Snyk Reviews

I typically use Snyk for checking the security and vulnerabilities in my repositories.

Recently, I have used Snyk in one of my repositories for security and vulnerability checks, providing comprehensive knowledge about the repository, including what it does and where the security vulnerabilities are located.

I am using Snyk for the first time and did not use any vulnerability scanning solution before this. I was previously doing Red Hat vulnerability scanning locally for dependency checks, which was not what I wanted.

Snyk's main features include open-source vulnerability scanning, code security, container security, infrastructure as code security, risk-based prioritization, development-first integration, continuous monitoring and alerting, automation, and remediation. The best features I appreciate are the vulnerability checking, vulnerability scanning, and code security capabilities, as Snyk scans all open-source dependencies for known vulnerabilities and helps with license compliance for open-source components.

Snyk integrates into IDEs, allowing issues to be caught as they appear in the code dynamically and prioritizes risk while providing remediation advice.

Snyk provides actionable remediation advice on where vulnerabilities can exist and where code security is compromised, automatically scanning everything and providing timely alerts.

Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients.

Snyk has helped reduce vulnerabilities significantly. Initially, the repository had 17 to 31 critical and high vulnerabilities, but Snyk has helped manage them down to just five vulnerabilities, which are now lower and not high or critical.

Although Snyk is strong, sometimes it flags vulnerabilities that are not reachable, not exploitable, and not relevant to a project. Better reachability analysis and context-aware scanning could improve this.

Snyk could benefit from a more optimized scanning engine and incremental scan caching.

I have been using Snyk for the previous one year.

I have no issues with Snyk's reliability; it is stable.

Snyk is very scalable and can handle my organization's growth and changing needs, allowing us to scale up to many stages and reduce developer costs, especially when we have fewer developers.

I never reached out to customer support because I never encountered any issues.

Negative

I considered SonarQube in detail before choosing Snyk.

My experience with pricing, setup cost, and licensing is good, as the overall setup experience is smooth with easy onboarding for connection with GitHub and GitLab. I primarily use it with GitHub, requiring just a few clicks to set up Snyk.

I can see that Snyk saves the costs of hiring security developers for vulnerability scanning and security checks, as that responsibility is now managed by Snyk.

Pricing is good for small teams, with a free tier or low-usage pricing available, and the licensing experience is straightforward but not very flexible.

My advice for others looking into using Snyk is that if you are starting a repository that is free from vulnerabilities and security checks, Snyk is a good option. It automatically provides advice on how to improve for reducing vulnerabilities and security issues, allowing for easy removal of vulnerabilities. You can use it for a free trial, and if it impacts your organization positively, you can consider further usage.

Snyk is a very good product for vulnerability code scanning and can be used effectively. I would rate this product a nine point five out of ten.

We are a customer of Snyk, which is a SaaS solution. We are one of the tenants using Snyk services but are not doing any enhancement development. We are purely a customer availing Snyk services.

We are also using a separate DAST tool, though I am not aware of the tool name as it is managed by a different team.

We utilize two main capabilities: application vulnerability detection and SCA capabilities. The primary reason we use Snyk is for SAST, as we want to scan our applications for any security vulnerabilities and address them.

Snyk is finding all the issues we have. It suggests solutions for every vulnerability, and we are getting patches frequently. As someone from an enterprise, I want to share feedback that might help others. There are multiple teams involved in our organization. We have a separate cyber team that works with Snyk and keeps on updating, though I am not fully aware of all the details in that area.

I have not explored from that perspective. Being from an application perspective, I cannot say anything that needs real improvement. I have not explored from that angle. Till now, we did not face any scaling issues and I did not hear of any. I would rate this at 9 because I always keep one number in reserve, as there is always scope for improvement for any tool.

We have been using Snyk for more than a year.

Till now, we did not face any scaling issues and I did not hear of any. I would rate this at 9 because I always keep one number in reserve, as there is always scope for improvement for any tool.

We do not raise issues directly with Snyk. We have a common team that liaises with Snyk. Whenever we have issues, we raise them with the cybersecurity team within our company who supports Snyk, and they in turn interact with Snyk.

Positive

Earlier, I used Checkmarx, which is another SAST tool. By default, any company and any SAST tool like Checkmarx or Snyk provides a plugin.

