GitHub and Snyk compete in the software development and security sector. GitHub appears to have the upper hand in community support and ease of use, particularly for open-source projects, while Snyk stands out in vulnerability management and security offerings.
Features: GitHub provides comprehensive source code management, easy branch creation, and robust peer code review through pull requests. It integrates well with various DevOps tools, enhancing its utility for developers. Snyk excels in vulnerability management with its extensive database, provides seamless integration with CI/CD tools, and is developer-friendly, though it supports fewer programming languages than GitHub.
Room for Improvement: GitHub can improve its integration with project management tools and enhance security features. Users also wish for better support for large file uploads and a more user-friendly interface for non-technical users. Snyk could expand its language support, incorporate additional scanning types like SAST and DAST, and improve reporting capabilities. More granular notification controls and better IDE integration are also desired by users.
Ease of Deployment and Customer Service: Both GitHub and Snyk provide flexible deployment options across public, private, and hybrid clouds. GitHub is praised for its supportive community, but its official customer service needs improvement. Snyk generally offers responsive official support and effective issue resolution.
Pricing and ROI: GitHub, with its free tier, offers a cost-effective solution and provides competitive pricing for its enterprise version. Its organizational capabilities and free version deliver strong ROI. Snyk is more expensive but provides significant value due to its comprehensive security features and excellent vulnerability management, making its ROI justifiable for users.
Some forums help you get answers faster since you just type in your concern and see resolutions from other engineers.
The technical support from GitHub is generally good, and they communicate effectively.
I have not used GitHub's technical support extensively because there are many resources and a robust knowledge base available due to the large user community.
Our long-standing association has ensured smooth communication, resulting in favorable support experiences and satisfactory issue resolution.
Their response time aligns with their SLA commitments.
We have never had a problem with scalability, so I would rate it at least eight to nine.
GitHub is more scalable than on-prem solutions, allowing for cloud-based scaling which is beneficial for processing large workloads efficiently.
Snyk allows for scaling across large organizations, accommodating tens of thousands of applications and over 60,000 repositories.
It provides a reliable environment for code management.
If a skilled developer uses it, it is ten out of ten for stability.
GitHub is mostly stable, but there can be occasional hiccups.
I would like to see some AI functionality included in GitHub, similar to the features seen in GitLab, to enhance productivity.
Sometimes we do not get the exact solution, and the suggested solution does not work, so GitHub could improve in that area.
There are still areas for improvement with GitHub Actions and their deployment workflows, as they have made significant progress but are not yet polished.
One key feature we are currently examining with Veracode is AIVSS (Artificial Intelligence VSS), which is an extension of CVSS to cover use cases or top 10 LLM findings during code scanning.
It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for that functionality.
The inclusion of AI to remove false positives would be beneficial.
The pricing of GitHub depends on the choice of solutions, such as building one's own GitHub Runners to save money or using GitHub's Runners with extra costs.
The pricing of GitHub is reasonable, with the cost being around seven dollars per user per month for private repositories.
Normally, GitHub is not expensive, but it would be welcome if it reduces costs for developing countries.
After negotiations, we received a special package with a good price point.
Snyk is recognized as the cheapest option we have evaluated.
I like how I can create different builds from different branches, which helps me as a QA to test certain features separately from the main application.
GitHub Actions allow for creating multiple jobs that run in different stages such as build, test, and deploy, which enable better visibility and control over the deployment pipeline.
The pull request facility for code review.
Snyk helps detect vulnerabilities before code moves to production, allowing for integration with DevOps and providing a shift-left advantage by identifying and fixing bugs before deployment.
Our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.
The best feature of Snyk is the integration with our ticketing system, which is Jira.
Snyk's AI Trust Platform empowers developers to innovate securely in AI-driven environments, ensuring rapid and secure software development with enhanced policy governance.
Snyk’s platform integrates AI-ready engines across the software development lifecycle, offering broad coverage with high speed and accuracy essential for fast-paced coding environments. AI-driven features include visibility, prioritization, and tailored security policies that enable proactive threat prevention and quick remediation. By focusing on LLM engineering and AI code analysis, Snyk supports secure and productive development processes. The platform's partnerships, including GenAI code assistants, enhance AI application security by addressing new threats and code velocity challenges.
What are the key features of Snyk?Snyk is implemented across industries focusing on agile development and DevSecOps, enhancing software delivery speed and security. It is widely used for continuous monitoring and adherence to security and licensing standards, especially in environments relying on Docker image security and CI/CD pipeline integration.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
