Skip to main content
TrustRadius

Overview

What is Snyk?

Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and helps security teams to collaborate with their development teams. It boasts a developer-first approach that ensures organizations can secure all of the critical components of their applications from code…

Read more
Recent Reviews

TrustRadius Insights

Snyk is a versatile tool that offers an array of features, making it invaluable for securing the software development lifecycle and …
Continue reading

Snyk (sneek)

10 out of 10
January 20, 2023
Incentivized
We use Snyk as a mandatory pre-deployment test that is run on all pipelines before code can be sent to production. Any vulnerabilities …
Continue reading

Let no issues Snyk past

9 out of 10
July 14, 2022
We use Snyk in our continuous integration and continuous delivery to ensure no major issues end up in the production environment and the …
Continue reading
Read all reviews
Return to navigation

Pricing

View all pricing

Free

$0

Cloud

Team (Snyk Open Source or Snyk Container or Snyk Infrastructure as Code)

$23

Cloud
per month per user

Business (Snyk Open Source or Snyk Container or Snyk Infrastructure as Code)

$42

Cloud
per month per user

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://snyk.io/plans

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Demos

Find Vulnerabilities In Your Code With Snyk

YouTube

Demo Den - Bitbucket Security by Snyk

YouTube

Final project Devops - CI/CD: Gitlab, Jenkins and Snyk integration demo

YouTube

How to Scale Developer Security Using Snyk (Demo)

YouTube

Snyk for Bitbucket Pipelines

YouTube

Snyk Demo The Developer Desktop Part 1 Open Source - Agata Krajewska

YouTube
Return to navigation

Product Details

What is Snyk?

Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and helps security teams to collaborate with their development teams. It boasts a developer-first approach that ensures organizations can secure all of the critical components of their applications from code to cloud, driving developer productivity, revenue growth, customer satisfaction, cost savings and an improved security posture. The vendor states Snyk is used by 1,200 customers worldwide today, including Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Products include:

  • Snyk Open Source - Automatically detect vulnerabilities and automate fixes during development with an SCA backed by intelligence
  • Snyk Code - Static Application Security Testing (SAST) re-imagined for the developer
  • Snyk Container - Container and Kubernetes security designed to help developers find and fix vulnerabilities in cloud native applications
  • Snyk Infrastructure as Code - Reduce risk by automating IaC security and compliance in development workflows pre-deployment and detecting drifted and missing resources post-deployment
  • Snyk Cloud - Cloud security with a unified policy as code engine so every team can develop, deploy, and operate safely in the cloud

Snyk Video

Snyk's Developer Security Platform

Snyk Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(17)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Snyk is a versatile tool that offers an array of features, making it invaluable for securing the software development lifecycle and enhancing overall security. Users rely on Snyk to identify vulnerabilities in both code and software, especially in an S-SDLC lifecycle. By automating the review of CVEs and providing actionable intelligence, Snyk saves users time and helps them mitigate vulnerabilities quickly. It also assists in securing libraries and dependencies, particularly in open-source projects, by offering suggestions for library upgrades. Additionally, Snyk simplifies security management in enterprises through its integrations and provides transparency on vulnerability profiles, aiding decision-making for prioritizing fixes. With its prevention-oriented approach to software development and informative notifications, Snyk helps users create more secure software during coding and before deployment.

Integration with CI/CD tools: Users appreciate Snyk's integration with CI/CD tools, finding it beneficial for their development process. Several reviewers have mentioned how this integration has improved their workflow and made it easier to incorporate security measures into their continuous integration and deployment pipelines.

Identifying and updating code to keep it secure: The ability to identify and update code to keep it secure is seen as a valuable feature by users. Many reviewers have praised Snyk for its effectiveness in pinpointing vulnerabilities in their codebase and providing guidance on how to resolve them, ensuring that their software remains secure.

Helpful in identifying issues with dependencies: Users find Snyk helpful in identifying issues with dependencies and providing upgrade pathways for resolving them. Numerous reviewers have mentioned that Snyk's dependency scanning capabilities have been instrumental in uncovering vulnerabilities and guiding them towards the necessary updates or patches.

Cons:

  1. Confusing User Interface: Several users have mentioned that the user interface of the application can be overwhelming and confusing, making it difficult to navigate and control certain features. Users found the user interface confusing, which made tasks more challenging.
  2. Lack of Pricing Options: Some users found the pricing of the software to be expensive and suggested having more pricing options outside of bundles to cater to different budgets.
  3. Limited Reporting Capabilities: Users have expressed the need for improvements in reporting capabilities, including more options and enhancements in this area. They feel that the current reporting functionality is lacking and could provide better insights into vulnerabilities and project status.

