Snyk Reviews

Name: Snyk
Brand: Snyk
Rating: 4.1 (44 reviews)

Vendor: Snyk

4.1 out of 5

44 reviews
100% willing to recommend

481 followers

Post review

What is Snyk?

Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.

Get the Snyk Buyer's Guide and find out what your peers are saying about Snyk, SonarQube Server (formerly SonarQube), Veracode and more!

Snyk is the #1 ranked solution in top DevSecOps solutions, #2 ranked solution in top Software Development Analytics solutions, #3 ranked solution in top Software Composition Analysis (SCA) solutions, #4 ranked solution in application security solutions, and #7 ranked solution in Container Security Solutions. PeerSpot users give Snyk an average rating of 8.2 out of 10. Based on the analysis of the 44 most recent Snyk reviews, the overall sentiment is positive, with a sentiment score of 7.3. Snyk is most commonly compared to SonarQube Server (formerly SonarQube): Snyk vs SonarQube Server (formerly SonarQube). Snyk is popular among the large enterprise segment, accounting for 65% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Helped 823,795 peers since 2012

Featured reviews

Jayashree Acharyya

Director at PepsiCo

The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not. We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline. Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance. The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub. Overall, I rate the solution a seven out of ten.

Read full review

VinothKumar5

Senior Consultant at Hexaware Technologies Limited

Snyk can be improved on the reporting aspect regarding the traceability of SCA. It also doesn't have storage. For instance, if you are scanning version 'X' and then you're scanning on another version 'X+1', it doesn't store your information. It doesn't compare particular vulnerabilities between 'X' and 'X+1'. Snyk is helpful and quite handy for people on the development team. The solution's reporting and storage could be improved. The next release of Snyk should have more training features for developers. The tool offers software composition analysis, and though it says what needs to be fixed, it's in a reactive space. Since DevSecOps has become a culture nowadays, and the industry is going more towards proactive measures, the developers need to be trained.

Read full review

Eryk Lawyd

Tech Lead DevSecOps at Letsbank

We have seen an improvement this month. My security team told me, "We need to break your pipeline if the tools present critical and high-end security issues on the code, so this code cannot go to a staging or homologation environment." I then made improvements to the tools, which were not cheap. But it's a standard feature and a customer need, so I do this, then we apply. Using Snyk, we get the results and the reports and deploy the applications with high-end critical issues of security such as DoS or Cross-Site scripting, any kind of present, on the Snyk IO solution.

Read full review

Snyk mindshare

Product category:

As of December 2024, the mindshare of Snyk in the Application Security Tools category stands at 7.6%, down from 8.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

PeerAnalyst reports

Type	Title	Date
Category	Application Security Tools	Dec 17, 2024	Download
Product	Reviews, tips, and advice from real users	Dec 17, 2024	Download
Comparison	Snyk vs SonarQube Server (formerly SonarQube)	Dec 17, 2024	Download
Comparison	Snyk vs Veracode	Dec 17, 2024	Download
Comparison	Snyk vs Checkmarx One	Dec 17, 2024	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	26.7%	81%	113 interviews Add to research
Veracode	4.1	10.4%	90%	196 interviews Add to research

Valuable Features

Snyk offers ease of use, seamless integration, and a comprehensive vulnerability database. It excels in self-service, with integrations in IDEs, CI/CD pipelines, and tools like Slack and JIRA. Its container security feature empowers developers, while its automation and detailed reporting streamline issue management and prioritization. Users appreciate its Docker partnership, accurate dependency checks, and actionable advice. Snyk’s affordability and modular API further enhance its appeal.

"Snyk allows for scaling across large organizations, accommodating tens of thousands of applications and over 60,000 repositories, making it suitable for wide-scale deployment."
"The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Check Point."
"The valuable aspect is its security capabilities."

Room for Improvement

Snyk needs improvement in several areas, including support for more languages and better integration with various tools and IDEs. Users experience difficulties with the UI's speed and reporting features. They also indicate a need for enhanced static and dynamic analysis capabilities. Notifications require customization options to avoid irrelevance due to high volumes. API functionality is limited in some tiers, and documentation sometimes lacks clarity. Real-time feedback and automatic fixing features could enhance its utility for developers.

"Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR."
"Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR."
"We had some issues integrating into our pipeline, however, they were resolved."

ROI

Snyk users experience a notable reduction in time spent identifying and fixing problems, enhancing developer productivity significantly. They discover previously unnoticed vulnerabilities and benefit from the tool's explanatory resources. Immediate value is often seen; however, quantifying financial savings is complex. Snyk acts as a preventive measure similar to insurance, essential for avoiding compliance issues. It helps in early bug detection, facilitating reduced costs during development stages, leading to high ROI potential for engaged teams.

