Try our new research platform with insights from 80,000+ expert users

GitHub vs Snyk comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

GitHub
Ranking in Application Security Tools
7th
Average Rating
8.8
Reviews Sentiment
7.5
Number of Reviews
93
Ranking in other categories
Version Control (3rd)
Snyk
Ranking in Application Security Tools
4th
Average Rating
8.0
Reviews Sentiment
7.4
Number of Reviews
45
Ranking in other categories
Container Security (5th), Software Composition Analysis (SCA) (3rd), Software Development Analytics (2nd), DevSecOps (1st)
 

Mindshare comparison

As of March 2025, in the Application Security Tools category, the mindshare of GitHub is 0.8%, down from 1.1% compared to the previous year. The mindshare of Snyk is 8.0%, up from 8.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Pervez Roy - PeerSpot reviewer
Very good for collaboration on software projects
We use GitHub for code repository alongside Bitbucket GitHub is very good for collaboration on software projects. We prefer Bitbucket for commercial use, while GitHub is used for open source. You can get the differences, history of changes, and version control for various pull requests. You can…
meetharoon - PeerSpot reviewer
Affordable tool boosts code scanning efficiency but faces integration hurdles
The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Check Point. It is easy to consolidate Snyk across multiple entities within a large organization. Additionally, our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The code sharing and updated history are valuable features."
"The most valuable features are GitHub Actions for triggering workflows, GitHub Secrets for saving credentials without needing a third-party service, and the UI for identifying errors in the code when we commit."
"Complication free with good ability for third-party integrations."
"GitHub is convenient and easy to use."
"The support team is good."
"There are no issues. It's simple, easy, and fully compatible from my perspective with Git."
"The solution is scalable."
"It's beneficial for managing multiple tasks and controlling versions of your product."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Check Point."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact."
"I am impressed with the product's security vulnerability detection. My peers in security are praising the tool for its accuracy to detect security vulnerabilities. The product is very easy to onboard. It doesn't require a lot of preparation or prerequisites. It's a bit of a plug-and-play as long as you're using a package manager or for example, you are using a GitHub repository. And that is an advantage for this tool because developers don't want to add more tools to what they're currently using."
"Static code analysis is one of the best features of the solution."
 

Cons

"The documentation needs to be more concise and easier for developers to understand."
"The UI is a little outdated, so that could be improved."
"One thing GitHub could do is probably the same thing as what Sourcetree does. When solving merge conflicts, it would be helpful to have tooltips within the actions to know what changes could happen next when resolving a conflict."
"The stability can be improved."
"I think it would be valuable to have more security. Some of the data is very open to everyone."
"The solution should have less integration with the AI part, but it needs to add features with other automation tools so that it can be easily integrated."
"I would want to see some form of code security scanning implemented."
"As of now, if I would like to learn about GitHub or its features, I would have to look on YouTube. It would be nice if they were able to send out a newsletter with explanations of new features that they are offering and what features are available."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"For the areas that they're new in, it's very early stages for them. For example, their expertise is in looking at third-party components and packages, which is their bread-and-butter and what they've been doing for ages, but for newer features such as static analysis I don't think they've got compatibility for all the languages and frameworks yet."
"I use Snyk alongside Sonar, and Snyk tends to generate a lot of false positives. Improving the overall report quality and reducing false positives would be beneficial. I don't need additional features; just improving the existing ones would be enough."
"It would be great if they can include dynamic, interactive, and run-time scanning features. Checkmarx and Veracode provide dynamic, interactive, and run-time scanning, but Snyk doesn't do that. That's the reason there is more inclination towards Veracode, Checkmarx, or AppScan. These are a few tools available in the market that do all four types of scanning: static, dynamic, interactive, and run-time."
"Snyk's API and UI features could work better in terms of speed."
 

Pricing and Cost Advice

"If there are only 10 people using a particular repository, then GitHub is free. But if we increase the number of users, we need to pay the normal charge for GitHub."
"The product is reasonably priced."
"GitHub is an open-source application. It's free to use."
"The tool offers a free program. As you go, you can upgrade from the community version to the professional one. I believe it costs about ten dollars per person, per month."
"We pay a subscription-based yearly licensing fee for the solution."
"You don't have to pay for a license if you are using the free version."
"The licensing model for GitHub is user-based. Whenever the new developer joins we have to get a new license and register their ID. The overall price of the solution is reasonable."
"I haven't had to pay anything for GitHub, I use the free version."
"Their licensing model is fairly robust and scalable for our needs. I believe we have reached a reasonable agreement on the licensing to enable hundreds of developers to participate in this product offering. The solution is very tailored towards developers and its licensing model works well for us."
"Snyk is an expensive solution."
"I would rate the pricing of Snyk at two. I'm currently using the free version, which the company offers before buying the full version. So, the price is affordable, especially for an enterprise."
"I didn't think the price was that great, but it wasn't that bad, either. I'd rate their pricing as average in the market."
"For what Snyk offers, it has the best cost-benefit I have ever seen because you're buying the license per user."
"Cost-wise, it's similar to Veracode, but I don't know the exact cost."
"With Snyk, you get what you pay for. It is not a cheap solution, but you get a comprehensiveness and level of coverage that is very good. The dollars in the security budget only go so far. If I can maximize my value and be able to have some funds left over for other initiatives, I want to do that. That is what drives me to continue to say, "What's out there in the market? Snyk's expensive, but it's good. Is there something as good, but more affordable?" Ultimately, I find we could go cheaper, but we would lose the completeness of vision or scope. I am not willing to do that because Snyk does provide a pretty important benefit for us."
"You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
842,388 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Manufacturing Company
12%
Computer Software Company
11%
University
6%
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
10%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about GitHub?
The control is the most valuable feature as developers can work on a single code.
What is your experience regarding pricing and costs for GitHub?
The pricing of GitHub depends on the choice of solutions, such as building one's own GitHub Runners to save money or using GitHub's Runners with extra costs. The pricing is considered reasonable an...
What needs improvement with GitHub?
There are still areas for improvement with GitHub Actions and their deployment workflows, as they have made significant progress but are not yet polished. Occasionally, stability can be an issue, t...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.
What needs improvement with Snyk?
Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR. It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for...
 

Comparisons

 

Overview

 

Sample Customers

Dominion Enterprises, NASA, Braintree, SAP, CyberAgent
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about GitHub vs. Snyk and other solutions. Updated: March 2025.
842,388 professionals have used our research since 2012.