Snyk

Snyk

Score 8.6 out of 10
Snyk

Overview

What is Snyk?

Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and helps security teams to collaborate with their development teams. It boasts a developer-first approach that ensures organizations can secure all of the critical components of their applications from code...
Read more

Recent Reviews

Snyk (sneek)

10 out of 10
January 20, 2023
We use Snyk as a mandatory pre-deployment test that is run on all pipelines before code can be sent to production. Any vulnerabilities …
Continue reading
Verified User
Manager

Let no issues Snyk past

9 out of 10
July 14, 2022
We use Snyk in our continuous integration and continuous delivery to ensure no major issues end up in the production environment and the …
Continue reading
Verified User
Engineer
Read all reviews

Reviewer Pros & Cons

View all pros & cons
AC
Alex Campos
Head of Engineering
inSided (Computer Software, 51-200 employees)
Verified User
Manager in Corporate
Information Technology & Services Company, 10,001+ employees
Return to navigation

Pricing

View all pricing

Free

$0

Cloud

Team (Snyk Open Source or Snyk Container or Snyk Infrastructure as Code)

$23

Cloud
per month per user

Business (Snyk Open Source or Snyk Container or Snyk Infrastructure as Code)

$42

Cloud
per month per user

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://snyk.io/plans

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services
Return to navigation

Product Details

What is Snyk?

Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and helps security teams to collaborate with their development teams. It boasts a developer-first approach that ensures organizations can secure all of the critical components of their applications from code to cloud, driving developer productivity, revenue growth, customer satisfaction, cost savings and an improved security posture. The vendor states Snyk is used by 1,200 customers worldwide today, including Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Products include:

  • Snyk Open Source - Automatically detect vulnerabilities and automate fixes during development with an SCA backed by intelligence
  • Snyk Code - Static Application Security Testing (SAST) re-imagined for the developer
  • Snyk Container - Container and Kubernetes security designed to help developers find and fix vulnerabilities in cloud native applications
  • Snyk Infrastructure as Code - Reduce risk by automating IaC security and compliance in development workflows pre-deployment and detecting drifted and missing resources post-deployment
  • Snyk Cloud - Cloud security with a unified policy as code engine so every team can develop, deploy, and operate safely in the cloud

Snyk Video

Snyk's Developer Security Platform

Snyk Competitors

Snyk Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

 (15)

Reviews

(1-4 of 4)
Popular Filters
Companies can't remove reviews or game the system. Here's why
January 29, 2023

A first line of safety but you might need more.

AC
Alex Campos
Head of Engineering
inSided (Computer Software, 51-200 employees)
Score 6 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Snyk is an integral part of our development process. It is fully integrated into our deployment process to ensure that Snyk scans any new code to identify security issues. We trust this tool to support our effort for clean and secure code. It is sometimes verbose but almost always correct on issues it identifies or areas of concern.
Pros and Cons
  • Identify potential security issues.
  • Analyse library dependencies.
  • Secure code as it is written close to development.
  • Setting up is complex and when not do no properly provides too many false positives.
  • We use another tool in parallel because it does not cover all of our languages especially for older code that is in mixed languages.
  • Integrating it with bitbucket was not straight forward.
Likelihood to Recommend
Snyk is a good tool to give you some confidence in the quality and security of your code. There is always old code; no matter how much teams would like to get rid of it, it is not easy or cost-effective most times. Snyk struggles a bit with old monoliths and services and complex code with sometimes very old libraries.
Most Important Features
  • Snyk Code.
  • Snyk open source.
Return on Investment
  • Positive impact with cleaner and more secure code coming out.
  • Reduction of defects.
  • Reduction of time to fix defects.
Alternatives Considered
I use both as they combine together well.
January 20, 2023

Snyk (sneek)