Pricing

Enterprise users find Snyk's pricing to be reasonable and competitive compared to other solutions, though some consider it expensive for startups. The licensing model is straightforward, based on the number of committers, which may cause confusion with non-developers. Snyk offers value with its comprehensive coverage. Additional costs may arise for features like single sign-on. Despite varied perceptions, Snyk is considered a good value, offering flexibility and scalability without hidden costs. Pricing rates around $39 to $74 per user.

"I would rate the pricing of Snyk at two.I'm currently using the free version, which the company offers before buying the full version. So, the price is affordable, especially for an enterprise."
"The product's price is okay."
"Snyk is an expensive solution."

Popular Use Cases

Organizations utilize Snyk for vulnerability scanning of code dependencies and open-source libraries, ensuring security compliance and efficient management of licensing issues. They integrate Snyk into CI/CD pipelines for continuous monitoring, leveraging its capabilities for Docker image scanning, Kubernetes deployments, and infrastructure assessments. Snyk's integration with platforms like GitHub allows teams to promptly address vulnerabilities, enhancing overall security posture and enabling safe code development practices across diverse environments.

Service and Support

Snyk's customer service receives positive remarks. Users highlight quick, reliable, and responsive technical support. Communication channels like Slack and Zoom offer prompt assistance, often rating highly. Personalized support through customer success managers and direct communication with engineers boosts satisfaction. Though some mention room for improvements in response speed, particularly for urgent issues, overall feedback indicates strong customer relationship management, active engagement, and valuable resources aiding in resolving issues efficiently. Companies appreciate transparency and proactive outreach.

Deployment

Snyk's initial setup is often described as straightforward and easy to integrate with various systems, such as cloud platforms and code repositories. Many organizations experience quick and efficient deployment, typically taking hours to days, with robust documentation assisting the process. Some companies report minor challenges, particularly when customizing for specific environments. Developer adoption varies, often reliant on organization mandates. Generally, users appreciate the flexibility and simplicity of setup, helping early vulnerability detection in development cycles.

Scalability

Snyk efficiently scales for numerous users and applications, offering a fast scan process. Customers appreciate its ease of integration and widespread deployment. However, some note occasional slowness with extensive vulnerability requests. Minor user interface improvements could enhance scalability further. Many organizations successfully expand its use without issues, although certain users report a lag in adopting its full capabilities. Its SaaS platform supports enterprise-level scalability, making it versatile for both developers and security teams.

Stability

Snyk is largely considered stable, with most users reporting minimal instability. Occasional issues include insufficient documentation and minor version upgrade challenges. Bugs and reporting lags are rare, and customer support is responsive. The platform's flexibility in deployment and maintenance suits various teams, though a few users mention memory issues with large projects. Rated around 8-9 out of 10, it meets expectations in terms of reliability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Snyk Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

15%

Manufacturing Company

Insurance Company

Retailer

Government

Healthcare Company

University

Energy/Utilities Company

Comms Service Provider

Media Company

Real Estate/Law Firm

Educational Organization

Construction Company

Non Profit

Wholesaler/Distributor

Recreational Facilities/Services Company

Logistics Company

Hospitality Company

Pharma/Biotech Company

Outsourcing Company

Legal Firm

Transportation Company

Performing Arts

Consumer Goods Company

Marketing Services Firm

Aerospace/Defense Firm

Leisure / Travel Company

Compare Snyk with alternative products

Learn more about Snyk

Benefits of Snyk

Some of the benefits of using Snyk include:

Conserves resources: Snyk easily integrates with other security solutions and uses their security features to ensure that the work that users are doing is completely secure. These integrations allow them to protect themselves without pulling resources from their continued integration or continued delivery workflows. Resources can be conserved for areas of the greatest need.

Highly flexible: Snyk enables users to customize the system’s security automation features to meet their needs. Users can guarantee that the automation performs the functions that are most essential for their current project. Additionally, users are able to maintain platform governance consistency across their system.

Keeps users ahead of emerging threats. Snyk employs a database of threats that help it detect and keep track of potential issues. This database is constantly being updated to reflect the changes that take place in the realm of cybersecurity. It also uses machine learning. Users are prepared to deal with new issues as they arise.

Automatically scans projects for threats. Snyk’s command-line interface enables users to schedule the solution to run automatic scans of their projects. Time and manpower can be conserved for the areas of greatest need without sacrificing security.

Reviews from Real Users

Snyk is a security platform for developers that stands out among its competitors for a number of reasons. Two major ones are its ability to integrate with other security solutions and important insights that it can enable users to discover. Snyk enables users to combine its already existing security features with those of other solutions to create far more robust and flexible layers of security than what it can supply on its own. It gives users the ability to dig into the security issues that they may experience. Users are given a clear view of the root causes of these problems. This equips them to address the problem and prevent similar issues in the future.

Cameron G., a security software engineer at a tech company, writes, “The most valuable features are their GitLab and JIRA integrations.The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using. Snyk is something of a bridge that we use; we get our projects into it and then get the information out of it. Those two integrations are crucial for us to be able to do that pretty simply.”

Sean M., the chief information security officer of a technology vendor, writes, "From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."