#1 most frequent
United States of America
58.2%1,523 installations of 2,616
What is Snyk?
Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and helps security teams to collaborate with their development teams. It boasts a developer-first approach that ensures organizations can secure all of the critical components of their applications from code to cloud, driving developer productivity, revenue growth, customer satisfaction, cost savings and an improved security posture. The vendor states Snyk is used by 1,200 customers worldwide today, including Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Products include:
- Snyk Open Source - Automatically detect vulnerabilities and automate fixes during development with an SCA backed by intelligence
- Snyk Code - Static Application Security Testing (SAST) re-imagined for the developer
- Snyk Container - Container and Kubernetes security designed to help developers find and fix vulnerabilities in cloud native applications
- Snyk Infrastructure as Code - Reduce risk by automating IaC security and compliance in development workflows pre-deployment and detecting drifted and missing resources post-deployment
- Snyk Cloud - Cloud security with a unified policy as code engine so every team can develop, deploy, and operate safely in the cloud
Categories & Use Cases
Videos
Who Buys & Uses Snyk
#2 most frequent
United Kingdom of Great Britain and Northern Ireland
6.0%157 installations of 2,616
#3 most frequent
India
5.2%137 installations of 2,616
Snyk - A Security saviour.
Use Cases and Deployment Scope
Snyk has been a savior for us, right from enforcing container security to scanning GitHub repositories for detecting threats and vulnerabilities with CVEs, which helps in the identification and mitigation of high-severity security issues. Snyk also features a user-friendly interface, enabling developers to gain valuable data insights.
Pros
- Offers real-time alerts as new CVEs are published.
- Suggests automated fix PRs with updated, secure versions.
- Scans project dependencies (npm, Maven, pip, etc.) for known vulnerabilities.
Cons
- Although Snyk Code uses ML to reduce noise, it can still generate false positives or low-priority issues that may overwhelm developers.
- Snyk doesn't allow users to define custom security policies or scanning rules, especially in SAST and IaC modules.
- While Snyk offers a generous free tier, enterprise pricing can be cost-prohibitive for larger teams or startups scanning many repositories or containers.
Return on Investment
- Improved Security Posture.
- Accelerated Development Cycles.
- Cost at Scale.
- Lack of Custom Rules/Policies.
Usability
Alternatives Considered
SonarQube Cloud
Other Software Used
Sonar Enterprise, Veracode
A Tech-Savvy Solution for Managing Security Concerns
Use Cases and Deployment Scope
We have been using Snyk for over 4 years now, Snyk Code in comparison to its peers gives a very precise outline of code level vulnerabilities, it has a very low false positive rate and the coverage across languages is also something which addresses a vast range of product portfolio. All in all, when compared to its peers we find Snyk Code giving a better ROI and empowers the developers in a much more positive way than others.
Pros
- The Snyk Code IDE plugin is something that really works very well and brings out the true shift left story by providing very accurate findings and equally good mitigation solutions to the developers.
- The fact that even at the level of enterprise the ability to collate all the snyk code information on to a common dashboard is also something which adds a lot of value.
- Improve compliance & risk management
- Snyk has been exceptional throughout the entire selection, on-boarding, and implementation process
Cons
- The tool itself has many capabilities but using them operationally within the platform on a day to day basis for managing vulnerabilities is not a good experience.
- Our company was in desparate need of a tool to help us manage vulnerabilities so we could achieve a SOC 2 assurance report without findings.
Return on Investment
- The API is extensive enough for many integration options.
- API keys are rotated on a non-preferred time schedule. There's no way to configure this.
- We had a great experience with the support team and success managers while setting up the product and onboarding projects into the tool
Usability
Alternatives Considered
New Relic
Other Software Used
New Relic, GitLab, Snyk
A first line of safety but you might need more.
Use Cases and Deployment Scope
Snyk is an integral part of our development process. It is fully integrated into our deployment process to ensure that Snyk scans any new code to identify security issues. We trust this tool to support our effort for clean and secure code. It is sometimes verbose but almost always correct on issues it identifies or areas of concern.
Pros
- Identify potential security issues.
- Analyse library dependencies.
- Secure code as it is written close to development.
Cons
- Setting up is complex and when not do no properly provides too many false positives.
- We use another tool in parallel because it does not cover all of our languages especially for older code that is in mixed languages.
- Integrating it with bitbucket was not straight forward.
Most Important Features
- Snyk Code.
- Snyk open source.
Return on Investment
- Positive impact with cleaner and more secure code coming out.
- Reduction of defects.
- Reduction of time to fix defects.
Alternatives Considered
SonarQube
Snyk - So now that you know
Use Cases and Deployment Scope
Snyk is used for Open Source Software Governance. It helps in dependency management and identifying vulnerability in open-source libraries/packages used in the software.
Pros
- Helps in dependency management
- SAST - Static Application Security Testing
- Infra Code Scan ( Terraform , Cloud Formation , Docker image scan)
- OSSG
Cons
- Customizable Dashboard for analytics is missing
- Snyk has a sleek GUI but customizing the policies leaves room for improvement
- Autoremediation can be improved.
- OPA based Infra scan is missing and is probably covered by a recent acquisition ( Fugue)
Most Important Features
- Vulnerability in Open-source
- Identifying the license violation
- Snyk Code for SAST
- Infra Code Scan
Return on Investment
- Increased developer experience
- Better productivity due to shift left as Vulnerabilities are caught earlier in the SDLC process
- Improved Vulnerability Management
- Common dashboard for various stages in CI/CD
Alternatives Considered
Sonatype Nexus Platform and JFrog Artifactory
Other Software Used
Bitbucket, Atlassian Jira Align (formerly AgileCraft), CloudBees Jenkins Platform
Snyk (sneek)
Use Cases and Deployment Scope
We use Snyk as a mandatory pre-deployment test that is run on all pipelines before code can be sent to production. Any vulnerabilities identified are raised as tickets in Jira and assigned to the relevant team for remediation with a link to the relevant Synk page for more details on the vulnerability and how it can be fixed.This is then linked to our internal processes on how quickly the vulnerability needs to be remediated based on the CVSS score.
Pros
- Reliable
- Up to date
- Easy to use
- Clear guidance
Cons
- Its a bit costly
Most Important Features
- Mapping CVSS
- integrations with other tools
Return on Investment
- Security it hard to quantify but it regularly highlights vulnerabilities that need to be fixed.
- We would not be able to successfully perform CICD without Snyk
Alternatives Considered
Amazon Inspector
Other Software Used
Jira Software, Fiix, by Rockwell Automation, Looker Studio
