TrustRadius: an HG Insights company
Back to Overview

Snyk Reviews and Ratings

Rating: 8.8 out of 10
Score
8.8 out of 10

Community insights

TrustRadius Insights for Snyk are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Integration with CI/CD tools: Users appreciate Snyk's integration with CI/CD tools, finding it beneficial for their development process. Several reviewers have mentioned how this integration has improved their workflow and made it easier to incorporate security measures into their continuous integration and deployment pipelines.

Identifying and updating code to keep it secure: The ability to identify and update code to keep it secure is seen as a valuable feature by users. Many reviewers have praised Snyk for its effectiveness in pinpointing vulnerabilities in their codebase and providing guidance on how to resolve them, ensuring that their software remains secure.

Helpful in identifying issues with dependencies: Users find Snyk helpful in identifying issues with dependencies and providing upgrade pathways for resolving them. Numerous reviewers have mentioned that Snyk's dependency scanning capabilities have been instrumental in uncovering vulnerabilities and guiding them towards the necessary updates or patches.

Reviews

6 Reviews

A Tech-Savvy Solution for Managing Security Concerns

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

We have been using Snyk for over 4 years now, Snyk Code in comparison to its peers gives a very precise outline of code level vulnerabilities, it has a very low false positive rate and the coverage across languages is also something which addresses a vast range of product portfolio. All in all, when compared to its peers we find Snyk Code giving a better ROI and empowers the developers in a much more positive way than others.

Pros

  • The Snyk Code IDE plugin is something that really works very well and brings out the true shift left story by providing very accurate findings and equally good mitigation solutions to the developers.
  • The fact that even at the level of enterprise the ability to collate all the snyk code information on to a common dashboard is also something which adds a lot of value.
  • Improve compliance & risk management
  • Snyk has been exceptional throughout the entire selection, on-boarding, and implementation process

Cons

  • The tool itself has many capabilities but using them operationally within the platform on a day to day basis for managing vulnerabilities is not a good experience.
  • Our company was in desparate need of a tool to help us manage vulnerabilities so we could achieve a SOC 2 assurance report without findings.

Likelihood to Recommend

Snyk Code provides detailed insights into potential security issues, helping you identify vulnerabilities in the early stage and it saves time with the IDE integration and also they have lots of integration with different SCM and it's very easy to onboard the projects and scan it on weekly basics.

VU
Verified User
Engineer in Engineering (10,001+ employees)
Vetted Review
Snyk
3 years of experience

Snyk - A Security saviour.

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

Snyk has been a savior for us, right from enforcing container security to scanning GitHub repositories for detecting threats and vulnerabilities with CVEs, which helps in the identification and mitigation of high-severity security issues. Snyk also features a user-friendly interface, enabling developers to gain valuable data insights.

Pros

  • Offers real-time alerts as new CVEs are published.
  • Suggests automated fix PRs with updated, secure versions.
  • Scans project dependencies (npm, Maven, pip, etc.) for known vulnerabilities.

Cons

  • Although Snyk Code uses ML to reduce noise, it can still generate false positives or low-priority issues that may overwhelm developers.
  • Snyk doesn't allow users to define custom security policies or scanning rules, especially in SAST and IaC modules.
  • While Snyk offers a generous free tier, enterprise pricing can be cost-prohibitive for larger teams or startups scanning many repositories or containers.

Likelihood to Recommend

Scenarios Where Snyk Is Well-Suited CI/CD Pipeline Integration (Node.js, Python, etc.) Container Security Open Source License Compliance Infrastructure as Code (IaC) SecurityScenarios Where Snyk May Be Less Appropriate Scanning Proprietary or Custom Code for Unknown Vulnerabilities Complex Monorepos with Custom Build Tools Organizations Requiring Custom Security Rules Advanced Security Teams Needing Correlation and Deep Triage.

VU
Verified User
Engineer in Information Technology (5001-10,000 employees)
Vetted Review
Snyk
7 years of experience

A first line of safety but you might need more.

