Snyk is optimal for organizations starting or looking for an affordable, effective tool. Despite false positives, it combines SAST, SCA, containers, and IaS in one Web UI. On a scale of one to ten, I rate Snyk at six.
My advice for others considering using Snyk is to rely on it for security issues but still manually review your overall code. It's great for detecting syntax errors but might miss some broader issues, so it's important to do a thorough check yourself. Based on my experience, I'd rate Snyk an eight overall. Its performance is indeed good.
VP Enterprise Architecture and Solutioning at a financial services firm with 10,001+ employees
Real User
Top 10
2024-03-19T07:44:41Z
Mar 19, 2024
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities. The integration features of the product are okay. I recommend the product to those who want to buy it. In a general sense, Snyk is a good product that can be used for governance. If you use a lot of open-source software, Snyk is an application testing tool you can buy. I rate the tool a seven to eight out of ten.
The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not. We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline. Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance. The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub. Overall, I rate the solution a seven out of ten.
Snyk helped us identify the composition or the libraries we used in the project, which were vulnerable. It also helped us identify the license agreements from the vendor side. Software conversion analysis is a mandatory thing that should be implemented in every organization. Most libraries or any third-party libraries are not considered under VAPT. We should also look after the composition of the libraries we use in the project. We should look after these libraries for vulnerabilities, and VAPT should be mandatory in every organization. I rate Snyk a nine out of ten for the user-friendliness of its user interface. Currently, my team is looking into whether version numbers are vulnerable. We are also considering the improvisations or research and development we need to do if we need the same library. There are some loopholes that even Snyk has not identified or that it might be working on. Since we have implemented it, we are looking after it. If a developer requires a particular library with vulnerabilities, we check whether we are using the functions mentioned in the libraries in the project. If we are using it, we are trying to identify exactly which snippet is causing the error. If it is causing a vulnerability, we are considering how to improve it. We need to think about the decisions we need to make after SCA. It would be a big relief for our organization if Snyk could provide a solution to identify the library snippet that is causing a future vulnerability. We are currently using a team of 30 people to identify this issue. Overall, I rate Snyk an eight out of ten.
People who want to use the product must utilize the code analysis on IDE. It would really help a lot of the developers. It performs the shift left concept very well. It is a very good tool, but the pricing is absurd. Overall, I rate the product an eight out of ten.
Devops & Cloud Architect at Hexaware Technologies Limited
Reseller
Top 5
2023-11-14T09:57:17Z
Nov 14, 2023
The major reason why customers prefer Snyk is that, nowadays, people are moving towards cloud-native tools. People also want a tool that offers safety and security, especially during the integration process and during the coding part. Snyk offers a set of much better features when compared to other tools like SonarQube or Veracode. Smaller companies can choose the team plan or enterprise version offered by Snyk. The major reason why people prefer Snyk is because of the security it offers. I rate the overall tool a six or seven out of ten.
Head of Sales at a tech services company with 11-50 employees
Reseller
Top 10
2023-07-14T14:36:10Z
Jul 14, 2023
I would definitely recommend the solution to those planning to use it since it is easy to deploy and has strong features like machine learning and the ability to analyze static codes. Overall, I rate the solution an eight out of ten.
You can use Snyk to develop tech IT, and you can use it anywhere from small sectors and large sectors. For example, if you have IOPS, you can use this as IaC in infrastructure to read files. Snyk is the best place to start for a SaaS solution because it's cheaper. It's a good start for small FinTech companies that don't have a large budget. It's one of the best places to start for this kind of security scanning application. After a few months, Snyk was bought by Atlassian. Atlassian creates a lot of plugins to, for example, create a pull request for Bitbucket pipelines or Bitbucket cloud to create Jira tickets integrated with Snyk IO. In the last year, they changed the way they connect. We no longer have to use an application password because it's native for the Bitbucket cloud to use a plugin in Atlassian's marketplace. They made a huge improvement in a year and a half. This year I compared Snyk to Veracode and saw that it has huge tools, but it doesn't fit my requirements right now, so I continue using Snyk IO. The main difference between Snyk and Veracode is the UI. Snyk IO is far more user-friendly and easier to manage your issues, and the SCA solution is much better than Veracode's. I rate Snyk an eight out of ten.
We are consultants. We don't have any alliance or partnership relationship. It's similar to the relationship with other technology suppliers that we have in the same space. I'd advise others to definitely try it out. I would rate the solution at an eight out of ten.
We're a Fugue partner. In terms of which version we are using, I would have to say that it was the latest one that we worked with. The exact number version escapes me. I would have to go back and check. The solution was specifically deployed to assist with cloud management of Azure in a specific case, however, we are using it across all of the cloud supply platforms including Google Cloud and AWS. I would absolutely recommend this solution to others. Overall, I would rate the solution at an eight out of ten. It works well, however, a user needs to be fairly knowledgable in cybersecurity in order to get the most use out of it.
