Snyk Reviews

It is a source composition analysis tool that we use to perform vulnerability scanning for those vulnerabilities within open source libraries.

This is a SaaS solution.

It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now.

We were aware of problems that were there, but we weren't looking for them until we had Snyk. It is definitely showing us things that we should have been concerned about, and we have found a lot of value in resolving those things since we've discovered them.

It's reduced the amount of active vulnerabilities in our applications, providing both a more stable and secure environment for us in the libraries that we develop. It has highlighted a number of things we weren't aware of in our applications and the reduction of those is definitely a benefit and value-add to our applications.

The general source composition analysis is the key to the piece. That is the feature to check our open source libraries for vulnerabilities and the primary feature that we use the tool for.

It is extremely easy to use and very simple to catch on for every team that we train on it. We generally have our development teams leverage the tool themselves. It's extremely easy to teach them how to use it and get them to onboard it.

From a speed perspective, we use Git repository. It was very easy to integrate into that platform.

The solution’s ability to help developers find and fix vulnerabilities quickly is very good and convenient. It provides the ability to easily work the platform into our existing repositories and leverage our repository. It also pulls notifications as a means for notifying developers of vulnerabilities within the projects that are developing.

The solution’s vulnerability database is very comprehensive and accurate.

There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform.

We have been using Snyk for about a year.

It is very stable.

We use existing staff to maintain and operationalize it.

It is extremely easy to scale and hooks into all of our application repositories without any issues. We use the product extensively in the projects that we are currently running. We are using the product at close to 100 percent.

Developer-adoption of the solution has been good. It is one of the better tools in our application security library from an adoption perspective and needs of use. It has the most positive feedback out of all our solutions.

There are probably 50 users who are security/developers and development-focused security professionals.

The only technical support that we have received has been through our account team, and it's been fantastic. I haven't actually had to open any tickets or anything using the tool. The only time we've ever needed assistance was to open up a ticket for single sign-on configuration. It was extremely quick. They had a very easy, fast response for how to deliver it.

We previously used Black Duck. We switched to Snyk because of its better false positive ratings along with its ease of use, integration, and deployment.

The initial setup was straightforward. It was just extremely easy to integrate into our repositories, get the code scanning working, and add our projects into the application.

The deployment was quick. We had our first application in it within minutes.

Implementation strategy: We hooked up our applications and integrated them into the tool. Then, we started to address vulnerabilities as we saw fit from a risk perspective.

We have seen ROI with Snyk. It has showed us a lot of things that we were not privy to before. This has opened our eyes to a lot of very important things, e.g., vulnerabilities.

The solution has reduced the amount of time it takes to fix problems. It has done a great job explaining what the problem is and how to resolve it with remediation. It gives you a lot of details about versioning and such for the library. It is definitely helpful there.

The time-to-value of the solution in our company was almost immediate.

It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website.

We focused our evaluation specifically on Black Duck and Snyk, plus Veracode as a larger product offering.

The Snyk platform does everything we've expected it to do. It works much better than some of the competitors we looked at during our assessment.

If you're looking for a source composition analysis tool or a tool to monitor your open source security, then it's a fantastic solution.

SAST and DAST are very important functions. We have alternative options for those though. I wouldn't say the solution’s lack of SAST and DAST hurts or affects us. It would be nice if these were a platform or offering that they did have.

We don't use the solution’s Container security feature at the moment, but we are planning on using it.

I would rate this solution as an eight or nine (out of 10).

I am using Snyk for DevOps and security.

The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful.

The solution could improve the reports. They have been working on improving the reports but more work could be done.

I have been using Snyk for a few months.

The stability of Snyk is good.

We have not had any challenges with the scalability of Snyk.

There are good resources to answer questions when we have issues.

I have not used a testing solution prior to Snyk.

The initial setup of Snyk was easy.

The price of the solution is expensive compared to other solutions.

I would recommend people use the free tier first before they purchase.

I rate Snyk a ten out of ten.

The solution is set up in a test lab for proof of concept on the ACIA component. Our client is proposing the solution in an RFP response that will include 3,000 users when awarded. 

The solution has great features and is quite stable. 

The log export function could be easier when shipping logs to other platforms such as Splunk. 

I have been using the solution for months.

The stability is quite good. 

The solution is scalable with no issues. 

I have not needed technical support. 

The initial setup is quite straightforward and took fifteen minutes. 

We implemented the solution in-house. 

In our lab environment, the deployment strategy is to install and run with no complex operations. 

I rate the solution a nine out of ten. 

I am a reseller. We provide solutions for our customers.

It's a good product. I haven't seen any weakness.

Snyk is a developer-friendly product.

Compatibility with other products would be great.

I have not contacted technical support.

Previously, I was working with Micro Focus Fortify.

The initial setup is easy.

We have also evaluated Prisma Cloud by Palo Alto.

We tried to partner up with Snyk, but we were not successful in gaining a partnership. We are not authorized Snyk resellers.

I would rate Snyk an eight out of ten.