Snyk is integrated. I have not used it directly, though I may have used it indirectly.

I am from an enterprise and want to share feedback that might help others. There are multiple teams involved in our organization. I am from the application team, so I know the vulnerabilities and how to fix them. However, there is a platform team that takes care of giving permission for Snyk and access levels, which I am not fully aware of. At a high level, we have a Snyk admin team in our company that gives permissions, though I do not know all the details of what they do. I cannot share feedback on the admin area, but I can share that vulnerability-wise, I am happy with what Snyk provides and the solutions it gives.

When Snyk identifies issues, our pull request process will not allow us to merge them in the first place. Snyk helps us by blocking critical issues and vulnerabilities. If someone bypassed the pull request check, we have another check in place before production release where we validate everything and block the code if it violates our standards. Based on Snyk categorization, we block issues from our end while raising a pull request and also before releasing to production.

We need Snyk because we are in the banking industry with thousands of applications. Every day, we deploy code to production, releasing almost every day except weekends, though we sometimes release on weekends for very large deployments. Anything that goes to production should not have any security vulnerabilities. Being in the banking industry and having applications used by end customers, we are dealing with end customer data. No one should steal data in any format, and with authentication, one user cannot see another user's data. Snyk is paramount and extremely important for us. Every application that goes into production must pass Snyk vulnerability scanning before it can be deployed. If you ask whether it is important, it is absolutely critical. I would rate it 10 out of 10.

Internally, whenever a Snyk scan runs, we have created GitHub Actions. Our target state is GitHub Actions everywhere. When we run the GitHub Actions, it will connect to the latest Snyk scanning through API and automatically gets all open issues, then creates a GitHub issue. First, our internal tool pulls out all Snyk security issues through the API and creates GitHub issues. We manually open a GitHub issue and give a command prompt to our AI agent. That prompt internally might work with Snyk autofix capability and gets the fixes correctly and creates a pull request. We review and check in the pull request, which is reviewed by experienced team members. This is the process we follow: create an issue based on a Snyk scan and for every issue, run a prompt so that it creates a pull request automatically with the fixes.

We do use Snyk documentation. We internally do not have many resources because we do not want to duplicate. Snyk guide is purely open and not logged in, so we use it.

Snyk documentation is extremely useful. Vulnerability-wise, I do not go to Snyk documentation frequently because in the current world, with my 25 plus years of experience, I used to fix many things manually before these tools existed. I need to know the intricacies of how to fix code. If you take 10 years back, there were tools and libraries which you could integrate with one or two lines, which solved the problem. With the current AI world, I do not even need that. If I get some issues, I do not even need to go to the Snyk website and read how to fix. I have an AI tool that can fix it if I ask it to. From an engineer's perspective, I still read the documentation. As a person who came from the manual world 25 years back, I still read the fix documentation. The documentation is very good, and being a general one, I understand the SAST world, so I did not find much problem with the documentation.

We are using Snyk, which is a SAST tool. There is a team in our organization who developed some AI agent on top of Snyk capabilities. I do not know exactly how they integrated Snyk, but our organization provides an AI agent which, if we run, automatically fixes issues and raises a pull request. In that case, we are indirectly using Snyk.

My overall rating for Snyk is 10 out of 10.

The best feature of Snyk is the integration with our ticketing system, which is Jira. That integration was one we were specifically looking for. The deep integration with our IDE and repository is another valuable feature. In terms of deploying these features, it's seamless.

Snyk should improve the scanning capabilities for other languages. For example, Veracode is strong with different languages such as Java, C#, and others. However, Snyk performs better at mobile source code scanning compared to Veracode. If both capabilities were combined, that would be exceptional.

As we are moving toward GenAI, we expect Snyk to leverage AI features to improve code scanning findings. One key feature we are currently examining with Veracode is AIVSS (Artificial Intelligence VSS), which is an extension of CVSS to cover use cases or top 10 LLM findings during code scanning. Since this is relatively new, we expect upcoming features to cover AI scoring. We have AI projects currently deploying in our organization, and we want to cover not only normal CVSS but also receive an AI assessment score. Both Veracode and Snyk should implement this new scoring system for CVSS and AIVSS.

