We performed a comparison between GitHub and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product helps our team collaborate across different locations."
"A great feature is being able to have different repositories and different kinds of projects in a single solution at a single time. It's just a click away."
"If you want to share documents, you can create articles and diagrams with GitHub and share."
"The initial setup was easy."
"The deployment is fast since we just have to run the script, and once it's done, it takes a few minutes."
"It's beneficial for managing multiple tasks and controlling versions of your product."
"I like the CI/CD features."
"We've found the technical support to be very helpful."
"Our customers find container scans most valuable. They are always talking about it."
"Snyk has given us really good results because it is fully automated. We don't have to scan projects every time to find vulnerabilities, as it already stores the dependencies that we are using. It monitors 24/7 to find out if there are any issues that have been reported out on the Internet."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"The most valuable features are their GitLab and JIRA integrations. The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"It's very easy for developers to use. Onboarding was an easy process for all of the developers within the company. After a quick, half-an-hour to an hour session, they were fully using it on their own. It's very straightforward. Usability is definitely a 10 out of 10."
"We are not able to access GitHub from our VPN."
"GitHub could improve by being more user-friendly."
"There could be more integration into Azure."
"The UI is a little outdated, so that could be improved."
"It would be useful to have tutorial videos within the GitHub dashboard."
"I cannot recall coming across any shortcomings of the product."
"It would be better if the amount of storage were increased."
"We face issues with synchronization while working with teams."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
"The tool's initial use is complex."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"The solution's integration with JFrog Artifactory could be improved."
GitHub is ranked 9th in Application Security Tools with 75 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. GitHub is rated 8.6, while Snyk is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". GitHub is most compared with AWS CodeCommit, Fortify on Demand, Bitbucket, Atlassian SourceTree and Checkmarx One, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Mend.io. See our GitHub vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.