We performed a comparison between GitHub Advanced Security and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need."
"The most valuable is the developer experience and the extensibility of the overall ecosystem."
"It ensures user passwords or sensitive information are not accidentally exposed in code or reports."
"The product's most valuable features are security scan, dependency scan, and cost-effectiveness."
"Dependency scanning is a valuable feature."
"It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part."
"What is valuable about Snyk is its simplicity."
"We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"The solution has great features and is quite stable."
"The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"The customizations are a little bit difficult."
"There could be DST features included in the product."
"There could be a centralized dashboard to view reports of all the projects on one platform."
"The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective."
"The report limitations are the main issue."
"A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial."
"Generating reports and visibility through reports are definitely things they can do better."
"Snyk's API and UI features could work better in terms of speed."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"The product is very expensive."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"The tool's initial use is complex."
GitHub Advanced Security is ranked 15th in Application Security Tools with 6 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. GitHub Advanced Security is rated 9.0, while Snyk is rated 8.2. The top reviewer of GitHub Advanced Security writes "A tool that provides ease of integration with the set of existing codes in an infrastructure". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". GitHub Advanced Security is most compared with SonarQube, Veracode, Fortify on Demand, Checkmarx One and GitLab, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Veracode and Checkmarx One. See our GitHub Advanced Security vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.