We are a customer of Snyk, not a partner.

We have contacted Snyk's technical support regarding several issues, and they have resolved them successfully.

Snyk's technical support deserves a rating of seven or eight out of ten. Their response time aligns with their SLA commitments.

Positive

My previous company continues to use Snyk.

The initial setup of Snyk was straightforward.

We discussed pricing with their account manager and secured a favorable deal. Initially, we planned to subscribe through AWS Marketplace at standard rates. After negotiations, we received a special package with a good price point. We signed a two-year contract, and they provided special links for subscription. The payment structure operates on a monthly prepaid basis.

While Snyk may not be the absolute best option in the market, it offers the most seamless experience currently available. Based on their price point and features, it's both affordable and fair considering the license package offered.

During our implementation, we conducted a pilot test with Snyk for approximately two weeks during our UAT session. We spent an additional two to three weeks obtaining management approvals for production repository access. The testing was performed on development repositories before moving to production. While the actual implementation took about a week, the complete process duration was extended due to internal organizational approval processes.

I rate Snyk 8 out of 10.

The most recent client had experience with other products that did not have some features Snyk provides, such as Fortify in the old version before OpenText acquisition. They gave feedback about the precision in discovering vulnerabilities. They found that Snyk can provide more insights about vulnerabilities than older applications in SAST and SCA.

We have integration with GitHub Actions to analyze the code and we use a double check in the pipeline. Our strategy is about shift left. The developers connect with Snyk, Git, and use this with the pipeline.

They evolved their maturity because they could find the vulnerabilities before the pipeline runs. They can find and correct these vulnerabilities in a step before the pushes and PRs to GitHub. They think it is a very positive feature.

I appreciate the UI. It is simple, fast, and I value the precision in the tests. The responses are positive.

Regarding the vulnerability database and AI, we have good experience with that. I cannot compare with other providers or vendors such as Veracode, Checkmarx, and others. All the tests are positive in my analysis.

Technically, we have better vulnerabilities detection in Checkmarx and Veracode. Both of them are more precise about vulnerabilities detection. Snyk is slightly less effective, but this is something they can improve on in the future.

We have been using the solution for one and a half years. Not much time.

We did not need support during the proof of concept.

The documentation is good. It is one of the reasons we did not need support. We could understand the implementation of the product and other features without the need for human interaction.

Positive

I made a proof of concept for a client with Checkmarx for about one month. I provided them a review about my experience. Now they are analyzing my results and considerations about other products too. I do not know if they already have a response about which product they will buy.

Snyk is less expensive.

It is simpler than other vendors. We have some difficulties with other license models. They are more complex and involve an acquisition of more products such as Synopsys and Checkmarx used a complex license model. Snyk has a license model simpler than most of the other vendors.

It was one of my three recommendations for my client. I am satisfied with the product. I rate Snyk 8.5 out of 10.

I lead a code security practice for our organization. We integrated Snyk into our GitHub, using CLI to automatically scan codebases and identify issues. We are a large organization with three independent entities, consolidating Snyk across all entities. 

We also provide access through numerous CI/CD tools. Our default implementation mechanism is CLI, but we also use the Web UI for a comprehensive view and recommendations.

For large organizations like ours, cost is a major factor. Snyk is the most cost-effective solution compared to others like Checkmarx. 

We consolidated Snyk across three entities that used different tools. As a result, our organization became one of the largest in implementing Snyk.

The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Checkmarx. It is easy to consolidate Snyk across multiple entities within a large organization. 

Additionally, our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.

Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR. It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for that functionality. These limitations were documented in a book that I wrote.

We implemented Snyk starting last year, and it has been in use for around two and a half years.

Snyk allows for scaling across large organizations, accommodating tens of thousands of applications and over 60,000 repositories, making it suitable for wide-scale deployment.

Our organization maintains a good relationship with Snyk's customer support team. Despite potential variations in service quality for smaller organizations, our long-standing association has ensured smooth communication, resulting in favorable support experiences and satisfactory issue resolution.

Positive

Previously, we used Synopsys Coverity and later migrated to Checkmarx and Mend before Snyk. Synopsys Coverity was costly, prompting a switch. Snyk's affordability and consolidating capabilities across the entities led to its adoption.

