Software Engineer at a computer software company with 11-50 employees
Real User
Top 10
Nov 15, 2025
I typically use Snyk for checking the security and vulnerabilities in my repositories. Recently, I have used Snyk in one of my repositories for security and vulnerability checks, providing comprehensive knowledge about the repository, including what it does and where the security vulnerabilities are located. I am using Snyk for the first time and did not use any vulnerability scanning solution before this. I was previously doing Red Hat vulnerability scanning locally for dependency checks, which was not what I wanted.
The most recent client had experience with other products that did not have some features Snyk provides, such as Fortify in the old version before OpenText acquisition. They gave feedback about the precision in discovering vulnerabilities. They found that Snyk can provide more insights about vulnerabilities than older applications in SAST and SCA. We have integration with GitHub Actions to analyze the code and we use a double check in the pipeline. Our strategy is about shift left. The developers connect with Snyk, Git, and use this with the pipeline.
I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the application. It integrates with Jenkins ( /products/jenkins-reviews ).
I lead a code security practice for our organization. We integrated Snyk into our GitHub, using CLI to automatically scan codebases and identify issues. We are a large organization with three independent entities, consolidating Snyk across all entities. We also provide access through numerous CI/CD tools. Our default implementation mechanism is CLI, but we also use the Web UI for a comprehensive view and recommendations.
The main tool today is used to check for security issues in our products. We use it to analyze all the projects, and our security efforts are based partly on this tool.
We are using an enterprise version of Snyk for image scanning. We use Snyk to identify and address vulnerabilities in our open-source dependencies and to scan the Docker images.
We use Snyk for the generation of SBOM for Docker. We use it to check the standards of the CSI benchmark that we have implemented in the containers and the applications by Java Spring Boot.
Security Engineer-DevSecOps at a computer software company with 51-200 employees
Real User
Jan 5, 2024
We use the product mainly for software composition analysis. It is used to identify vulnerabilities in the application plug-ins. If we use Python 3.8, it’ll tell us that the version is outdated and that it has several vulnerabilities. It also helps in threat identification. It also provides infrastructure as code.
Devops & Cloud Architect at Hexaware Technologies Limited
Reseller
Nov 14, 2023
The major problem my company found in relation to our customers was in the area of Zip Slip security as they don't have any security tools in place. My company's customers don't have any security tools integrated into the CI/CD pipelines they use in their company. With Snyk, SCA checks code and third-party dependencies upfront.
We use some legacy and some new languages as we are aiming for serverless solutions. We're using serverless as is and with Python. We import it to Snyk to do SAST scanning for every one of our repositories on the Bitbucket pipeline. At least 350 repositories, including libraries and some automation such as robots or scripts. We have a huge background in using this tool.
At a high level, Fugue extends and augments compliant reporting capabilities provided by major cloud suppliers. It enhances the visibility, again, from a compliance standpoint, into cloud-based or multi-cloud-based environments.
We use Fugue to gain better visibility. It enhances the ability of Kubernetes operational management within the Azure platform. We use it to extend, monitor, and operationally manage the capabilities of Kubernetes' workloads.
Snyk excels in integrating security within the development lifecycle, providing teams with an AI Trust Platform that combines speed with security efficiency, ensuring robust AI application development.Snyk empowers developers with AI-ready engines offering broad coverage, accuracy, and speed essential for modern development. With AI-powered visibility and security, Snyk allows proactive threat prevention and swift threat remediation. The platform supports shifts toward LLM engineering and AI...
I typically use Snyk for checking the security and vulnerabilities in my repositories. Recently, I have used Snyk in one of my repositories for security and vulnerability checks, providing comprehensive knowledge about the repository, including what it does and where the security vulnerabilities are located. I am using Snyk for the first time and did not use any vulnerability scanning solution before this. I was previously doing Red Hat vulnerability scanning locally for dependency checks, which was not what I wanted.
The most recent client had experience with other products that did not have some features Snyk provides, such as Fortify in the old version before OpenText acquisition. They gave feedback about the precision in discovering vulnerabilities. They found that Snyk can provide more insights about vulnerabilities than older applications in SAST and SCA. We have integration with GitHub Actions to analyze the code and we use a double check in the pipeline. Our strategy is about shift left. The developers connect with Snyk, Git, and use this with the pipeline.
I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the application. It integrates with Jenkins ( /products/jenkins-reviews ).
I lead a code security practice for our organization. We integrated Snyk into our GitHub, using CLI to automatically scan codebases and identify issues. We are a large organization with three independent entities, consolidating Snyk across all entities. We also provide access through numerous CI/CD tools. Our default implementation mechanism is CLI, but we also use the Web UI for a comprehensive view and recommendations.
The main tool today is used to check for security issues in our products. We use it to analyze all the projects, and our security efforts are based partly on this tool.
Snyk protects vulnerabilities in the code as usual, detects abnormal data flow inside the field, and similar tasks.
I use the tool in my company to scan open-source projects.
We are using an enterprise version of Snyk for image scanning. We use Snyk to identify and address vulnerabilities in our open-source dependencies and to scan the Docker images.
We use Snyk for the generation of SBOM for Docker. We use it to check the standards of the CSI benchmark that we have implemented in the containers and the applications by Java Spring Boot.
We use the product mainly for software composition analysis. It is used to identify vulnerabilities in the application plug-ins. If we use Python 3.8, it’ll tell us that the version is outdated and that it has several vulnerabilities. It also helps in threat identification. It also provides infrastructure as code.
We use Snyk to check vulnerabilities and rectify potential leaks in GitHub.
The major problem my company found in relation to our customers was in the area of Zip Slip security as they don't have any security tools in place. My company's customers don't have any security tools integrated into the CI/CD pipelines they use in their company. With Snyk, SCA checks code and third-party dependencies upfront.
In my company, Snyk is useful because it provides container security and DAST.
We use some legacy and some new languages as we are aiming for serverless solutions. We're using serverless as is and with Python. We import it to Snyk to do SAST scanning for every one of our repositories on the Bitbucket pipeline. At least 350 repositories, including libraries and some automation such as robots or scripts. We have a huge background in using this tool.
At a high level, Fugue extends and augments compliant reporting capabilities provided by major cloud suppliers. It enhances the visibility, again, from a compliance standpoint, into cloud-based or multi-cloud-based environments.
We use Fugue to gain better visibility. It enhances the ability of Kubernetes operational management within the Azure platform. We use it to extend, monitor, and operationally manage the capabilities of Kubernetes' workloads.