![]() Aside from being developer-friendly and highly accurate, one of Snyk Code’s design goals is to be extremely fast. It is based on the former DeepCode scan engine, now with several months of additional development time within Snyk under its belt. We used the LGTM SaaS offering.įinally, Snyk Code is Snyk’s SAST solution. LGTM uses a deep semantic code search based on CodeQL. The second contestant is LGTM which originates from a company called Semmle which was acquired by GitHub. We have to take one of the existing developer machines (details below). As previous tests using the free SonarCloud edition showed: SonarQube on a good PC is faster than free SonarCloud, so it is not unfair to use the local engine instead of the cloud version. ![]() It runs locally, so we needed to provide a quite decent PC. We have chosen a random sample from top-rated repositories on GitHub to represent real-world challenges.Īs scanners, we have the Community Edition of SonarQube which is a broadly used open source static analysis tool. The idea was to mimic typically modern developer code sets and JavaScript seemed a good common delimiter. We have selected 48 JavaScript open source repositories (listed below). ![]() In summary, Snyk Code proves to be one of the fastest semantic scanning engines on the market. On average, Snyk Code is 5x times faster than SonarQube or 14x times faster than LGTM. Snyk Code is up to 106 times faster than LGTM. Static Application Security Testing (SAST) can only be developer-friendly when it provides near real-time feedback and does not delay your development processes. For our research, we made several assumptions, but we’ve shared the details in order to be transparent. We’ve been asked to provide a comparison of scan times between Snyk Code and two common SAST tools: LGTM and SonarQube. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |