GitGuardian Internal Monitoring vs Snyk comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between GitGuardian Internal Monitoring and Snyk based on real PeerSpot user reviews.

Find out in this report how the two DevSecOps solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed GitGuardian Internal Monitoring vs. Snyk Report (Updated: September 2023).
734,963 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Knowing what measures we must take allows us to reduce costs associated with security in the cloud by providing early identification of a risk or a possible security breach.""Compared to what we used before, it's helping us to be more efficient in managing our traffic.""The data center security system has provided real-time analytics on performance and data configuration processes.""You can maintain a legal framework structure at all times.""Check Point CloudGuard Spectral helps to improve the code security of our company, generating rapid and complete assessments to be able to make decisions for improvements.""Automation has helped a lot to identify and automatically execute policies, rules, and blocks due to its machine learning.""The implementation of this tool for security management and control is very simple.""Its fastest and most outstanding characteristic is ensuring a development line that will not lead to applying applications or code development."

More Check Point CloudGuard Spectral Pros →

"The secrets detection and alerting is the most important feature. We get alerted almost immediately after someone commits a secret. It has been very accurate, allowing us to jump on it right away, then figure out if we have something substantial that has been leaked or whether it is something that we don't have to worry about. This general main feature of the app is great.""We have definitely seen a return on investment when it finds things that are real. We have caught a couple things before they made it to production, and had they made it to production, that would have been dangerous.""GitGuardian has pretty broad detection capabilities. It covers all of the types of secrets that we've been interested in... [Yet] The "detector" concept, which identifies particular categories or types of secrets, allows an organization to tweak and tailor the configuration for things that are specific to its environment. This is highly useful if you're particularly worried about a certain type of secret and it can help focus attention, as part of early remediation efforts.""The most valuable feature is the alerts when secrets are leaked and we can look at particular repositories to see if there are any outstanding problems. In addition, the solution's detection capabilities seem very broad. We have no concerns there.""I like that GitGuardian automatically notifies the developer who committed the change. The security team doesn't need to act as the intermediary and tell the developer there is an alert. The alert goes directly to the developer.""GitGuardian has helped to increase our security team's productivity. Now, we don't need to call the developers all the time and ask what they are working on. I feel the solution bridged the gap between our team and the developers, which is really great. I feel that we need that in our company, since some of the departments are just doing whatever and you don't know what they are doing. I think GitGuardian does a good job of bridging the gap. It saves us about 10 hours per week.""The most valuable feature of GitGuardian is that it finds tokens and passwords. That's why we need this tool. It minimizes the possibility of security violations that we cannot find on our own.""When they give you a description of what happened, it's really easy to follow and to retest. And the ability to retest is something that you don't have in other solutions. If a secret was detected, you can retest if it is still there. It will show you if it is in the history."

More GitGuardian Internal Monitoring Pros →

"Snyk helps me pinpoint security errors in my code.""I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST.""The code scans on the source code itself were valuable.""Snyk categorizes the level of vulnerability into high, medium, and low, which helps organizations prioritize which issues to tackle first.""A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools.""The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area.""It is a stable solution. Stability-wise, I rate the solution a ten out of ten.""Our customers find container scans most valuable. They are always talking about it."

More Snyk Pros →

Cons
"They could include web functionalities such as sandboxing.""This is a highly technical solution for users who do not have security experience. It requires specialized knowledge of configurations to use it correctly.""The costs are not transparent.""I am satisfied with the performance and results enhanced by this product since we deployed it.""We need to have many of the baselines or development guides providing less complex writing or development.""I would like this solution to be extended to cellular devices or tablets.""It is generally difficult to find documentation about the product, and there is relatively little to find.""The ease of use could be better."

More Check Point CloudGuard Spectral Cons →

"Other solutions have a live chat feature that provides instant results. Waiting for an agent to reply to an email is less ideal than an instant conversation with a support employee. That's a complaint so minor I almost hesitate to mention it.""For some repositories, there are a lot of incidents. For example, one repository says 255 occurrences, so I assume these are 255 alerts and nobody is doing anything about them. These could be false positives. However, I cannot assess it correctly, because I haven't been closing these false positives myself. From the dashboard, I can see that for some of the repositories, there have been a lot of closing of these occurrences, so I would assume there are a lot of false positives. A ballpark estimate would be 60% being false positives. One of the arguments from the developers against this tool is the number of false positives.""Right now, we are waiting for improvement in the RBAC support for GitGuardian.""We have been somewhat confused by the dashboard at times.""I would like to see more fine-grained access controls when tickets are assigned for incidents. I would like the ability to provide more controls to the team leads or the product managers so that they can drive what we, the AppSec team, are doing.""There is room for improvement in its integration for bug-tracking. It should be more direct. They have invested a lot in user management, but they need to invest in integrations. That is a real lack.""An area for improvement is the front end for incidents. The user experience in this area could be much better.""It took us a while to get new patterns introduced into the pattern reporting process."

