Try our new research platform with insights from 80,000+ expert users

Legit Security vs Snyk comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Legit Security
Average Rating
10.0
Reviews Sentiment
7.8
Number of Reviews
4
Ranking in other categories
Software Supply Chain Security (9th), Application Security Posture Management (ASPM) (5th)
Snyk
Average Rating
8.0
Reviews Sentiment
7.4
Number of Reviews
45
Ranking in other categories
Application Security Tools (4th), Container Security (5th), Software Composition Analysis (SCA) (3rd), Software Development Analytics (2nd), DevSecOps (1st)
 

Mindshare comparison

While both are Application Lifecycle Management solutions, they serve different purposes. Legit Security is designed for Software Supply Chain Security and holds a mindshare of 3.4%, up 2.8% compared to last year.
Snyk, on the other hand, focuses on Application Security Tools, holds 8.0% mindshare, up 8.1% since last year.
Software Supply Chain Security
Application Security Tools
 

Featured Reviews

Tim Crothers - PeerSpot reviewer
Provides strong visibility, straightforward integration, and reduces the risk of attacks
Legit Security is a product that hyper-focuses on the various aspects of the software development pipeline. For example, if an engineer spins off a new project and stands up a new Git project, Legit automatically detects it, connects Snyk and other tools, and ensures the engineering team doesn't have to think about it. This way, we stay on top of security from the beginning. On the other hand, Legit provides a clear view of the controls around repositories. We have standards requiring code reviews and similar practices, and Legit shows us whether these are being followed. Additionally, Legit helps us identify unmaintained repositories, which often arise when engineering teams try something and leave it behind. This knowledge allows us to determine the appropriate action for these neglected projects. One area where Legit falls short is secret detection. While it functions well overall, the feature has a 10-20 percent false positive rate, requiring some manual intervention. Almost everything else works flawlessly. The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates. Unlike traditional programs that require security reviews at specific stages, hindering development flow, we strive to partner with the product engineering team to ship secure code seamlessly within their existing workflows. Legit plays a crucial role in this by automatically notifying us of new projects, eliminating the need for manual communication. This partnership approach, enabled by Legit, allows us to work much closer with our engineering teams than ever before.
meetharoon - PeerSpot reviewer
Affordable tool boosts code scanning efficiency but faces integration hurdles
The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Check Point. It is easy to consolidate Snyk across multiple entities within a large organization. Additionally, our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We implemented Legit Security to gain visibility into all development teams and ensure that consistent controls are in place and accounted for on every route."
"Legit has had a positive effect on our overall security posture."
"Legit has increased my security posture to a level I couldn't achieve before. I don't need to worry as much about what's happening within my developer environments. I can rest assured that my vulnerabilities are being detected."
"The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."
"The product's most valuable features are an open-source platform, remote functionality, and good pricing."
"It is easy for developers to use. The documentation is clear as well as the APIs are good and easily readable. It's a good solution overall."
 

Cons

"I would like them to have their own static code scanner, and I'd like them to have their own open-source software scanners."
"The one we're working on right now is the ability to dynamically rerun development teams and groups."
"One issue is that engineering teams don't always embed secrets in the same way, making it difficult for the tool to consistently identify them."
"Legit Security could do a little better with detecting publicly exposed keys. It's not bad. The detections that they are running get to everything eventually, but it would be great if they could increase some of that awareness."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"Compatibility with other products would be great."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR."
"Snyk's API and UI features could work better in terms of speed."
 

Pricing and Cost Advice

"The pricing is reasonable."
"Despite Snyk's coverage, scalability, reliability, and stability, it is available at a very competitive price."
"The product has good pricing."
"The pricing is reasonable."
"Compared to Veracode, Snyk is definitely a cheaper tool."
"The solution is less expensive than Black Duck."
"Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."
"I didn't think the price was that great, but it wasn't that bad, either. I'd rate their pricing as average in the market."
"You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it."
report
Use our free recommendation engine to learn which Software Supply Chain Security solutions are best for your needs.
842,672 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
21%
Financial Services Firm
14%
University
13%
Pharma/Biotech Company
8%
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
10%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Legit Security?
The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates.
What needs improvement with Legit Security?
Legit Security's secret detection works. However, there are some limitations to its effectiveness. One issue is that engineering teams don't always embed secrets in the same way, making it difficul...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.
What needs improvement with Snyk?
Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR. It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for...
 

Comparisons

 

Overview

 

Sample Customers

Google, NYSE, Kraft-Hienz, Takeda Pharmaceuticals, and many other large enterprise and Fortune 500 customers. Learn more by going to: https://www.legitsecurity.com/...
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about Palo Alto Networks, Aqua Security, JFrog and others in Software Supply Chain Security. Updated: March 2025.
842,672 professionals have used our research since 2012.