We performed a comparison between GitLab and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is very flexible and easy because you can store data on cloud."
"The initial setup of GitLab is pretty simple, with no complications."
"It is very useful for reviews. We are using branch merging operations and full reset operations. It is also very useful for merging our code and tracking another branch. The graph diagrams of Git are very useful. Its interface is straightforward and not too complex for us."
"Key features allow creation of well-presented Wiki that includes ideas, development, and domains."
"The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI."
"It's a great toolbox where the CI/CD pipeline is the fundamental component, but there are so many other features that you can pull from, which makes it a very powerful tool. My current client is using AWS, and they can, of course, use AWS CodePipeline, but GitLab is much more mature than that, and it also gives you the freedom to decide to go to another platform or have a multi-cloud strategy and things like that. That freedom for me is also very valuable."
"We have seen a couple of merge requests or pull requests raised in GitLab. I see the interface, the way it shows the difference between the two source codes, that it is easy for anyone to do the review and then accept the request; the pull request is the valuable feature."
"The most valuable features of GitLab are the CI/CD pipeline and code management."
"Snyk is a good and scalable tool."
"We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful."
"Snyk has given us really good results because it is fully automated. We don't have to scan projects every time to find vulnerabilities, as it already stores the dependencies that we are using. It monitors 24/7 to find out if there are any issues that have been reported out on the Internet."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"GitLab's UI could be improved."
"Perhaps the integration could be better."
"For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better."
"Atlassian offers more products than GitLab. GitLab offers source control management, version control and collaboration between developers. Atlassian offers features on top of this as well as more integration points for developers."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"I would like configuration of a YML file to be done via UI rather than a code file."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"The product is very expensive."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."
"A feature we would like to see is the ability to archive and store historical data, without actually deleting it. It's a problem because it throws my numbers off. When I'm looking at the dashboard's current vulnerabilities, it's not accurate."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
GitLab is ranked 7th in Application Security Tools with 70 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. GitLab is rated 8.6, while Snyk is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Black Duck, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Fortify on Demand. See our GitLab vs. Snyk report.
See our list of best Application Security Tools vendors, best Software Composition Analysis (SCA) vendors, and best DevSecOps vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.