We performed a comparison between GitHub and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of the solution is the version control field."
"The ease of use is valuable."
"GitHub provides the SFH key to protect our passwords and connection."
"The code sharing and updated history are valuable features."
"The best feature is the ability to track the history of all code changes, and it's easy to use. Additionally, as it's open source, anyone can use that feature resulting in distributed development. This opens the door to collaboration with different code and developer, feature, and master branches of development."
"It is really simple to set up."
"If you want to share documents, you can create articles and diagrams with GitHub and share."
"GitHub is convenient and easy to use."
"The most valuable feature of Snyk is the software composition analysis."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"Snyk is a developer-friendly product."
"Our customers find container scans most valuable. They are always talking about it."
"We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"There could be more integration into Azure."
"I would like a more graphical, user-friendly UI, to avoid writing so much code on cmd."
"If you are uploading or cloning a large file, with more than 25 megs, it's pretty slow."
"It is difficult to merge a code or restore it to an older version."
"As of now, if I would like to learn about GitHub or its features, I would have to look on YouTube. It would be nice if they were able to send out a newsletter with explanations of new features that they are offering and what features are available."
"GitHub's issue management could be improved a little from an organization standpoint. It would be helpful to have the ability to organize a work board or a backlog more comprehensively. For organizations migrating to GitHub from arbitrary systems, it's a little bit of a headache to move on to that system."
"The stability can be improved."
"There is room for improvement in terms of interface."
"It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security."
"The solution's reporting and storage could be improved."
"It would be helpful if we get a recommendation while doing the scan about the necessary things we need to implement after identifying the vulnerabilities."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
GitHub is ranked 12th in Application Security Tools with 69 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. GitHub is rated 8.6, while Snyk is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". GitHub is most compared with AWS CodeCommit, Bitbucket, Fortify on Demand, Atlassian SourceTree and Checkmarx One, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Mend.io. See our GitHub vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.