Try our new research platform with insights from 80,000+ expert users
Snyk Logo

Snyk pros and cons

Vendor: Snyk
4.1 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

Snyk offers automated vulnerability detection and monitoring, enhancing security with seamless integration with platforms like GitLab and JIRA. Its command-line interface allows flexible management, while its comprehensive vulnerability database minimizes false positives. AI-powered scanning provides insights into open-source components, despite challenges like insufficient documentation, limited language support, and integration issues. High pricing and restricted API access for lower-tier users are drawbacks, yet Snyk remains valuable for efficient vulnerability management.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Snyk provides automated vulnerability detection and monitoring, helping organizations improve security posture by identifying vulnerabilities and enhancing awareness.
The integration capabilities with platforms like GitLab and JIRA streamline development workflows, making vulnerability tracking and management more efficient.
Snyk's command-line interface offers flexibility for developers to manage and customize scanning outputs according to specific needs in the development pipeline.
Snyk is praised for its comprehensive vulnerability database and accuracy, which reduces the number of false positives and enhances security measures.
The AI-powered scanning and software composition analysis features of Snyk offer detailed insights into open-source components and dependencies, helping users address security concerns effectively.

CONS

Snyk lacks sufficient documentation, leading to challenges in troubleshooting and delayed issue resolution.
There is a need for more comprehensive scanning capabilities, including better support for various programming languages and dynamic scanning features.
False positives are a significant issue, causing unnecessary alerts for vulnerabilities that are not exploitable or relevant.
Integration challenges exist, particularly with development tools like IDE plugins, Bamboo, and other systems.
Pricing can be expensive, and there is limited API access for lower-tier users.
 

Snyk Pros review quotes

reviewer1258746 - PeerSpot reviewer
reviewer1258746
Engineering Manager at a comms service provider with 51-200 employees
Jan 16, 2020
What is valuable about Snyk is its simplicity.
Read full review
AG
Reviewer636936
Information Security Engineer at a financial services firm with 1,001-5,000 employees
May 13, 2020
Snyk has given us really good results because it is fully automated. We don't have to scan projects every time to find vulnerabilities, as it already stores the dependencies that we are using. It monitors 24/7 to find out if there are any issues that have been reported out on the Internet.
Read full review
reviewer1354494 - PeerSpot reviewer
reviewer1354494
Manager, Information Security Architecture at a consultancy with 5,001-10,000 employees
May 21, 2020
It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now.
Read full review
Buyer's Guide
Snyk
February 2026
Free Report: Snyk Reviews and More
Learn what your peers think about Snyk. Get advice and tips from experienced pros sharing their opinions. Updated: February 2026.
DOWNLOAD NOW
884,266 professionals have used our research since 2012.
reviewer1354503 - PeerSpot reviewer
reviewer1354503
Security Analyst at a tech vendor with 201-500 employees
May 21, 2020
Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there.
Read full review
SK
Reviewer109374
Sr. Security Engineer at a tech vendor with 201-500 employees
May 21, 2020
The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree.
Read full review
reviewer1367229 - PeerSpot reviewer
reviewer1367229
Senior Manager, Product & Application Security at a computer software company with 1,001-5,000 employees
Jun 10, 2020
The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI.
Read full review
DK
Dirk Koehler
Senior Director, Engineering at Zillow Group
Jun 25, 2020
It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well.
Read full review
NS
Nicholas Secrier
Information Security Officer at a tech services company with 51-200 employees
Jul 8, 2020
The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there.
Read full review
CG
Cameron Gagnon
Security Software Engineer at a tech company with 10,001+ employees
Aug 30, 2020
The most valuable features are their GitLab and JIRA integrations. The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using.
Read full review
reviewer1412625 - PeerSpot reviewer
reviewer1412625
Application Security Engineer at a tech services company with 501-1,000 employees
Aug 31, 2020
The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact.
Read full review
Show 10 more reviews (out of 50)
 