Rating: 6 out of 10
Incentivized

Use Cases and Deployment Scope

Snyk is an integral part of our development process. It is fully integrated into our deployment process to ensure that Snyk scans any new code to identify security issues. We trust this tool to support our effort for clean and secure code. It is sometimes verbose but almost always correct on issues it identifies or areas of concern.

Pros

  • Identify potential security issues.
  • Analyse library dependencies.
  • Secure code as it is written close to development.

Cons

  • Setting up is complex and when not do no properly provides too many false positives.
  • We use another tool in parallel because it does not cover all of our languages especially for older code that is in mixed languages.
  • Integrating it with bitbucket was not straight forward.

Likelihood to Recommend

Snyk is a good tool to give you some confidence in the quality and security of your code. There is always old code; no matter how much teams would like to get rid of it, it is not easy or cost-effective most times. Snyk struggles a bit with old monoliths and services and complex code with sometimes very old libraries.

AC
Alex Campos
Head of Engineering in Engineering at inSided (51-200 employees)
Vetted Review

Snyk (sneek)

Rating: 10 out of 10
Incentivized

Use Cases and Deployment Scope

We use Snyk as a mandatory pre-deployment test that is run on all pipelines before code can be sent to production. Any vulnerabilities identified are raised as tickets in Jira and assigned to the relevant team for remediation with a link to the relevant Synk page for more details on the vulnerability and how it can be fixed.This is then linked to our internal processes on how quickly the vulnerability needs to be remediated based on the CVSS score.

Pros

  • Reliable
  • Up to date
  • Easy to use
  • Clear guidance

Cons

  • Its a bit costly

Likelihood to Recommend

Snyk is great for monitoring library vulnerabilities which would be very difficult to keep on top of without a tool like this. We integrate it with our deployment pipelines in Gitlab to run on all the applications that are then deployed to AWS.

There is some overlap with the SAST checks that are performed by Amazon Inspector but neither covers the whole spectrum of what we need so we currently need to use both but Snyk is a key part of our defence in depth strategy.

VU
Verified User
Manager in Corporate (10,001+ employees)
Vetted Review
Snyk
2 years of experience

Let no issues Snyk past

Rating: 9 out of 10

Use Cases and Deployment Scope

We use Snyk in our continuous integration and continuous delivery to ensure no major issues end up in the production environment and the cms is used in a responsible and secure manner. Using this in a periodic setup gives us automatic insight and prevents big production security issues, especially in the current cloud environments we operate in.

Pros

  • Integration in CI/CD pipeline.
  • Periodic reporting is also an option.
  • Clear separation of issues/categories.
  • Insightful reasoning for issue and suggested solutions.

Likelihood to Recommend

Integrated into a CI/CD setup is ideal, especially with a quality gate combined with the intention never to let critical or major errors land in a production environment. If the full service isn't achievable budget-wise a periodic scan is better than nothing.

I can imagine if your code runs somewhere very deep behind a plethora of other secured systems and doesn't handle any sensitive data you might not want to use it, but if you don't actually have trained security developers on your team this is definitely the next best thing.

VU
Verified User
Engineer in Information Technology (1001-5000 employees)
Vetted Review
Snyk
2 years of experience

Snyk - So now that you know

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

Snyk is used for Open Source Software Governance. It helps in dependency management and identifying vulnerability in open-source libraries/packages used in the software.

Pros

  • Helps in dependency management
  • SAST - Static Application Security Testing
  • Infra Code Scan ( Terraform , Cloud Formation , Docker image scan)
  • OSSG

Cons

  • Customizable Dashboard for analytics is missing
  • Snyk has a sleek GUI but customizing the policies leaves room for improvement
  • Autoremediation can be improved.
  • OPA based Infra scan is missing and is probably covered by a recent acquisition ( Fugue)

Likelihood to Recommend

1) SAST Code Scan 2) Infra Code Scan 3) Docker Image Scan 4) SAS solution and provides good integration with various SCMS

MS
Manas Singh
IT Architect in Information Technology at Guardian (10,001+ employees)
Vetted Review
Snyk
2 years of experience