We performed a comparison between GitHub and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are finding GitHub is very stable."
"The control is the most valuable feature as developers can work on a single code."
"The best feature is the ability to track the history of all code changes, and it's easy to use. Additionally, as it's open source, anyone can use that feature resulting in distributed development. This opens the door to collaboration with different code and developer, feature, and master branches of development."
"The code sharing and updated history are valuable features."
"Any complex banking can be handled very easily in GitHub. It allows us to integrate with tools like Grid, where we can merge and resolve conflicts without any hassle."
"I'm able to access any repository that I like, whether it's public or private."
"I use this solution to store my code in a repository so we can manage version control which is useful."
"This product allows us to easily collaborate on development tasks with our subcontractors, and control the workflow as the project progresses."
"The most valuable features are their GitLab and JIRA integrations. The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."
"Static code analysis is one of the best features of the solution."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."
"The most valuable feature of Snyk is the software composition analysis."
"It is currently only from the development perspective. It doesn't have features related to project management and testing. It is not like Azure. So, there is a lot of room for improvement. It is a version control product, and it would be good if they can come up with a complete DevOps product."
"The solution can improve by adding video guides, official guides, or short courses that cater to beginners who are new to the system. These resources could offer step-by-step guidance on how to use GitHub, including common procedures such as pulling and committing. Currently, many of us have to resort to searching for information on how to do these tasks via Google. An official guide provided by GitHub itself would be a valuable asset to newcomers and would save them time and effort."
"The only thing I see missing in GitHub is that it isn't very user friendly for key personnel who don't have in-depth, technical knowledge. In Jira, there are many functions to upload our test cases, and in GitHub we can only do it manually. There are functions which can be used to upload different files, but that still requires some technical knowledge. A layman cannot do it."
"There is room for improvement in terms of interface."
"The stability can be improved."
"From the recruiting standpoint, I would like to see email IDs and phone numbers and a brief introduction about their profile."
"If you are uploading or cloning a large file, with more than 25 megs, it's pretty slow."
"There is a bit of a learning curve."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"The tool needs improvement in license compliance. I would like to see the integration of better policy management in the product's future release. When it comes to the organization that I work for, there are a lot of business units since we are a group of companies. Each of these companies has its specific requirements and its own appetite for risk. This should be able to reflect in flexible policies. We need to be able to configure policies that can be adjusted later or overridden by the business unit that is using the product."
"The solution's integration with JFrog Artifactory could be improved."
"The feature for automatic fixing of security breaches could be improved."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks."
"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."
"A feature we would like to see is the ability to archive and store historical data, without actually deleting it. It's a problem because it throws my numbers off. When I'm looking at the dashboard's current vulnerabilities, it's not accurate."
GitHub is ranked 12th in Application Security Tools with 71 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. GitHub is rated 8.6, while Snyk is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". GitHub is most compared with AWS CodeCommit, Bitbucket, Fortify on Demand, Atlassian SourceTree and Checkmarx One, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Mend.io. See our GitHub vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.