The initial setup of Snyk is simple and straightforward compared to Synopsys Coverity, which is complex. Checkmarx falls in between, not too complicated or easy, but a reliable option. Snyk's ease of implementation makes it user-friendly.

We have different teams managing aspects like licensing and engagement with the support team. They facilitate setup and maintenance, optimally integrating Snyk into our GitHub and CI/CD processes.

Snyk is recognized as the cheapest option we have evaluated. In comparison to eight or nine other solutions, it ranks among the most affordable, providing cost-effective scalability across organizational units.

In my comparative evaluations, I considered tools like AppScan, Veracode, Checkmarx, Synopsys Coverity, and six to eight other alternatives.

Snyk is optimal for organizations starting or looking for an affordable, effective tool. Despite false positives, it combines SAST, SCA, containers, and IaS in one Web UI. On a scale of one to ten, I rate Snyk at six.

We use some legacy and some new languages as we are aiming for serverless solutions. We're using serverless as is and with Python. We import it to Snyk to do SAST scanning for every one of our repositories on the Bitbucket pipeline. At least 350 repositories, including libraries and some automation such as robots or scripts. We have a huge background in using this tool.

We have seen an improvement this month. My security team told me, "We need to break your pipeline if the tools present critical and high-end security issues on the code, so this code cannot go to a staging or homologation environment." I then made improvements to the tools, which were not cheap. But it's a standard feature and a customer need, so I do this, then we apply. Using Snyk, we get the results and the reports and deploy the applications with high-end critical issues of security such as DoS or Cross-Site scripting, any kind of present, on the Snyk IO solution.

I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario. Snyk was built for SCA initially, so it's the main goal of the solution so far. But SCA only loses the battle with Black Duck from Synopsys.

They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features. It's very basic right now. For example, you need to make many workarounds to get reports from API RUSH. Improving how the plugin works is the best way to get any partnership with most tools. This way, Snyk could, for example, integrate with the Atlassian Bitbucket pipeline. If the plugins could be improved, I could integrate plugins in a few seconds instead of making many workarounds using API REST.

We have been using Snyk for two years in a row now. It scans all of our applications on the site. It's mandatory for all of our applications to be scanned on this tool.

I have never faced downtime for maintenance or any kind of trouble in the two years I've used the tool. I rate the stability a nine-point five out of ten because we sometimes face delays.

I rate Snyk's scalability a ten out of ten. Snyk is a huge platform. You don't have limits on the number of repositories you can import. You only have a limitation on the number of scans, but that depends on your license. We have 50 users using Snyk in my company. Snyk's usage in the bank I work for has been elastic. Last year we had 75 users, but we needed to fire a few while others left for other jobs. If we start to grow again, I will ask for a bigger license, and we can work with a huge pool. My target is to work with 100 licenses.

I contact customer support at least once a month, not because we are facing issues, but to give technical reports as a customer. When we bought the solution, we asked the sales team about the technical support provided to engineers. Snyk has a monthly feedback meeting to see if the tool works well and if you have any issues or needs. Every month I have at least one call with my account manager and the solution engineer to discuss the solution. I can speak directly to the engineer if I've found some improvement. He takes notes and then proceeds internally. If I face some bugs, I can send a mail, and they'll always respond within two days because of the time zone, and always with a link or a descriptive solution for the issue or bug I'm facing. Snyk customer support is one of the best I have contacted.

Positive

Apart from Snyk, I have used Veracode. We switched because we faced a bug on Veracode using Atlassian Jira. I tried to figure it out with the support for at least four months in a row, and they didn't find it. I did my own tests and found that Veracode doesn't support the Brazilian keyboard, and my keyboard is entirely Brazilian-encoded. We have some special characters in our vocabulary that Veracode can't read, which breaks the platform plugin. I needed to make a workaround to upload my tickets. I tried asking them to improve and apply the solution to our language, but they said they didn't have a roadmap and suggested I work in English. I didn't want to take the risk of rewriting Jira in English just because of one tool, so I looked for other solutions on the market at the time. Snyk was listed as a visionary in Gartner, so we contacted them, and they made an offer, and we were given the enterprise edition for free for three months. We decided to make a POC using the enterprise solution for three months.

