We performed a comparison between GitGuardian Internal Monitoring and Snyk based on real PeerSpot user reviews.
Find out in this report how the two DevSecOps solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Knowing what measures we must take allows us to reduce costs associated with security in the cloud by providing early identification of a risk or a possible security breach."
"Compared to what we used before, it's helping us to be more efficient in managing our traffic."
"The data center security system has provided real-time analytics on performance and data configuration processes."
"You can maintain a legal framework structure at all times."
"Check Point CloudGuard Spectral helps to improve the code security of our company, generating rapid and complete assessments to be able to make decisions for improvements."
"Automation has helped a lot to identify and automatically execute policies, rules, and blocks due to its machine learning."
"The implementation of this tool for security management and control is very simple."
"Its fastest and most outstanding characteristic is ensuring a development line that will not lead to applying applications or code development."
"The secrets detection and alerting is the most important feature. We get alerted almost immediately after someone commits a secret. It has been very accurate, allowing us to jump on it right away, then figure out if we have something substantial that has been leaked or whether it is something that we don't have to worry about. This general main feature of the app is great."
"We have definitely seen a return on investment when it finds things that are real. We have caught a couple things before they made it to production, and had they made it to production, that would have been dangerous."
"GitGuardian has pretty broad detection capabilities. It covers all of the types of secrets that we've been interested in... [Yet] The "detector" concept, which identifies particular categories or types of secrets, allows an organization to tweak and tailor the configuration for things that are specific to its environment. This is highly useful if you're particularly worried about a certain type of secret and it can help focus attention, as part of early remediation efforts."
"The most valuable feature is the alerts when secrets are leaked and we can look at particular repositories to see if there are any outstanding problems. In addition, the solution's detection capabilities seem very broad. We have no concerns there."
"I like that GitGuardian automatically notifies the developer who committed the change. The security team doesn't need to act as the intermediary and tell the developer there is an alert. The alert goes directly to the developer."
"GitGuardian has helped to increase our security team's productivity. Now, we don't need to call the developers all the time and ask what they are working on. I feel the solution bridged the gap between our team and the developers, which is really great. I feel that we need that in our company, since some of the departments are just doing whatever and you don't know what they are doing. I think GitGuardian does a good job of bridging the gap. It saves us about 10 hours per week."
"The most valuable feature of GitGuardian is that it finds tokens and passwords. That's why we need this tool. It minimizes the possibility of security violations that we cannot find on our own."
"When they give you a description of what happened, it's really easy to follow and to retest. And the ability to retest is something that you don't have in other solutions. If a secret was detected, you can retest if it is still there. It will show you if it is in the history."
"Snyk helps me pinpoint security errors in my code."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"The code scans on the source code itself were valuable."
"Snyk categorizes the level of vulnerability into high, medium, and low, which helps organizations prioritize which issues to tackle first."
"A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"Our customers find container scans most valuable. They are always talking about it."
"They could include web functionalities such as sandboxing."
"This is a highly technical solution for users who do not have security experience. It requires specialized knowledge of configurations to use it correctly."
"The costs are not transparent."
"I am satisfied with the performance and results enhanced by this product since we deployed it."
"We need to have many of the baselines or development guides providing less complex writing or development."
"I would like this solution to be extended to cellular devices or tablets."
"It is generally difficult to find documentation about the product, and there is relatively little to find."
"The ease of use could be better."
"Other solutions have a live chat feature that provides instant results. Waiting for an agent to reply to an email is less ideal than an instant conversation with a support employee. That's a complaint so minor I almost hesitate to mention it."
"For some repositories, there are a lot of incidents. For example, one repository says 255 occurrences, so I assume these are 255 alerts and nobody is doing anything about them. These could be false positives. However, I cannot assess it correctly, because I haven't been closing these false positives myself. From the dashboard, I can see that for some of the repositories, there have been a lot of closing of these occurrences, so I would assume there are a lot of false positives. A ballpark estimate would be 60% being false positives. One of the arguments from the developers against this tool is the number of false positives."
"Right now, we are waiting for improvement in the RBAC support for GitGuardian."
"We have been somewhat confused by the dashboard at times."
"I would like to see more fine-grained access controls when tickets are assigned for incidents. I would like the ability to provide more controls to the team leads or the product managers so that they can drive what we, the AppSec team, are doing."
"There is room for improvement in its integration for bug-tracking. It should be more direct. They have invested a lot in user management, but they need to invest in integrations. That is a real lack."
"An area for improvement is the front end for incidents. The user experience in this area could be much better."
"It took us a while to get new patterns introduced into the pattern reporting process."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
"Snyk's API and UI features could work better in terms of speed."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
More GitGuardian Internal Monitoring Pricing and Cost Advice →
GitGuardian Internal Monitoring is ranked 4th in DevSecOps with 16 reviews while Snyk is ranked 1st in DevSecOps with 17 reviews. GitGuardian Internal Monitoring is rated 9.0, while Snyk is rated 7.8. The top reviewer of GitGuardian Internal Monitoring writes "Even before a commit gets to GitHub, the CLI identifies secrets within the code and prevents the commit". On the other hand, the top reviewer of Snyk writes "A cost-effective solution that makes scanning your repositories a cinch". GitGuardian Internal Monitoring is most compared with SonarQube, Cycode, Microsoft Purview Data Loss Prevention, Veracode and Checkmarx, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Checkmarx and Prisma Cloud by Palo Alto Networks. See our GitGuardian Internal Monitoring vs. Snyk report.
See our list of best DevSecOps vendors and best Application Security Tools vendors.
We monitor all DevSecOps reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.