Snyk Primary Use Case

Nicholas Secrier
Information Security Officer at a tech services company with 51-200 employees
We are using it to identify security weaknesses and vulnerabilities by performing dependency checks of the source code and Docker images used in our code. We also use it for open-source licensing compliance review. We need to keep an eye on what licenses are attached to the libraries or components that we have in use to ensure we don't have surprises in there. We are using the standard plan, but we have the container scanning module as well in a hybrid deployment. The cloud solution is used for integration with the source code repository which, in our case, is GitHub. You can add whatever repository you want to be inspected by Snyk and it will identify and recommend solutions for your the identified issues. We are also using it as part of our CI/CD pipelines, in our case it is integrated with Jenkins. View full review »
Cameron Gagnon
Security Software Engineer at a tech company with 10,001+ employees
We use it as a pretty wide ranging tool to scan vulnerabilities, from our Docker images to Ruby, JavaScript, iOS, Android, and eventually even Kubernetes. We use those findings with the various integrations to integrate with our teams' workflows to better remediate the discoveries from Snyk. View full review »
reviewer1417671
VP of Engineering at a tech vendor with 11-50 employees
Our use case is basically what Snyk sells itself as, which is for becoming aware of and then managing any vulnerabilities in third-party, open-source software that we pull into our product. We have a lot of dependencies across both the tools and the product services that we build, and Snyk allows us to be alerted to any vulnerabilities in those open-source libraries, to prioritize them, and then manage things. We also use it to manage and get visibility into any vulnerabilities in our Docker containers and Kubernetes deployments. We have very good visibility of things that aren't ours that might be at risk and put our services at risk. Snyk's service is cloud-based and we talk to that from our infrastructure in the cloud as well. View full review »
Learn what your peers think about Snyk. Get advice and tips from experienced pros sharing their opinions. Updated: June 2020.
442,986 professionals have used our research since 2012.
Sean McElroy
CISO at a tech vendor with 51-200 employees
We use it to do software composition analysis. It analyzes the third-party libraries that we bring into our own code. It keeps up if there is a vulnerability in something that we've incorporated, then tells us if that has happened. We can then track that and take appropriate action, like updating that library or putting a patch in place to mitigate it. They have also added some additional products that we use: One of which is container security. That product is one that analyzes our microservices containers and provides them with a security assessment, so we are essentially following best practices. View full review »
Reviewer109374
Sr. Security Engineer at a tech vendor with 201-500 employees
We enable Snyk on all of our repos to do continuous scanning for open-source dependency, vulnerabilities, and for license compliance. We also do some infrastructure and code scanning for Kubernetes and our Docker containers. Snyk integrates with GitHub which lets us monitor all private and public repositories in our organization and it enables developers to easily find and fix up source dependency vulnerabilities, container-image vulnerabilities, and ensures licenses are compliant with our company policies. View full review »
reviewer1412625
Application Security Engineer at a tech services company with 501-1,000 employees
We have a lot of code and a lot of microservices and we're using Snyk to test our third-party libraries, all the external dependencies that our code uses, to see if there are any vulnerabilities in the versions we use. We use their SaaS dashboard, but we do have some internal integrations that are on-prem. We scan our code and we go through the results on the dashboard and then we ask the teams to upgrade their libraries to mitigate vulnerabilities. View full review »
reviewer1354503
Security Analyst at a tech vendor with 201-500 employees
We are using Snyk for two main reasons: * Licensing. For every open source package that we're using, we have licensing attributions and requirements. We are using Snyk to track all of that and make sure we're using the licenses for different open source packages that we have in a compliant fashion. This is just to make sure the licensed user is correct. * Vulnerabilities. Snyk will report on all the vulnerabilities present in all our different packages. This is also something we'll use to change a package, ask the desk to fix the vulnerability, or even just block a release if they are trying to publish code with too many vulnerabilities. I am using the latest SaaS version. View full review »
reviewer1367229
Senior Manager, Product & Application Security at a tech services company with 1,001-5,000 employees
There are two use cases that we have for our third-party libraries: * We use the Snyk CLI to scan our pipeline. Every time our developer is building an application and goes to the building process, we scan all the third-party libraries there. Also, we have a hard gate in our pipeline. E.g., if we see a specific vulnerability with a specific threshold (CDSS score), we can then decide whether we want to allow it or block the deal. * We have an integration with GitHub. Every day, Snyk scans our repository. This is a daily scan where we get the results every day from the Snyk scan. We are scanning Docker images and using those in our pipeline too. It is the same idea as the third-party libraries, but now we have a sub-gate that we are not blocking yet. We scan all the Docker images after the build process to create the images. In the future, we will also create a hard gate for Docker images. View full review »
Raman Zelenco
Lead Security System Engineer at a health, wellness and fitness company with 51-200 employees
Talking about the current situation in our security posture, we decided to choose a platform which could help us to improve our Security Development Lifecycle process. We needed a product that could help us mitigate some risks related to the security side of open source frameworks, libraries, licenses, and IT configuration. We were interested in a solution that could also utilize Docker images that we are using for the deployment. In general, we were interested in a vulnerability scanner platform for performance scans to deliver and calculate our risks related to code development. View full review »
Reviewer636936
Information Security Engineer at a financial services firm with 1,001-5,000 employees
We are using Snyk to find the vulnerabilities inside dependencies. It is one of the best tool in the market for this. View full review »
Matt Spencer
Senior Security Engineer at Instructure
The primary use case is dependency vulnerability scanning and alerting. View full review »
Dirk Koehler
Senior Director, Engineering at Zillow Group
Snyk is a security software offering. It helps us identify vulnerabilities or potential weaknesses in the third-party software that we use at our company. The solution is meant to give you visibility into open source licensing issues, which you may not necessarily be aware off, such as the way you ingest libraries into your application code for third-party dependencies. There is visibility into anything that could be potentially exploited. It provides good reporting and monitoring tools which enable me to keep track of the vulnerabilities found now and/or discovered in the future. It is pretty proactive about telling me what/when something might need mitigation. Their strength is really about empowering a very heterogeneous software environment, which is very developer-focused and where developers can easily get feedback. If you integrate their offering into the software development life cycle (SDLC), you can get pretty good coverage from a consumer perspective into the libraries that you're using. It's a good suite of tools tailored and focused towards developers. It ensures their code is safe in regards to their usage of third-party libraries, e.g., libraries not owned or controlled, then incorporated into the product from open sources. View full review »
reviewer1419804
Security Engineer at a tech vendor with 201-500 employees
Since some of our development is using open source packages, we need a way to identify the vulnerabilities before using those packages for development. Using Snyk, we can identify all the safe packages, which to use and which to not use, and create a safe repository for developers. The goal is to catch the vulnerabilities early within the process and fix them before they get to the security review where they can cause deadlines to be pushed out to fix them. We're using the cloud version. View full review »
reviewer1354494
Manager, Information Security Architecture at a consultancy with 5,001-10,000 employees
It is a source composition analysis tool that we use to perform vulnerability scanning for those vulnerabilities within open source libraries. This is a SaaS solution. View full review »
reviewer1258746
Engineering Manager at a comms service provider with 51-200 employees
We use the product to scan our code for any vulnerable dependencies we might have. We depend on open source libraries and need to make sure they're secure. If not, we need to highlight the areas and replace them, update them quickly. A secondary, minor use case is to also look at licensing and make sure that we're not using open source licenses we should not be using. Those are our two use cases. View full review »
Learn what your peers think about Snyk. Get advice and tips from experienced pros sharing their opinions. Updated: June 2020.
442,986 professionals have used our research since 2012.