Snyk - A Security saviour.
July 07, 2025

Snyk - A Security saviour.

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

Snyk Enterprise

Modules Used

  • Snyk Container
  • Snyk Open Source
  • Snyk Infrastructure as Code
  • Snyk Code

Overall Satisfaction with Snyk

Snyk has been a savior for us, right from enforcing container security to scanning GitHub repositories for detecting threats and vulnerabilities with CVEs, which helps in the identification and mitigation of high-severity security issues. Snyk also features a user-friendly interface, enabling developers to gain valuable data insights.

Pros

  • Offers real-time alerts as new CVEs are published.
  • Suggests automated fix PRs with updated, secure versions.
  • Scans project dependencies (npm, Maven, pip, etc.) for known vulnerabilities.

Cons

  • Although Snyk Code uses ML to reduce noise, it can still generate false positives or low-priority issues that may overwhelm developers.
  • Snyk doesn't allow users to define custom security policies or scanning rules, especially in SAST and IaC modules.
  • While Snyk offers a generous free tier, enterprise pricing can be cost-prohibitive for larger teams or startups scanning many repositories or containers.
  • Improved Security Posture.
  • Accelerated Development Cycles.
  • Cost at Scale.
  • Lack of Custom Rules/Policies.
Developer-Centric Design - Snyk integrates directly into IDEs (like VS Code and IntelliJ), CI/CD pipelines, GitHub/GitLab, and container registries. Clear, Actionable Vulnerability report issues are categorized by severity.


Reports include fix recommendations, pull request suggestions, and links to remediation advice.
Developer-Centric Design


Snyk integrates seamlessly into the dev workflow (IDEs, Git, CI/CD).


Tools like Veracode/Fortify are security team-centric, with less developer engagement.


Unlike WhiteSource or Sonatype, Snyk has a faster learning curve and actionable fixes.

Do you think Snyk delivers good value for the price?

Not sure

Are you happy with Snyk's feature set?

Yes

Did Snyk live up to sales and marketing promises?

Yes

Did implementation of Snyk go as expected?

Yes

Would you buy Snyk again?

Yes

Scenarios Where Snyk Is Well-Suited CI/CD Pipeline Integration (Node.js, Python, etc.) Container Security Open Source License Compliance Infrastructure as Code (IaC) SecurityScenarios Where Snyk May Be Less Appropriate Scanning Proprietary or Custom Code for Unknown Vulnerabilities Complex Monorepos with Custom Build Tools Organizations Requiring Custom Security Rules Advanced Security Teams Needing Correlation and Deep Triage.

Comments

More Reviews of Snyk

  1. Home
  2. Software Composition Analysis (SCA) Tools
  3. Snyk Reviews
  4. User Review of Snyk