Snyk's AI Trust Platform empowers developers to innovate securely in AI-driven environments, ensuring rapid and secure software development with enhanced policy governance.Snyk’s platform integrates AI-ready engines across the software development lifecycle, offering broad coverage with high speed and accuracy essential for fast-paced coding environments. AI-driven features include visibility, prioritization, and tailored security policies that enable proactive threat prevention and quick...
They should do their research and see if it definitely adds value to their DevOps pipeline. Overall, I rate the solution eight out of ten.
Snyk is optimal for organizations starting or looking for an affordable, effective tool. Despite false positives, it combines SAST, SCA, containers, and IaS in one Web UI. On a scale of one to ten, I rate Snyk at six.
Based on our experience and what I have heard internally, I would recommend Snyk. I'd rate the solution nine out fo ten.
My advice for others considering using Snyk is to rely on it for security issues but still manually review your overall code. It's great for detecting syntax errors but might miss some broader issues, so it's important to do a thorough check yourself. Based on my experience, I'd rate Snyk an eight overall. Its performance is indeed good.
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities. The integration features of the product are okay. I recommend the product to those who want to buy it. In a general sense, Snyk is a good product that can be used for governance. If you use a lot of open-source software, Snyk is an application testing tool you can buy. I rate the tool a seven to eight out of ten.
The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not. We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline. Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance. The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub. Overall, I rate the solution a seven out of ten.
Snyk helped us identify the composition or the libraries we used in the project, which were vulnerable. It also helped us identify the license agreements from the vendor side. Software conversion analysis is a mandatory thing that should be implemented in every organization. Most libraries or any third-party libraries are not considered under VAPT. We should also look after the composition of the libraries we use in the project. We should look after these libraries for vulnerabilities, and VAPT should be mandatory in every organization. I rate Snyk a nine out of ten for the user-friendliness of its user interface. Currently, my team is looking into whether version numbers are vulnerable. We are also considering the improvisations or research and development we need to do if we need the same library. There are some loopholes that even Snyk has not identified or that it might be working on. Since we have implemented it, we are looking after it. If a developer requires a particular library with vulnerabilities, we check whether we are using the functions mentioned in the libraries in the project. If we are using it, we are trying to identify exactly which snippet is causing the error. If it is causing a vulnerability, we are considering how to improve it. We need to think about the decisions we need to make after SCA. It would be a big relief for our organization if Snyk could provide a solution to identify the library snippet that is causing a future vulnerability. We are currently using a team of 30 people to identify this issue. Overall, I rate Snyk an eight out of ten.
People who want to use the product must utilize the code analysis on IDE. It would really help a lot of the developers. It performs the shift left concept very well. It is a very good tool, but the pricing is absurd. Overall, I rate the product an eight out of ten.
I rate the product an eight out of ten.
The major reason why customers prefer Snyk is that, nowadays, people are moving towards cloud-native tools. People also want a tool that offers safety and security, especially during the integration process and during the coding part. Snyk offers a set of much better features when compared to other tools like SonarQube or Veracode. Smaller companies can choose the team plan or enterprise version offered by Snyk. The major reason why people prefer Snyk is because of the security it offers. I rate the overall tool a six or seven out of ten.
I recommend Snyk to others and rate it a seven out of ten.
I would definitely recommend the solution to those planning to use it since it is easy to deploy and has strong features like machine learning and the ability to analyze static codes. Overall, I rate the solution an eight out of ten.
You can use Snyk to develop tech IT, and you can use it anywhere from small sectors and large sectors. For example, if you have IOPS, you can use this as IaC in infrastructure to read files. Snyk is the best place to start for a SaaS solution because it's cheaper. It's a good start for small FinTech companies that don't have a large budget. It's one of the best places to start for this kind of security scanning application. After a few months, Snyk was bought by Atlassian. Atlassian creates a lot of plugins to, for example, create a pull request for Bitbucket pipelines or Bitbucket cloud to create Jira tickets integrated with Snyk IO. In the last year, they changed the way they connect. We no longer have to use an application password because it's native for the Bitbucket cloud to use a plugin in Atlassian's marketplace. They made a huge improvement in a year and a half. This year I compared Snyk to Veracode and saw that it has huge tools, but it doesn't fit my requirements right now, so I continue using Snyk IO. The main difference between Snyk and Veracode is the UI. Snyk IO is far more user-friendly and easier to manage your issues, and the SCA solution is much better than Veracode's. I rate Snyk an eight out of ten.
We are consultants. We don't have any alliance or partnership relationship. It's similar to the relationship with other technology suppliers that we have in the same space. I'd advise others to definitely try it out. I would rate the solution at an eight out of ten.
We're a Fugue partner. In terms of which version we are using, I would have to say that it was the latest one that we worked with. The exact number version escapes me. I would have to go back and check. The solution was specifically deployed to assist with cloud management of Azure in a specific case, however, we are using it across all of the cloud supply platforms including Google Cloud and AWS. I would absolutely recommend this solution to others. Overall, I would rate the solution at an eight out of ten. It works well, however, a user needs to be fairly knowledgable in cybersecurity in order to get the most use out of it.