proper use. It really is concentrated on security.

Incentivized

Scenarios Where Snyk Is Well-Suited CI/CD Pipeline Integration (Node.js, Python, etc.) Container Security Open Source License Compliance Infrastructure as Code (IaC) SecurityScenarios Where Snyk May Be Less Appropriate Scanning Proprietary or Custom Code for Unknown Vulnerabilities Complex Monorepos with Custom Build Tools Organizations Requiring Custom Security Rules Advanced Security Teams Needing Correlation and Deep Triage.

Incentivized

• Scan for vulnerabilities
• Scan for bad coding
• Give suggestions on fixes for security issues

Incentivized

• Helps in dependency management
• SAST - Static Application Security Testing
• Infra Code Scan ( Terraform , Cloud Formation , Docker image scan)
• OSSG

Incentivized

• The UI is not that user friendly
• The documentation could be easier to understand
• An easier method of deploying MobSF would be appreciated

Incentivized

• The tool itself has many capabilities but using them operationally within the platform on a day to day basis for managing vulnerabilities is not a good experience.
• Our company was in desparate need of a tool to help us manage vulnerabilities so we could achieve a SOC 2 assurance report without findings.

Incentivized

Developer-Centric Design - Snyk integrates directly into IDEs (like VS Code and IntelliJ), CI/CD pipelines, GitHub/GitLab, and container registries. Clear, Actionable Vulnerability report issues are categorized by severity.


Reports include fix recommendations, pull request suggestions, and links to remediation advice.

Incentivized

In my opinion, MobSF is not as comprehensive as SonarQube. Both, however, do a very good job in scanning your code for vulnerabilities. Both do roughly the same things. The reports of SonarQube are more detailed though. The advantage that MobSF has over SonarQube is the price. One is free while the other is a paid solution (with several tiers). However, we use them together to get a more comprehensive scan.

Incentivized

Unfortunately, neither cover all of the use cases that we would like so we need to use both but they are both excellent tools as part of our vulnerability management. We find that Snyk helps us better with improving our MTTR of identified vulnerabilities when compared to inspector but that may be more based on how we have implemented both tools

Incentivized

• It has allowed our apps to pass a security vetting requirement of a third party to deploy our app
• We can see where we can improve on the development of our app
• The deployment can take a while, especially with teams not familiar with the software

Incentivized

• Increased developer experience
• Better productivity due to shift left as Vulnerabilities are caught earlier in the SDLC process
• Improved Vulnerability Management
• Common dashboard for various stages in CI/CD

Incentivized