Snyk Pros and Cons

Snyk Pros

Nicholas Secrier
Information Security Officer at a tech services company with 51-200 employees
The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there.
View full review »
Cameron Gagnon
Security Software Engineer at a tech company with 10,001+ employees
The most valuable features are their GitLab and JIRA integrations. The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using.
View full review »
reviewer1417671
VP of Engineering at a tech vendor with 11-50 employees
We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful.
View full review »
Learn what your peers think about Snyk. Get advice and tips from experienced pros sharing their opinions. Updated: June 2020.
442,041 professionals have used our research since 2012.
Reviewer109374
Sr. Security Engineer at a tech vendor with 201-500 employees
The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree.
View full review »
reviewer1412625
Application Security Engineer at a tech services company with 501-1,000 employees
The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact.
The solution's vulnerability database, in terms of comprehensiveness and accuracy, is very high-level. As far as I know, it's the best among their competitors.
View full review »
reviewer1354503
Security Analyst at a tech vendor with 201-500 employees
Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there.
View full review »
reviewer1367229
Senior Manager, Product & Application Security at a tech services company with 1,001-5,000 employees
The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI.
View full review »
Raman Zelenco
Lead Security System Engineer at a health, wellness and fitness company with 51-200 employees
It has an accurate database of vulnerabilities with a low amount of false positives.
View full review »
Reviewer636936
Information Security Engineer at a financial services firm with 1,001-5,000 employees
Snyk has given us really good results because it is fully automated. We don't have to scan projects every time to find vulnerabilities, as it already stores the dependencies that we are using. It monitors 24/7 to find out if there are any issues that have been reported out on the Internet.
View full review »
Matt Spencer
Senior Security Engineer at Instructure
We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks.
View full review »

Snyk Cons

Nicholas Secrier
Information Security Officer at a tech services company with 51-200 employees
Generating reports and visibility through reports are definitely things they can do better.
View full review »
Cameron Gagnon
Security Software Engineer at a tech company with 10,001+ employees
Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help.
View full review »
reviewer1417671
VP of Engineering at a tech vendor with 11-50 employees
There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved.
View full review »
Learn what your peers think about Snyk. Get advice and tips from experienced pros sharing their opinions. Updated: June 2020.
442,041 professionals have used our research since 2012.
Reviewer109374
Sr. Security Engineer at a tech vendor with 201-500 employees
We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity.
View full review »
reviewer1412625
Application Security Engineer at a tech services company with 501-1,000 employees
We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have...
View full review »
reviewer1354503
Security Analyst at a tech vendor with 201-500 employees
Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this.
View full review »
reviewer1367229
Senior Manager, Product & Application Security at a tech services company with 1,001-5,000 employees
The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise.
View full review »
Raman Zelenco
Lead Security System Engineer at a health, wellness and fitness company with 51-200 employees
The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings.
View full review »
Reviewer636936
Information Security Engineer at a financial services firm with 1,001-5,000 employees
They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer.
View full review »
Matt Spencer
Senior Security Engineer at Instructure
I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places.
View full review »
Learn what your peers think about Snyk. Get advice and tips from experienced pros sharing their opinions. Updated: June 2020.
442,041 professionals have used our research since 2012.