Verified User
Manager in Corporate
Information Technology & Services Company, 10,001+ employees
Score 10 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
We use Snyk as a mandatory pre-deployment test that is run on all pipelines before code can be sent to production. Any vulnerabilities identified are raised as tickets in Jira and assigned to the relevant team for remediation with a link to the relevant Synk page for more details on the vulnerability and how it can be fixed.This is then linked to our internal processes on how quickly the vulnerability needs to be remediated based on the CVSS score.
Pros and Cons
  • Reliable
  • Up to date
  • Easy to use
  • Clear guidance
  • Its a bit costly
Likelihood to Recommend
Snyk is great for monitoring library vulnerabilities which would be very difficult to keep on top of without a tool like this. We integrate it with our deployment pipelines in Gitlab to run on all the applications that are then deployed to AWS.

There is some overlap with the SAST checks that are performed by Amazon Inspector but neither covers the whole spectrum of what we need so we currently need to use both but Snyk is a key part of our defence in depth strategy.
Most Important Features
  • Mapping CVSS
  • integrations with other tools
Return on Investment
  • Security it hard to quantify but it regularly highlights vulnerabilities that need to be fixed.
  • We would not be able to successfully perform CICD without Snyk
Alternatives Considered
Unfortunately, neither cover all of the use cases that we would like so we need to use both but they are both excellent tools as part of our vulnerability management. We find that Snyk helps us better with improving our MTTR of identified vulnerabilities when compared to inspector but that may be more based on how we have implemented both tools.
Other Software Used
July 14, 2022

Let no issues Snyk past

Verified User
Engineer in Information Technology
Information Services Company, 1001-5000 employees
Score 9 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
We use Snyk in our continuous integration and continuous delivery to ensure no major issues end up in the production environment and the cms is used in a responsible and secure manner. Using this in a periodic setup gives us automatic insight and prevents big production security issues, especially in the current cloud environments we operate in.
Pros
  • Integration in CI/CD pipeline.
  • Periodic reporting is also an option.
  • Clear separation of issues/categories.
  • Insightful reasoning for issue and suggested solutions.
Likelihood to Recommend
Integrated into a CI/CD setup is ideal, especially with a quality gate combined with the intention never to let critical or major errors land in a production environment. If the full service isn't achievable budget-wise a periodic scan is better than nothing.
I can imagine if your code runs somewhere very deep behind a plethora of other secured systems and doesn't handle any sensitive data you might not want to use it, but if you don't actually have trained security developers on your team this is definitely the next best thing.
Most Important Features
  • Insight in the quality and security of our code.
  • Multiple tiers to suit your need.
  • Good integration options.
Return on Investment
  • Nothing big on our specific projects.
April 13, 2022

Snyk - So now that you know

MS
Manas Singh
IT Architect
Guardian (Financial Services, 10,001+ employees)
Score 9 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Snyk is used for Open Source Software Governance. It helps in dependency management and identifying vulnerability in open-source libraries/packages used in the software.
Pros and Cons
  • Helps in dependency management
  • SAST - Static Application Security Testing
  • Infra Code Scan ( Terraform , Cloud Formation , Docker image scan)
  • OSSG
  • Customizable Dashboard for analytics is missing
  • Snyk has a sleek GUI but customizing the policies leaves room for improvement
  • Autoremediation can be improved.
  • OPA based Infra scan is missing and is probably covered by a recent acquisition ( Fugue)
Likelihood to Recommend
1) SAST Code Scan 2) Infra Code Scan 3) Docker Image Scan 4) SAS solution and provides good integration with various SCMS
Most Important Features
  • Vulnerability in Open-source
  • Identifying the license violation
  • Snyk Code for SAST
  • Infra Code Scan
Return on Investment
  • Increased developer experience
  • Better productivity due to shift left as Vulnerabilities are caught earlier in the SDLC process
  • Improved Vulnerability Management
  • Common dashboard for various stages in CI/CD
Alternatives Considered
Better Vulnerability research and GUI and usability
Other Software Used
Return to navigation