Snyk Reviews

Name: Snyk
Brand: Snyk
Rating: 4 (17 reviews)

Vendor: Snyk

3.9 out of 5

17 reviews

398 followers

Post review

What is Snyk?UNIXBusinessApplication
Price:

Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.

Get the Snyk Buyer's Guide and find out what your peers are saying about Snyk, SonarQube, Black Duck and more!

Helped 734,156 peers since 2012

Featured reviews

Eryk Lawyd

Tech Lead DevSecOps at Letsbank

Jul 5, 2023

We have seen an improvement this month. My security team told me, "We need to break your pipeline if the tools present critical and high-end security issues on the code, so this code cannot go to a staging or homologation environment." I then made improvements to the tools, which were not cheap. But it's a standard feature and a customer need, so I do this, then we apply. Using Snyk, we get the results and the reports and deploy the applications with high-end critical issues of security such as DoS or Cross-Site scripting, any kind of present, on the Snyk IO solution.

Read full review

Nixon Bagalkoti

Cyber Security Lead at a printing company with 201-500 employees

Aug 17, 2022

I had a list of what they can improve, and I did share that with them. They are coming up with a beta version. It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front. When we started the PoC five months ago, we encountered all these things. So, I asked them to improve on them. They have come up with a lot of new features, but they are still lacking on the UI front and the reporting side of things. If you go to the UI front of Snyk, you won't find it so friendly. Another one is that you can't see the projects clearly. It gets all the sources from the repository. It pulls all the projects from the repository and creates a new project altogether for every new addition. So, you can't group them clearly. For example, if I have one product with different repositories, it creates a number of projects underneath in the Snyk UI. When it comes to reporting, if I run a scan on a particular project, I want the report only for that particular project in a PDF format that I can share with others. Currently, you get the notification over an email with all the projects but not in detail. You have to go to Snyk to find the details of a particular project. You only get a generic view, and you don't get a detailed view of a project. You need to go to the tool, export it as a CSV, and then find it, which is ridiculous. With other tools, once the scan is complete, we can just share the report with the development team that is working on that project, but Snyk doesn't let us do that. They still need to work a lot on the reporting structure. It also needs to be improved in terms of interdependencies. When you run a code scan, the code can have interdependencies. If you have found a vulnerable line somewhere, it might lead to other interdependencies. Currently, Snyk doesn't provide you with interdependencies. For example, it doesn't provide you with the best location to do the fix. Checkmarx does that, and after you fix a particular line of code, all the other dependencies are automatically fixed. Snyk doesn't offer that. So, you have to do the fix one by one, which is a tedious task for the development team. It takes a lot of effort. I shared this feedback with them, and they might be working on it. They told me that they'll consider that.

Read full review

AyubShaik

DevOps Engineer at Perptualblock

Apr 4, 2023

I have used SonarQube previously. We still use SonarQube and might migrate to Snyk completely in the future. Also, we may even consider using both parallelly. SonarQube notifies us of the error. It also mentions the line where that error is and gives the exact line of code along with the line number. While it doesn't give any solution, it does give an alternate solution. So, it will just show what can be removed, where the vulnerabilities are, and what needs to be changed. In Snyk, it notifies its user what an old version is and how to take it to another stable version. It also notifies its users about the vulnerabilities in a version before suggesting a new version that doesn't have such vulnerabilities. Integration in Snyk was easier since, during SonarQube's integration process in our company, we always faced technical issues during its setup or while trying to operate it. Snyk is a very user-friendly tool, giving it a huge plus point. SonarQube detects in a code if any line is commented or any variable is defined but not used. Snyk, on the other hand, doesn't detect such details but detects vulnerabilities on a higher level.

Read full review

Pricing

Snyk has a competitive price for its coverage, scalability, reliability, and stability, with no additional costs for standard licensing fees. Some users consider it reasonable, while others find it expensive compared to other solutions. The license model is based on the number of contributing developers, and the price may vary depending on the company's size. However, some users find it acceptable, especially for enterprises. The open-source version is also available and integrated with Jenkins CICD automation pipeline, which gives everything in one place.

ROI

Snyk is a cost-effective solution for identifying open-source vulnerabilities during development stages. It can save up to 100 times the cost of identifying and fixing issues during production. By fixing bugs early on, the annual subscription fee for Snyk can be covered, resulting in a high ROI potential.

Primary Use Case

Snyk is a versatile solution used for various purposes such as security vulnerability detection, DevOps, infrastructure scanning, SaaS testing, continuous vulnerability scans, and managing open-source risks in security and licenses. It allows developers to identify and address potential security issues and is used for code analysis, vulnerability finding, and detecting issues particular to users. Snyk is a cloud-based SaaS offering that is always kept up to date and can be configured on local ID environment or used as a hybrid deployment. It also offers new use cases such as static analysis and secrets scanning.