We use the product to scan our code for any vulnerable dependencies we might have. We depend on open source libraries and need to make sure they're secure. If not, we need to highlight the areas and replace them, update them quickly. A secondary, minor use case is to also look at licensing and make sure that we're not using open source licenses we should not be using. Those are our two use cases.

What is valuable about Snyk is its simplicity, and that's the main selling point. It's understandably also very cheap because you don't need as much account management resources to manage the relationship with the customer and that's a benefit. I also like that it's self-service, with extremely easy integration. You don't need to speak to anybody to get you off and running and they have loads of integrations with source control and cloud CI systems. They are a relatively new product so they might not have a bigger library than competitors, but it's a good product overall.

They do however have the option to install Snyk on-prem, but it is much more expensive.

The product could be improved by including other types of security scanning (e.g. SAST or DAST), which is important. It would also help to include the static analysis specifically to the open-source scanning so we could get an idea of whether a particular library is vulnerable and recognise if we're actually using the vulnerable part of it or not, they do have runtime analysis, but it is a hassle to set up.

It would be the same issue in terms of the inclusion of additional features. I think static analysis is really important. A second additional feature would be to add tags to projects, identifying an important project or assigning a project to a particular team. Custom tags would be helpful.

I've been using the product for less than a year. It's an SaaS solution, online, so we're always using the latest version. 

It's a very stable product, they are clear when a specific feature is in beta.

We have hundreds of source code repositories, and Snyk scans them in minutes (it just looks at package management files to identify the dependency tree), Snyk uses the same infrastructure to scan for all customers on the cloud which gives it lots of scalability opportunities compared to some other vendors where the software is installed on-prem or on a dedicated instance which makes the software pricy and limited (this dedicated instance will be idle most of the time, and the customer needs to pay for it).

The technical support is very good. 

Some of our products are deployed on the private cloud behind firewalls, Snyk has tools to carry out security scanning from our private repositories. 

For anyone thinking of using the product, I would suggest using cloud and SaaS providers. Generally, they are easy to work with and there's no hassle of having to talk to salespeople and arrange demos, etc. Self-service SaaS products are a good way to go when it's appropriate.

I would rate this product a nine out of 10.

The product's most valuable features are an open-source platform, remote functionality, and good pricing.

Snyk's API and UI features could work better in terms of speed. Additionally, they could optimize and provide better reports, including reports for security, technical, and developer level.

We have been using Snyk for two and a half years.

I rate the platform's stability an eight or nine out of ten. Sometimes, we encounter downtime issues, but it has quick recovery. It impacts our system and needs improvement for better outcomes during the development phase.

We have 20 to 50 Snyk users in the development team of our organization. It is a scalable product.

The technical support services are available quickly for developers. However, they should improve their speed of response for customers.

Neutral

I have used Checkmarx and some other open-source software.

The initial setup is neither difficult nor easy. However, it works slowly. It takes some weeks or months to complete the process.

The product has good pricing. 

I recommend Snyk to others and rate it a seven out of ten.

We use this product for security analysis. It enables us to analyze the development code and find the security vulnerabilities and best practices. We have around 20 developers testing this solution. I'm the senior DevOps and we are users of Snyk.

The solution is very easy to install. It provides clear information and is easy to follow. We get good feedback regarding code practices and how to fix security issues. Another benefit is that it has worked with containers for a long time and has a partnership with Docker. They have a lot of experience and good expertise in security.

I think they could improve the feature for automatic fixing of security breaches. If they had a Kubernetes coverage of vulnerabilities that would be helpful.

I've been using this solution for two months. 

The solution is stable. 

The solution is scalable. 

The technical support is good. They are very helpful and also offered us a demo.  

The initial setup is not complicated, it's just configuring the connection, and connecting to the server.

We're using the open source version for now.

I think it's worthwhile to try this product and I rate it nine out of 10. 

In my company, Snyk is useful because it provides container security and DAST.

Snyk is a strong security solution that helps customers analyze static code and improve their security and code in their main application.

DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings.

I have experience with Snyk, and it is a new solution chosen by my company. I am a reseller of the solution.

It is a stable solution. Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution an eight out of ten.

One security engineer uses Snyk in our company, but we don't use the tool for our own use cases, and we only deploy it for our customers.

I rate the technical support a ten out of ten.

Positive

Our company previously used Micro Focus for three or four months. We have worked with Checkmark for more than two or three years.

We provide Snyk to our customers. It is a very strong solution.

I rate the initial setup a ten on a scale of one to ten, where one is difficult, and ten is easy.

The solution is deployed on the cloud since it is a SaaS solution and doesn't have an on-premises version.

The deployment process for Snyk takes like a week.

For the steps in Snyk's deployment, one has to buy a license and click on the deploy icon on Snyk's website, after which it syncs up with the system.

One person is required for deployment. Even if we talk about something like container security or DAST, only one person would be required for the deployment process.

On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing a three. It is a cheap solution.

I would definitely recommend the solution to those planning to use it since it is easy to deploy and has strong features like machine learning and the ability to analyze static codes.

Overall, I rate the solution an eight out of ten.