We performed a comparison between Legit Security and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Mend.io, Sonatype, JFrog and others in Software Supply Chain Security."Legit has increased my security posture to a level I couldn't achieve before. I don't need to worry as much about what's happening within my developer environments. I can rest assured that my vulnerabilities are being detected."
"The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates."
"We implemented Legit Security to gain visibility into all development teams and ensure that consistent controls are in place and accounted for on every route."
"Legit has had a positive effect on our overall security posture."
"We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"The solution has great features and is quite stable."
"What is valuable about Snyk is its simplicity."
"The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities."
"It is easy for developers to use. The documentation is clear as well as the APIs are good and easily readable. It's a good solution overall."
"It's very easy for developers to use. Onboarding was an easy process for all of the developers within the company. After a quick, half-an-hour to an hour session, they were fully using it on their own. It's very straightforward. Usability is definitely a 10 out of 10."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact."
"Legit Security could do a little better with detecting publicly exposed keys. It's not bad. The detections that they are running get to everything eventually, but it would be great if they could increase some of that awareness."
"The one we're working on right now is the ability to dynamically rerun development teams and groups."
"One issue is that engineering teams don't always embed secrets in the same way, making it difficult for the tool to consistently identify them."
"I would like them to have their own static code scanner, and I'd like them to have their own open-source software scanners."
"The solution's integration with JFrog Artifactory could be improved."
"I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks."
"The tool needs improvement in license compliance. I would like to see the integration of better policy management in the product's future release. When it comes to the organization that I work for, there are a lot of business units since we are a group of companies. Each of these companies has its specific requirements and its own appetite for risk. This should be able to reflect in flexible policies. We need to be able to configure policies that can be adjusted later or overridden by the business unit that is using the product."
"Generating reports and visibility through reports are definitely things they can do better."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
"A feature we would like to see is the ability to archive and store historical data, without actually deleting it. It's a problem because it throws my numbers off. When I'm looking at the dashboard's current vulnerabilities, it's not accurate."
"The feature for automatic fixing of security breaches could be improved."
"The product is very expensive."
Legit Security is ranked 7th in Software Supply Chain Security with 4 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Legit Security is rated 10.0, while Snyk is rated 8.2. The top reviewer of Legit Security writes "Correlates information based on the integrations I have, which is extremely helpful". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Legit Security is most compared with Ox Security, Cycode, Docker and Cider, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode.
We monitor all Software Supply Chain Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.