We performed a comparison between GitLab and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitLab's best feature is Actions."
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"The merging feature makes it easy later on for the deployment."
"I like GitLab's security and SAS tools."
"I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently."
"Key features allow creation of well-presented Wiki that includes ideas, development, and domains."
"This product is always evolving, and they listen to the customers."
"The product's most valuable features are an open-source platform, remote functionality, and good pricing."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"Snyk is a good and scalable tool."
"It is easy for developers to use. The documentation is clear as well as the APIs are good and easily readable. It's a good solution overall."
"From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."
"I am impressed with the product's security vulnerability detection. My peers in security are praising the tool for its accuracy to detect security vulnerabilities. The product is very easy to onboard. It doesn't require a lot of preparation or prerequisites. It's a bit of a plug-and-play as long as you're using a package manager or for example, you are using a GitHub repository. And that is an advantage for this tool because developers don't want to add more tools to what they're currently using."
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"We'd like to see better integration with the Atlassian ecosystem."
"GitLab could consider introducing a code-scanning tool. Purchasing such tools from external markets can incur charges, which might not be favorable. Integrating these features into GitLab would streamline the pipeline and make it more convenient for users."
"The tool should include a feature that helps to edit the code directly."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
"I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities."
"We would like to generate document pages from the sources."
"The solution could be faster."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."
"Compatibility with other products would be great."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"Basically the licensing costs are a little bit expensive."
GitLab is ranked 7th in Application Security Tools with 70 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. GitLab is rated 8.6, while Snyk is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Black Duck, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Fortify on Demand. See our GitLab vs. Snyk report.
See our list of best Application Security Tools vendors, best Software Composition Analysis (SCA) vendors, and best DevSecOps vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.