Snyk Cons review quotes

reviewer1258746 - PeerSpot reviewer
reviewer1258746
Engineering Manager at a comms service provider with 51-200 employees
Jan 16, 2020
Could include other types of security scanning and statistical analysis
Read full review
AG
Reviewer636936
Information Security Engineer at a financial services firm with 1,001-5,000 employees
May 13, 2020
They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer.
Read full review
reviewer1354494 - PeerSpot reviewer
reviewer1354494
Manager, Information Security Architecture at a consultancy with 5,001-10,000 employees
May 21, 2020
There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform.
Read full review
Buyer's Guide
Snyk
February 2026
Free Report: Snyk Reviews and More
Learn what your peers think about Snyk. Get advice and tips from experienced pros sharing their opinions. Updated: February 2026.
DOWNLOAD NOW
884,266 professionals have used our research since 2012.
reviewer1354503 - PeerSpot reviewer
reviewer1354503
Security Analyst at a tech vendor with 201-500 employees
May 21, 2020
Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this.
Read full review
SK
Reviewer109374
Sr. Security Engineer at a tech vendor with 201-500 employees
May 21, 2020
We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity.
Read full review
reviewer1367229 - PeerSpot reviewer
reviewer1367229
Senior Manager, Product & Application Security at a computer software company with 1,001-5,000 employees
Jun 10, 2020
The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise.
Read full review
DK
Dirk Koehler
Senior Director, Engineering at Zillow Group
Jun 25, 2020
We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading.
Read full review
NS
Nicholas Secrier
Information Security Officer at a tech services company with 51-200 employees
Jul 8, 2020
Generating reports and visibility through reports are definitely things they can do better.
Read full review
CG
Cameron Gagnon
Security Software Engineer at a tech company with 10,001+ employees
Aug 30, 2020
Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help.
Read full review
reviewer1412625 - PeerSpot reviewer
reviewer1412625
Application Security Engineer at a tech services company with 501-1,000 employees
Aug 31, 2020
We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have...
Read full review
Show 10 more reviews (out of 50)

Product Categories

Product Categories
Application Security Tools
Application Performance Monitoring (APM) and Observability
Static Application Security Testing (SAST)
GRC
Cloud Management
Vulnerability Management
Container Security
Software Composition Analysis (SCA)
Software Development Analytics
Cloud Security Posture Management (CSPM)
DevSecOps
Application Security Posture Management (ASPM)
AI Security

Popular Comparisons

Popular Comparisons
SonarQube vs Snyk Logo
SonarQube vs Snyk
SentinelOne Singularity Cloud Security vs Snyk Logo
SentinelOne Singularity Cloud Security vs Snyk
Wiz vs Snyk Logo
Wiz vs Snyk
Datadog vs Snyk Logo
Datadog vs Snyk
Zabbix vs Snyk Logo
Zabbix vs Snyk
Microsoft Defender for Cloud vs Snyk Logo
Microsoft Defender for Cloud vs Snyk
Prisma Cloud by Palo Alto Networks vs Snyk Logo
Prisma Cloud by Palo Alto Networks vs Snyk
Darktrace vs Snyk Logo
Darktrace vs Snyk
GitLab vs Snyk Logo
GitLab vs Snyk
Checkmarx One vs Snyk Logo
Checkmarx One vs Snyk
Veracode vs Snyk Logo
Veracode vs Snyk
New Relic vs Snyk Logo
New Relic vs Snyk
Qualys VMDR vs Snyk Logo
Qualys VMDR vs Snyk
Tenable Nessus vs Snyk Logo
Tenable Nessus vs Snyk
Sentry vs Snyk Logo
Sentry vs Snyk
See all alternatives

Product Categories

Product Categories
Application Security Tools
Application Performance Monitoring (APM) and Observability
Static Application Security Testing (SAST)
GRC
Cloud Management
Vulnerability Management
Container Security
Software Composition Analysis (SCA)
Software Development Analytics
Cloud Security Posture Management (CSPM)
DevSecOps
Application Security Posture Management (ASPM)
AI Security

Popular Comparisons

Popular Comparisons
SonarQube vs Snyk Logo
SonarQube vs Snyk
SentinelOne Singularity Cloud Security vs Snyk Logo
SentinelOne Singularity Cloud Security vs Snyk
Wiz vs Snyk Logo
Wiz vs Snyk
Datadog vs Snyk Logo
Datadog vs Snyk
Zabbix vs Snyk Logo
Zabbix vs Snyk
Microsoft Defender for Cloud vs Snyk Logo
Microsoft Defender for Cloud vs Snyk
Prisma Cloud by Palo Alto Networks vs Snyk Logo
Prisma Cloud by Palo Alto Networks vs Snyk
Darktrace vs Snyk Logo
Darktrace vs Snyk
GitLab vs Snyk Logo
GitLab vs Snyk
Checkmarx One vs Snyk Logo
Checkmarx One vs Snyk
Veracode vs Snyk Logo
Veracode vs Snyk
New Relic vs Snyk Logo
New Relic vs Snyk
Qualys VMDR vs Snyk Logo
Qualys VMDR vs Snyk
Tenable Nessus vs Snyk Logo
Tenable Nessus vs Snyk
Sentry vs Snyk Logo
Sentry vs Snyk
See all alternatives
Related questions
  • 191
Which software is ideal for code quality and security?
  • 60
How does Snyk compare with SonarQube?
  • 9
How do you use Snyk for running SAST?
  • 16
What do I scan when changing code in Snyk?
  • 150
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 63
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 115
What are the Top 5 cybersecurity trends in 2022?
  • 155
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 72
We're evaluating Tripwire, what else should we consider?
  • 55
Which application security solutions include both vulnerability scans and quality checks?