We performed a comparison between GitHub and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitHub is convenient and easy to use."
"The control is the most valuable feature as developers can work on a single code."
"GitHub provides good time reduction and this is what I value the most."
"The solution is scalable."
"If you want to share documents, you can create articles and diagrams with GitHub and share."
"This product allows us to easily collaborate on development tasks with our subcontractors, and control the workflow as the project progresses."
"I have found GitHub stable."
"I'm able to access any repository that I like, whether it's public or private."
"We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario."
"The solution has great features and is quite stable."
"It is easy for developers to use. The documentation is clear as well as the APIs are good and easily readable. It's a good solution overall."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"What is valuable about Snyk is its simplicity."
"The code scans on the source code itself were valuable."
"The onboarding process could be simplified."
"The descriptions within Github could be more user-friendly to show the trees of Gitflow."
"The project management sector really needs some improvement for GitHub. I don't know if GitHub made sense for me as a project manager."
"Scalability is an area with a shortcoming, because of which it has room for improvement."
"The development team pushes the code into a repository, and the CI/CD pipeline will perform the build. We need open-source libraries to perform the builds. It would be helpful to have the ability to link to open-source libraries like npm libraries. I don't know if GitHub Actions provides this. I would like to see that in GitHub Actions if they don't."
"If you are uploading or cloning a large file, with more than 25 megs, it's pretty slow."
"GitHub could have better integration or capability with other solutions."
"The security for this solution could be tightened up and improved."
"I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks."
"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."
"The tool's initial use is complex."
"The solution's reporting and storage could be improved."
"Compatibility with other products would be great."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
"The feature for automatic fixing of security breaches could be improved."
GitHub is ranked 12th in Application Security Tools with 71 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. GitHub is rated 8.6, while Snyk is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". GitHub is most compared with AWS CodeCommit, Bitbucket, Fortify on Demand, Atlassian SourceTree and Checkmarx One, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Mend.io. See our GitHub vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.