We performed a comparison between GitHub and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product has a very user-friendly interface and user-friendly security."
"This product allows us to easily collaborate on development tasks with our subcontractors, and control the workflow as the project progresses."
"The code versioning is excellent, and having a detailed log, including every change made to the code by every developer, is invaluable. It makes it so that if there is a bug or problem in the product channel, we can find exactly where it happened and how to fix it."
"I like the CI/CD features."
"The most valuable features are GitHub are the standard features, they are very useful."
"Our code is secure."
"The ease of use is valuable."
"I use this solution to store my code in a repository so we can manage version control which is useful."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"The solution has great features and is quite stable."
"The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities."
"What is valuable about Snyk is its simplicity."
"I am impressed with the product's security vulnerability detection. My peers in security are praising the tool for its accuracy to detect security vulnerabilities. The product is very easy to onboard. It doesn't require a lot of preparation or prerequisites. It's a bit of a plug-and-play as long as you're using a package manager or for example, you are using a GitHub repository. And that is an advantage for this tool because developers don't want to add more tools to what they're currently using."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"The solution's vulnerability database, in terms of comprehensiveness and accuracy, is very high-level. As far as I know, it's the best among their competitors."
"It's very easy for developers to use. Onboarding was an easy process for all of the developers within the company. After a quick, half-an-hour to an hour session, they were fully using it on their own. It's very straightforward. Usability is definitely a 10 out of 10."
"Could be more user friendly."
"There can be conflict issues when two developers work on the same file or line of code, and it would be great to see that improved, possibly with an AI solution."
"GitHub could improve by being more user-friendly."
"Scalability is an area with a shortcoming, because of which it has room for improvement."
"The storage for this solution could be improved."
"They're improving the work items to track the progress of the team, but in my experience, Azure DevOps is better in this functionality. GitHub needs to improve the form to track the progress of the work done by a team."
"We are not able to access GitHub from our VPN."
"The development team pushes the code into a repository, and the CI/CD pipeline will perform the build. We need open-source libraries to perform the builds. It would be helpful to have the ability to link to open-source libraries like npm libraries. I don't know if GitHub Actions provides this. I would like to see that in GitHub Actions if they don't."
"One area where Snyk could improve is in providing developers with the line where the error occurs."
"The solution's integration with JFrog Artifactory could be improved."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."
"The tool's initial use is complex."
"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
GitHub is ranked 12th in Application Security Tools with 69 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. GitHub is rated 8.6, while Snyk is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". GitHub is most compared with AWS CodeCommit, Bitbucket, Fortify on Demand, Atlassian SourceTree and Checkmarx One, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Mend.io. See our GitHub vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.