In the end, Snyk brought more results and connectivity with Jira and Atlassian for a lot cheaper.

I brought Snyk into the bank I work with. I held the technical interview, made a POC, and the initial commits and imports on the tool.

The initial setup's difficulty depends on whether you use it on CI/CD, but I rate it eight out of ten. The initial setup is not very hard, especially if you use the Snyk IO on the cloud platform. It is just point-and-click. If you are using it on your customizations, on your CI/CD, the rating drops to six out of ten because you need to understand very well what you need on your CI/CD staging to apply Snyk as the correct tool for that demand.

It took at least about 30 seconds to deploy Snyk on the platform. The authorization to break the pipeline takes at least 15 seconds.

The steps taken for deploying Snyk differ for each kind of solution and application we have here, but they follow the same recipe. First, we perform a SaTScan, to look for a hardcoded password or access key, then perform a unit test to see if the solution passes and then install. We check to see, "Oh, you have these kinds of issues." We might have high, critical, lower, or information issues. After that, we deploy the solution on the deployment environment, then repeat the same steps in staging the environment. After this, we make the build for the production site or environment.

I handled Snyk's deployment by myself.

I have seen a 70% ROI from Snyk. The other 15% is my company's fault. If you don't have your development team engaged to reduce all kinds of issues to zero, you are wasting some of your money. In the past, some squads didn't use the platform at all even though they had access, which is a waste of money because we could use the free solution instead. Some other squads engaged with calls trying to bring the number of issues down to zero. They worked so hard on the platform and got so deep into the documentation that they brought huge results.

For example, some of our projects had 25 critical and 100 high-level issues. My development team brought it down to 0 criticals and reduced 75% of the high-level issues by only using the tools on Snyk without asking me any questions, only looking at the platform and reading the solution on their own to find out what could be done to fix the problem.

I saw an ROI for some of my squads. For others, I only saw 20%. Seeing an ROI depends on the scenario in your company.

For what Snyk offers, it has the best cost-benefit I have ever seen because you're buying the license per user. With most similar tools on the market, you buy the application and pay for each application, so you have a limited number of projects you can put inside it. For example, if you have ten applications in your company, you need to buy one application to get these ten projects inside this application. Your application then becomes your organization, and your applications in your organization become your project. It's different on Snyk, where you buy the application for computers.

Every three months, Snyk runs a script on your organization and checks each of your computers and providers of code. They check activity for three months for each license. In my bank, for example, I have 50 licenses. But if one person goes off or is fired, their support is freed up to be used by someone else. The permit is bought per user rather than application, and it's not limited to the number of projects you can import. For example, in the beginning, I made some mistakes, and I imported my entire Bitbucket three times, so my whole Bitbucket has at least 715 projects, but I still wasn't charged for it. I only had to remove each one manually.

You don't have a limitation on repositories to be scanned. You are limited to how much scanning you do based on the plan you're working with. With the free plan, you have 300 scans. With the business plan, you have 1,000 scans, and the enterprise plan is unlimited. You need to understand how much you will use the tool to ensure you buy the correct Snyk license. I rate Snyk's pricing eight out of ten because it is a bit high.

You can use Snyk to develop tech IT, and you can use it anywhere from small sectors and large sectors. For example, if you have IOPS, you can use this as IaC in infrastructure to read files.

Snyk is the best place to start for a SaaS solution because it's cheaper. It's a good start for small FinTech companies that don't have a large budget. It's one of the best places to start for this kind of security scanning application. After a few months, Snyk was bought by Atlassian. Atlassian creates a lot of plugins to, for example, create a pull request for Bitbucket pipelines or Bitbucket cloud to create Jira tickets integrated with Snyk IO. In the last year, they changed the way they connect. We no longer have to use an application password because it's native for the Bitbucket cloud to use a plugin in Atlassian's marketplace. They made a huge improvement in a year and a half. This year I compared Snyk to Veracode and saw that it has huge tools, but it doesn't fit my requirements right now, so I continue using Snyk IO.

The main difference between Snyk and Veracode is the UI. Snyk IO is far more user-friendly and easier to manage your issues, and the SCA solution is much better than Veracode's.

