We performed a comparison between Legit Security and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Mend.io, Sonatype, JFrog and others in Software Supply Chain Security."We implemented Legit Security to gain visibility into all development teams and ensure that consistent controls are in place and accounted for on every route."
"Legit has had a positive effect on our overall security posture."
"The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates."
"Legit has increased my security posture to a level I couldn't achieve before. I don't need to worry as much about what's happening within my developer environments. I can rest assured that my vulnerabilities are being detected."
"We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."
"The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful."
"Our customers find container scans most valuable. They are always talking about it."
"The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"Legit Security could do a little better with detecting publicly exposed keys. It's not bad. The detections that they are running get to everything eventually, but it would be great if they could increase some of that awareness."
"The one we're working on right now is the ability to dynamically rerun development teams and groups."
"I would like them to have their own static code scanner, and I'd like them to have their own open-source software scanners."
"One issue is that engineering teams don't always embed secrets in the same way, making it difficult for the tool to consistently identify them."
"Generating reports and visibility through reports are definitely things they can do better."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
"One area where Snyk could improve is in providing developers with the line where the error occurs."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"For the areas that they're new in, it's very early stages for them. For example, their expertise is in looking at third-party components and packages, which is their bread-and-butter and what they've been doing for ages, but for newer features such as static analysis I don't think they've got compatibility for all the languages and frameworks yet."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
"The tool's initial use is complex."
Legit Security is ranked 7th in Software Supply Chain Security with 4 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Legit Security is rated 10.0, while Snyk is rated 8.2. The top reviewer of Legit Security writes "Correlates information based on the integrations I have, which is extremely helpful". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Legit Security is most compared with Ox Security and Cycode, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode.
We monitor all Software Supply Chain Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.