Note: The selected cons are based on their frequency among user reviews while adhering to the instructions provided.

Reviews

(1-4 of 4)
Companies can't remove reviews or game the system. Here's why
Score 6 out of 10
Vetted Review
Verified User
Incentivized
Snyk is an integral part of our development process. It is fully integrated into our deployment process to ensure that Snyk scans any new code to identify security issues. We trust this tool to support our effort for clean and secure code. It is sometimes verbose but almost always correct on issues it identifies or areas of concern.
  • Identify potential security issues.
  • Analyse library dependencies.
  • Secure code as it is written close to development.
  • Setting up is complex and when not do no properly provides too many false positives.
  • We use another tool in parallel because it does not cover all of our languages especially for older code that is in mixed languages.
  • Integrating it with bitbucket was not straight forward.
Snyk is a good tool to give you some confidence in the quality and security of your code. There is always old code; no matter how much teams would like to get rid of it, it is not easy or cost-effective most times. Snyk struggles a bit with old monoliths and services and complex code with sometimes very old libraries.
  • Snyk Code.
  • Snyk open source.
  • Positive impact with cleaner and more secure code coming out.
  • Reduction of defects.
  • Reduction of time to fix defects.
I use both as they combine together well.
January 20, 2023

Snyk (sneek)

Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Snyk as a mandatory pre-deployment test that is run on all pipelines before code can be sent to production. Any vulnerabilities identified are raised as tickets in Jira and assigned to the relevant team for remediation with a link to the relevant Synk page for more details on the vulnerability and how it can be fixed.This is then linked to our internal processes on how quickly the vulnerability needs to be remediated based on the CVSS score.
  • Reliable
  • Up to date
  • Easy to use
  • Clear guidance
  • Its a bit costly
Snyk is great for monitoring library vulnerabilities which would be very difficult to keep on top of without a tool like this. We integrate it with our deployment pipelines in Gitlab to run on all the applications that are then deployed to AWS.

There is some overlap with the SAST checks that are performed by Amazon Inspector but neither covers the whole spectrum of what we need so we currently need to use both but Snyk is a key part of our defence in depth strategy.
  • Mapping CVSS
  • integrations with other tools
  • Security it hard to quantify but it regularly highlights vulnerabilities that need to be fixed.
  • We would not be able to successfully perform CICD without Snyk
Unfortunately, neither cover all of the use cases that we would like so we need to use both but they are both excellent tools as part of our vulnerability management. We find that Snyk helps us better with improving our MTTR of identified vulnerabilities when compared to inspector but that may be more based on how we have implemented both tools.
Score 9 out of 10
Vetted Review
Verified User
We use Snyk in our continuous integration and continuous delivery to ensure no major issues end up in the production environment and the cms is used in a responsible and secure manner. Using this in a periodic setup gives us automatic insight and prevents big production security issues, especially in the current cloud environments we operate in.
  • Integration in CI/CD pipeline.
  • Periodic reporting is also an option.
  • Clear separation of issues/categories.
  • Insightful reasoning for issue and suggested solutions.
Integrated into a CI/CD setup is ideal, especially with a quality gate combined with the intention never to let critical or major errors land in a production environment. If the full service isn't achievable budget-wise a periodic scan is better than nothing.
I can imagine if your code runs somewhere very deep behind a plethora of other secured systems and doesn't handle any sensitive data you might not want to use it, but if you don't actually have trained security developers on your team this is definitely the next best thing.
  • Insight in the quality and security of our code.
  • Multiple tiers to suit your need.
  • Good integration options.
  • Nothing big on our specific projects.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Snyk is used for Open Source Software Governance. It helps in dependency management and identifying vulnerability in open-source libraries/packages used in the software.
  • Helps in dependency management
  • SAST - Static Application Security Testing
  • Infra Code Scan ( Terraform , Cloud Formation , Docker image scan)
  • OSSG
  • Customizable Dashboard for analytics is missing
  • Snyk has a sleek GUI but customizing the policies leaves room for improvement
  • Autoremediation can be improved.
  • OPA based Infra scan is missing and is probably covered by a recent acquisition ( Fugue)
1) SAST Code Scan 2) Infra Code Scan 3) Docker Image Scan 4) SAS solution and provides good integration with various SCMS
  • Vulnerability in Open-source
  • Identifying the license violation
  • Snyk Code for SAST
  • Infra Code Scan
  • Increased developer experience
  • Better productivity due to shift left as Vulnerabilities are caught earlier in the SDLC process
  • Improved Vulnerability Management
  • Common dashboard for various stages in CI/CD
Better Vulnerability research and GUI and usability
Return to navigation