I rate Snyk an eight out of ten.

The main tool today is used to check for security issues in our products. We use it to analyze all the projects, and our security efforts are based partly on this tool.

There are major impacts related to increasing security awareness and managing risks. Snyk has been an essential tool in that aspect.

The valuable aspect is its security capabilities. The tool finds any major issue, and the code is blocked from being promoted to production until the issue is corrected.

I'm not responsible for the tool. As far as I know, there are no major concerns or features that we lack. We had some issues integrating into our pipeline, however, they were resolved.

We have used Snyk for approximately one year.

There are no complaints from the security team. There seem to be no major issues of concern.

The security team is responsible for this tool. I don't have more details, however, there are no complaints, so I believe that's okay.

I don't know about the support or customer service details. It's another team's responsibility.

Positive

I don't have experience with other products similar to Snyk.

I wouldn't be able to say what the company's ROI is.

The pricing and setup are not my responsibilities, so I don't know any details.

I have not evaluated any other solutions.

Based on our experience and what I have heard internally, I would recommend Snyk.

I'd rate the solution nine out fo ten.

We are using an enterprise version of Snyk for image scanning. We use Snyk to identify and address vulnerabilities in our open-source dependencies and to scan the Docker images.

The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities.

The solution's integration with JFrog Artifactory could be improved.

We have been using Snyk for two years.

I rate the solution an eight out of ten for stability.

We use Snyk for microservices, and more than 100 users use it in our organization twice a week.

I rate the solution a seven out of ten for scalability.

The solution’s technical support team was involved during the architecture integration. We got their support, but I think we could probably get a faster response from them.

Neutral

Snyk's initial setup is not very difficult.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a seven out of ten.

The solution's initial setup took a few weeks. The solution's deployment was done by our app system, and four people were highly engaged in this activity.

Before choosing Snyk, we were exploring different solutions like JFrog Xray and Aqua scan for image scanning. We chose Snyk because we could do both image scanning and SCA with it.

We are comparing Snyk with GitHub Advanced Security, which has a better vulnerability database. They have more vulnerabilities enlisted in their database.

The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not.

We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline.

Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance.

The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub.

Overall, I rate the solution a seven out of ten.

The major problem my company found in relation to our customers was in the area of Zip Slip security as they don't have any security tools in place. My company's customers don't have any security tools integrated into the CI/CD pipelines they use in their company. With Snyk, SCA checks code and third-party dependencies upfront.

When it comes to Snyk, it is not about its features since it is a developer-focused tool, making it possible for developers to easily integrate the tool with other solutions. The automation part and reporting feature of the solution are good. Nowadays, people opt for Cloud Native Pod system architecture, under which good tools are offered to users to use for their applications.

I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks. Snyk needs to focus on the area related to dependencies.

I have been using Snyk for ten years.

Snyk is a good and scalable tool. Some of our customers who get to use the scalability options go ahead and compare Snyk with other options like Veracode, which is a highly expensive tool that is also complex. Snyk is a simpler tool compared to Veracode.

My company deals with mostly medium-sized clients who use Snyk.

In our company, the team I deal with, the delivery team, has never raised concerns regarding the support offered by Snyk. I hope the support offered by Snyk is fine.

My company has dealt with SonarQube a lot in the past. It is not that my company switches over from one tool to another tool. The tools we use in my company depend on our customers. Some of my company's customers prefer SonarQube, while others prefer Snyk.

The product's initial setup phase was easy.

The solution's deployment model varies from customer to customer. My company deals with a mix of clients, some of whom deploy the tool on the cloud while others deploy it on an on-premises model.

Compared to Veracode, Snyk is definitely a cheaper tool. SonarQube's community version or enterprise version is mostly used, but price-wise, it is okay. The price depends on how many lines of code a customer uses in SonarQube.

The major reason why customers prefer Snyk is that, nowadays, people are moving towards cloud-native tools. People also want a tool that offers safety and security, especially during the integration process and during the coding part. Snyk offers a set of much better features when compared to other tools like SonarQube or Veracode. Smaller companies can choose the team plan or enterprise version offered by Snyk. The major reason why people prefer Snyk is because of the security it offers.

I rate the overall tool a six or seven out of ten.