Snyk Reviews

Name: Snyk
Brand: Snyk
Rating: 4 (41 reviews)

Vendor: Snyk

4.1 out of 5

41 reviews
100% willing to recommend

439 followers

Post review

What is Snyk?UNIXBusinessApplication
Price:

Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.

Get the Snyk Buyer's Guide and find out what your peers are saying about Snyk, SonarQube, Veracode and more!

Snyk is the #1 ranked solution in top DevSecOps solutions, #2 ranked solution in top Software Composition Analysis (SCA) solutions, #2 ranked solution in top Software Development Analytics solutions, #4 ranked solution in application security solutions, and #5 ranked solution in Container Security Solutions. PeerSpot users give Snyk an average rating of 8.2 out of 10. Snyk is most commonly compared to SonarQube: Snyk vs SonarQube. Snyk is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 15% of all views.

Helped 767,319 peers since 2012

Featured reviews

VinothKumar5

Senior Consultant at Hexaware Technologies Limited

Apr 25, 2023

Snyk can be improved on the reporting aspect regarding the traceability of SCA. It also doesn't have storage. For instance, if you are scanning version 'X' and then you're scanning on another version 'X+1', it doesn't store your information. It doesn't compare particular vulnerabilities between 'X' and 'X+1'. Snyk is helpful and quite handy for people on the development team. The solution's reporting and storage could be improved. The next release of Snyk should have more training features for developers. The tool offers software composition analysis, and though it says what needs to be fixed, it's in a reactive space. Since DevSecOps has become a culture nowadays, and the industry is going more towards proactive measures, the developers need to be trained.

Read full review

Eryk Lawyd

Tech Lead DevSecOps at Letsbank

Jul 5, 2023

We have seen an improvement this month. My security team told me, "We need to break your pipeline if the tools present critical and high-end security issues on the code, so this code cannot go to a staging or homologation environment." I then made improvements to the tools, which were not cheap. But it's a standard feature and a customer need, so I do this, then we apply. Using Snyk, we get the results and the reports and deploy the applications with high-end critical issues of security such as DoS or Cross-Site scripting, any kind of present, on the Snyk IO solution.

Read full review

Jayashree Acharyya

Director at PepsiCo

Mar 4, 2024

The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not. We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline. Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance. The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub. Overall, I rate the solution a seven out of ten.

Read full review

Snyk market share

Product category:

As of March 2024, the market share of Snyk in the Application Security Tools category stands at 6.5%, marking a decrease of 23.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

Key learnings from peers

Valuable Features

Snyk's most valuable features include software composition analysis (SCA), security vulnerability detection, easy onboarding, centralized issue fixing, categorization of vulnerabilities, container scans, code scans, stability, automation, open source offering, secrets scanning, static analysis with SAST, clear information and feedback, expertise in security, automatically creating pull requests, developer-friendly product, integration, nice dashboard and reports, and easy integration without a pipeline. Snyk is useful in detecting security vulnerabilities, prioritizing issues, and providing proper reports and resolutions. It is also reliable, smooth, and does not require a lot of preparation or prerequisites.

Room for Improvement

Improvements that could be made to Snyk include: better reporting and storage capabilities for software composition analysis, more training features for developers in the next release, improved license compliance and policy management, the ability to see the line where errors occur, easier log export function, more user-friendly UI and detailed project view, better interdependency reporting, greater language and framework coverage, reduced false positives on scans, improved customer support and engagement, automatic fixing of security breaches, improved reporting mechanism and adjustment of license ratings, inclusion of dynamic and run-time scanning features, and better database signatures. Compatibility with other products and lower pricing could also be beneficial.

ROI

Snyk is a cost-effective solution for identifying open-source vulnerabilities during development stages. It can save up to 100 times the cost of identifying and fixing issues during production. By fixing bugs early on, the annual subscription fee for Snyk can be covered, resulting in a high ROI potential.

Pricing

Snyk has a competitive price for its coverage, scalability, reliability, and stability, with no additional costs for standard licensing fees. Some users consider it reasonable, while others find it expensive compared to other solutions. The license model is based on the number of contributing developers, and the price may vary depending on the company's size. However, some users find it acceptable, especially for enterprises. The open-source version is also available and integrated with Jenkins CICD automation pipeline, which gives everything in one place.

"The product's price is okay."
"Snyk is an expensive solution."
"Compared to Veracode, Snyk is definitely a cheaper tool."

Popular Use Cases

Snyk is a versatile solution used for various purposes such as security vulnerability detection, DevOps, infrastructure scanning, SaaS testing, continuous vulnerability scans, and managing open-source risks in security and licenses. It allows developers to identify and address potential security issues and is used for code analysis, vulnerability finding, and detecting issues particular to users. Snyk is a cloud-based SaaS offering that is always kept up to date and can be configured on local ID environment or used as a hybrid deployment. It also offers new use cases such as static analysis and secrets scanning.

Service and Support

Snyk has a generally positive reputation for their customer service and support. Many customers have had good experiences with their tech support team, prompt responses, and helpful resources. Some customers feel that there is room for improvement in areas such as customer success managers and more personalized support options. Snyk's technical support is seen as reliable and available.

Deployment

Users have generally found the initial setup for Snyk to be easy and straightforward, with some describing it as quick and taking only a matter of minutes. The solution is cloud-based and integrations with other tools like Jenkins and GitHub were found to be simple. While some noted that there may be a need for support and assistance during the implementation process, overall, users did not encounter any significant difficulties and rated the setup positively.

Scalability

Snyk is generally considered to be scalable. Users have mentioned that it is easy to scale Snyk once it is installed, as long as the correct cloud server settings are in place. Some users have successfully onboarded and scaled up multiple tools for product and software development. Minor issues have been reported, such as the time it takes to load a dashboard at the organizational level.

Stability

Snyk has been consistently praised for its stability by users during POC and regular usage. No downtime or lags have been reported, and the product is considered to be a fine, stable solution, with a rating of nine out of ten for stability. Users have noted that it can be run with both CLI and GUI without stability issues

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Snyk Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

14%

Manufacturing Company

Insurance Company

Retailer

Government

Healthcare Company

Comms Service Provider

Media Company

Energy/Utilities Company

Real Estate/Law Firm

Educational Organization

University

Construction Company

Wholesaler/Distributor

Non Profit

Legal Firm

Transportation Company

Logistics Company

Outsourcing Company

Pharma/Biotech Company

Hospitality Company

Performing Arts

Recreational Facilities/Services Company

Consumer Goods Company

Marketing Services Firm

Aerospace/Defense Firm

Compare Snyk with alternative products

Learn more about Snyk

Benefits of Snyk

Some of the benefits of using Snyk include:

Conserves resources: Snyk easily integrates with other security solutions and uses their security features to ensure that the work that users are doing is completely secure. These integrations allow them to protect themselves without pulling resources from their continued integration or continued delivery workflows. Resources can be conserved for areas of the greatest need.

Highly flexible: Snyk enables users to customize the system’s security automation features to meet their needs. Users can guarantee that the automation performs the functions that are most essential for their current project. Additionally, users are able to maintain platform governance consistency across their system.

Keeps users ahead of emerging threats. Snyk employs a database of threats that help it detect and keep track of potential issues. This database is constantly being updated to reflect the changes that take place in the realm of cybersecurity. It also uses machine learning. Users are prepared to deal with new issues as they arise.

Automatically scans projects for threats. Snyk’s command-line interface enables users to schedule the solution to run automatic scans of their projects. Time and manpower can be conserved for the areas of greatest need without sacrificing security.

Reviews from Real Users

Snyk is a security platform for developers that stands out among its competitors for a number of reasons. Two major ones are its ability to integrate with other security solutions and important insights that it can enable users to discover. Snyk enables users to combine its already existing security features with those of other solutions to create far more robust and flexible layers of security than what it can supply on its own. It gives users the ability to dig into the security issues that they may experience. Users are given a clear view of the root causes of these problems. This equips them to address the problem and prevent similar issues in the future.

Cameron G., a security software engineer at a tech company, writes, “The most valuable features are their GitLab and JIRA integrations.The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using. Snyk is something of a bridge that we use; we get our projects into it and then get the information out of it. Those two integrations are crucial for us to be able to do that pretty simply.”

Sean M., the chief information security officer of a technology vendor, writes, "From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."