We performed a comparison between ShiftLeft and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Synopsys, Snyk, Veracode and others in Software Composition Analysis (SCA)."When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."
"The solution's vulnerability database, in terms of comprehensiveness and accuracy, is very high-level. As far as I know, it's the best among their competitors."
"Snyk is a developer-friendly product."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
"Could include other types of security scanning and statistical analysis"
"Compatibility with other products would be great."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
"The solution's integration with JFrog Artifactory could be improved."
"Basically the licensing costs are a little bit expensive."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
ShiftLeft is ranked 11th in Software Composition Analysis (SCA) with 1 review while Snyk is ranked 2nd in Software Composition Analysis (SCA) with 41 reviews. ShiftLeft is rated 10.0, while Snyk is rated 8.2. The top reviewer of ShiftLeft writes "Effectively in identify and fix bugs early in the development lifecycle". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". ShiftLeft is most compared with SonarQube, Black Duck and Semgrep Supply Chain, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Veracode and GitHub Advanced Security.
See our list of best Software Composition Analysis (SCA) vendors and best Application Security Tools vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.