Valuable Features

Snyk's most valuable features include software composition analysis (SCA), security vulnerability detection, easy onboarding, centralized issue fixing, categorization of vulnerabilities, container scans, code scans, stability, automation, open source offering, secrets scanning, static analysis with SAST, clear information and feedback, expertise in security, automatically creating pull requests, developer-friendly product, integration, nice dashboard and reports, and easy integration without a pipeline. Snyk is useful in detecting security vulnerabilities, prioritizing issues, and providing proper reports and resolutions. It is also reliable, smooth, and does not require a lot of preparation or prerequisites.

Room for Improvement

Improvements that could be made to Snyk include: better reporting and storage capabilities for software composition analysis, more training features for developers in the next release, improved license compliance and policy management, the ability to see the line where errors occur, easier log export function, more user-friendly UI and detailed project view, better interdependency reporting, greater language and framework coverage, reduced false positives on scans, improved customer support and engagement, automatic fixing of security breaches, improved reporting mechanism and adjustment of license ratings, inclusion of dynamic and run-time scanning features, and better database signatures. Compatibility with other products and lower pricing could also be beneficial.

Initial Setup

Users have generally found the initial setup for Snyk to be easy and straightforward, with some describing it as quick and taking only a matter of minutes. The solution is cloud-based and integrations with other tools like Jenkins and GitHub were found to be simple. While some noted that there may be a need for support and assistance during the implementation process, overall, users did not encounter any significant difficulties and rated the setup positively.

Scalability

Snyk is generally considered to be scalable. Users have mentioned that it is easy to scale Snyk once it is installed, as long as the correct cloud server settings are in place. Some users have successfully onboarded and scaled up multiple tools for product and software development. Minor issues have been reported, such as the time it takes to load a dashboard at the organizational level.

Customer Service and Support

Snyk has a generally positive reputation for their customer service and support. Many customers have had good experiences with their tech support team, prompt responses, and helpful resources. Some customers feel that there is room for improvement in areas such as customer success managers and more personalized support options. Snyk's technical support is seen as reliable and available.

Stability

Snyk has been consistently praised for its stability by users during POC and regular usage. No downtime or lags have been reported, and the product is considered to be a fine, stable solution, with a rating of nine out of ten for stability. Users have noted that it can be run with both CLI and GUI without stability issues

Pricing

ROI

Primary Use Case

Valuable Features

Room for Improvement

Initial Setup

Scalability

Customer Service and Support

Stability

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Snyk Buyer's Guide for additional reliable information.

Learn more about Snyk

Benefits of Snyk

Some of the benefits of using Snyk include:

Conserves resources: Snyk easily integrates with other security solutions and uses their security features to ensure that the work that users are doing is completely secure. These integrations allow them to protect themselves without pulling resources from their continued integration or continued delivery workflows. Resources can be conserved for areas of the greatest need.

Highly flexible: Snyk enables users to customize the system’s security automation features to meet their needs. Users can guarantee that the automation performs the functions that are most essential for their current project. Additionally, users are able to maintain platform governance consistency across their system.

Keeps users ahead of emerging threats. Snyk employs a database of threats that help it detect and keep track of potential issues. This database is constantly being updated to reflect the changes that take place in the realm of cybersecurity. It also uses machine learning. Users are prepared to deal with new issues as they arise.

Automatically scans projects for threats. Snyk’s command-line interface enables users to schedule the solution to run automatic scans of their projects. Time and manpower can be conserved for the areas of greatest need without sacrificing security.

Reviews from Real Users

Snyk is a security platform for developers that stands out among its competitors for a number of reasons. Two major ones are its ability to integrate with other security solutions and important insights that it can enable users to discover. Snyk enables users to combine its already existing security features with those of other solutions to create far more robust and flexible layers of security than what it can supply on its own. It gives users the ability to dig into the security issues that they may experience. Users are given a clear view of the root causes of these problems. This equips them to address the problem and prevent similar issues in the future.

Cameron G., a security software engineer at a tech company, writes, “The most valuable features are their GitLab and JIRA integrations.The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using. Snyk is something of a bridge that we use; we get our projects into it and then get the information out of it. Those two integrations are crucial for us to be able to do that pretty simply.”

Sean M., the chief information security officer of a technology vendor, writes, "From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."

Snyk is the #1 ranked solution in top DevSecOps tools, #2 ranked solution in top Software Composition Analysis (SCA) tools, #4 ranked solution in application security solutions, and #5 ranked solution in Container Security Solutions. PeerSpot users give Snyk an average rating of 7.8 out of 10. Snyk is most commonly compared to SonarQube: Snyk vs SonarQube. Snyk is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.