More GitGuardian Internal Monitoring Cons →

"The log export function could be easier when shipping logs to other platforms such as Splunk.""All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities.""Snyk's API and UI features could work better in terms of speed.""DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings.""They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features.""We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good.""The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve""The solution could improve the reports. They have been working on improving the reports but more work could be done."

More Snyk Cons →

Pricing and Cost Advice
Information Not Available
  • "It's a little bit expensive."
  • "You get what you pay for. It's one of the more expensive solutions, but it is very good, and the low false positive rate is a really appealing factor."
  • "The pricing and licensing are fair. It isn't very expensive and it's good value."
  • "The internal side is cheap per user. It is annual pricing based on the number of users."
  • "We have seen a return on investment. The amount of time that we would have spent manually doing this definitely outpaces the cost of GitGuardian. It is saving us about $35,000 a year, so I would say the ROI is about $20,000 a year."
  • "It could be cheaper. When GitHub secrets monitoring solution goes to general access and general availability, GitGuardian might be in a little bit of trouble from the competition, and maybe then they might lower their prices. The GitGuardian solution is great. I'm just concerned that they're not GitHub."
  • "It's not cheap, but it's not crazy expensive either."
  • "With GitGuardian, we didn't need any middlemen."
  • More GitGuardian Internal Monitoring Pricing and Cost Advice →

  • "It is pretty expensive. It is not a cheap product."
  • "The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."
  • "I didn't think the price was that great, but it wasn't that bad, either. I'd rate their pricing as average in the market."
  • "We are using the open-source version for the scans."
  • "Cost-wise, it's similar to Veracode, but I don't know the exact cost."
  • "The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."
  • "The price of the solution is expensive compared to other solutions."
  • "Presently, my company uses an open-source version of the solution. The solution's pricing can be considered quite reasonable owing to the features they offer."
  • More Snyk Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which DevSecOps solutions are best for your needs.
    734,963 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Compared to what we used before, it's helping us to be more efficient in managing our traffic.
    Top Answer:I don't really put a value on pricing. We wanted to go for Check Point, found a reseller, and got the solution.
    Top Answer:The ease of use could be better. There is a bit of a learning curve. I'd rate the ease of use six out of ten. There is… more »
    Top Answer:It actually creates an incident ticket for us. We can now go end-to-end after a secret has been identified, to track… more »
    Top Answer:The pricing is reasonable. GitGuardian is one of the most recent security tools we've adopted. When it came time to… more »
    Top Answer:I would like to see more fine-grained access controls when tickets are assigned for incidents. I would like the ability… more »
    Top Answer:Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to… more »
    Top Answer:It is a stable solution. Stability-wise, I rate the solution a ten out of ten.
    Top Answer:DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings.
    Comparisons
    Also Known As
    Spectral
    Learn More
    Check Point
    Video Not Available
    Overview

    Check Point CloudGuard Spectral is a powerful tool that improves and implements security practices for sites and applications developed in Microsoft Azure. It scans application configurations, detects malicious activities, and provides security in the network and applications. Its valuable features include real-time data loss prevention, investigation, analysis, report generation, centralized management, automation, scalability, and stability. 

    CloudGuard Spectral helps organizations improve security best practices, protect code and identities, and safeguard corporate information and intellectual property. It supports emerging infrastructures such as the cloud and provides a centralized environment for security solutions.

    GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.

    Widely adopted by developer communities, GitGuardian is used by more than 200 thousand developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading companies, including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW: Pensions, and Stedi.

    GitGuardian Platform includes automated secrets detection and remediation. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.

    Its detection engine is trained against more than a billion public GitHub commits every year, and it covers 350+ types of secrets such as API keys, database connection strings, private keys, certificates, and more.

    GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents fast and in full. By pulling developers closer to the remediation process, organizations can achieve higher incident closing rates and shorter fix times.

    The platform integrates across the DevOps toolchain, including native support for continuously scanning VCS platforms like GitHub, Gitlab, Azure DevOps and Bitbucket or CI/CD tools like Jenkins, CircleCI, Travis CI, GitLab pipelines, and many more. It also integrates with ticketing and messaging systems like Splunk, PagerDuty, Jira and Slack to support teams with their incident remediation workflows. GitGuardian is offered as a SaaS platform but can also be hosted on-premise for organizations operating in highly regulated industries or with strict data privacy requirements.

    Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.

    Benefits of Snyk

    Some of the benefits of using Snyk include:

    • Conserves resources: Snyk easily integrates with other security solutions and uses their security features to ensure that the work that users are doing is completely secure. These integrations allow them to protect themselves without pulling resources from their continued integration or continued delivery workflows. Resources can be conserved for areas of the greatest need.
    • Highly flexible: Snyk enables users to customize the system’s security automation features to meet their needs. Users can guarantee that the automation performs the functions that are most essential for their current project. Additionally, users are able to maintain platform governance consistency across their system.
    • Keeps users ahead of emerging threats. Snyk employs a database of threats that help it detect and keep track of potential issues. This database is constantly being updated to reflect the changes that take place in the realm of cybersecurity. It also uses machine learning. Users are prepared to deal with new issues as they arise.
    • Automatically scans projects for threats. Snyk’s command-line interface enables users to schedule the solution to run automatic scans of their projects. Time and manpower can be conserved for the areas of greatest need without sacrificing security.

    Reviews from Real Users

    Snyk is a security platform for developers that stands out among its competitors for a number of reasons. Two major ones are its ability to integrate with other security solutions and important insights that it can enable users to discover. Snyk enables users to combine its already existing security features with those of other solutions to create far more robust and flexible layers of security than what it can supply on its own. It gives users the ability to dig into the security issues that they may experience. Users are given a clear view of the root causes of these problems. This equips them to address the problem and prevent similar issues in the future.

    Cameron G., a security software engineer at a tech company, writes, “The most valuable features are their GitLab and JIRA integrations.The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using. Snyk is something of a bridge that we use; we get our projects into it and then get the information out of it. Those two integrations are crucial for us to be able to do that pretty simply.”

    Sean M., the chief information security officer of a technology vendor, writes, "From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."

    Offer
    Learn more about Check Point CloudGuard Spectral
    Learn more about GitGuardian Internal Monitoring
    Learn more about Snyk
    Sample Customers
    Information Not Available
    Automox, 66degrees (ex Cloudbakers), Instacart, Iress, Now:Pensions, Payfit, Orange, Seequent, Stedi, Talend
    StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
    Top Industries
    REVIEWERS
    Security Firm50%
    Transportation Company13%
    Engineering Company13%
    Cloud Provider13%
    VISITORS READING REVIEWS
    Computer Software Company22%
    Financial Services Firm17%
    Security Firm14%
    Manufacturing Company9%
    REVIEWERS
    Computer Software Company33%
    Insurance Company17%
    Comms Service Provider17%
    Wholesaler/Distributor17%
    VISITORS READING REVIEWS
    Comms Service Provider22%
    Wholesaler/Distributor18%
    Financial Services Firm10%
    Computer Software Company7%
    REVIEWERS
    Financial Services Firm25%
    Computer Software Company25%
    Comms Service Provider8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm14%
    Manufacturing Company7%
    Insurance Company6%
    Company Size
    REVIEWERS
    Small Business67%
    Midsize Enterprise13%
    Large Enterprise20%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise7%
    Large Enterprise67%
    REVIEWERS
    Small Business33%
    Midsize Enterprise33%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business33%
    Midsize Enterprise9%
    Large Enterprise58%
    REVIEWERS
    Small Business49%
    Midsize Enterprise26%
    Large Enterprise26%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise14%
    Large Enterprise64%
    Buyer's Guide
    GitGuardian Internal Monitoring vs. Snyk
    September 2023
    Find out what your peers are saying about GitGuardian Internal Monitoring vs. Snyk and other solutions. Updated: September 2023.
    734,963 professionals have used our research since 2012.

    GitGuardian Internal Monitoring is ranked 4th in DevSecOps with 16 reviews while Snyk is ranked 1st in DevSecOps with 17 reviews. GitGuardian Internal Monitoring is rated 9.0, while Snyk is rated 7.8. The top reviewer of GitGuardian Internal Monitoring writes "Even before a commit gets to GitHub, the CLI identifies secrets within the code and prevents the commit". On the other hand, the top reviewer of Snyk writes "A cost-effective solution that makes scanning your repositories a cinch". GitGuardian Internal Monitoring is most compared with SonarQube, Cycode, Microsoft Purview Data Loss Prevention, Veracode and Checkmarx, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Checkmarx and Prisma Cloud by Palo Alto Networks. See our GitGuardian Internal Monitoring vs. Snyk report.

    See our list of best DevSecOps vendors and best Application Security Tools vendors.

    We monitor all DevSecOps reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.