Try our new research platform with insights from 80,000+ expert users

ShiftLeft vs Snyk comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

ShiftLeft
Ranking in Application Security Tools
24th
Ranking in Software Composition Analysis (SCA)
11th
Average Rating
10.0
Number of Reviews
1
Ranking in other categories
Static Application Security Testing (SAST) (18th)
Snyk
Ranking in Application Security Tools
4th
Ranking in Software Composition Analysis (SCA)
3rd
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
43
Ranking in other categories
Container Security (7th), Software Development Analytics (2nd), DevSecOps (1st)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of ShiftLeft is 0.1%, down from 0.2% compared to the previous year. The mindshare of Snyk is 7.6%, down from 8.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

SS
Jun 27, 2023
Effectively in identify and fix bugs early in the development lifecycle
When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness. Previously, security professionals had to spend a lot of time and effort running around, asking people to fix issues in their products, architectures, code, and even networks. With ShiftLeft, everything becomes robust and secure from within. Instead of relying on external measures like Web Application Firewalls (WAF) that are applied from the outside in, ShiftLeft takes a proactive approach. It helps prevent issues from arising in the first place, making it much easier for both security teams and developers. It's also cost-effective because you don't have to constantly go back, make changes to the code, and then push it again. Writing secure code from the start ensures that there are no vulnerabilities when it goes live. So, I would say the main features of ShiftLeft are its cost-effectiveness and ease of adaptability or use.
Jayashree Acharyya - PeerSpot reviewer
Mar 4, 2024
Used for image scanning and identifying vulnerabilities, but its integration with other services could be improved
The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not. We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline. Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance. The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub. Overall, I rate the solution a seven out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"The solution has great features and is quite stable."
 

Cons

"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"Generating reports and visibility through reports are definitely things they can do better."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
"Basically the licensing costs are a little bit expensive."
"The solution's reporting and storage could be improved."
"A feature we would like to see is the ability to archive and store historical data, without actually deleting it. It's a problem because it throws my numbers off. When I'm looking at the dashboard's current vulnerabilities, it's not accurate."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
 

Pricing and Cost Advice

Information not available
"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."
"Cost-wise, it's similar to Veracode, but I don't know the exact cost."
"For what Snyk offers, it has the best cost-benefit I have ever seen because you're buying the license per user."
"The product has good pricing."
"The solution is less expensive than Black Duck."
"The price of the solution is expensive compared to other solutions."
"Their licensing model is fairly robust and scalable for our needs. I believe we have reached a reasonable agreement on the licensing to enable hundreds of developers to participate in this product offering. The solution is very tailored towards developers and its licensing model works well for us."
"Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,763 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Retailer
13%
Computer Software Company
12%
Recreational Facilities/Services Company
12%
Legal Firm
8%
Financial Services Firm
15%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about ShiftLeft?
When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness.
What needs improvement with ShiftLeft?
When it comes to areas of improvement for ShiftLeft, I believe it could benefit from greater support from senior management. It's important to have their involvement when it comes to architectural ...
What advice do you have for others considering ShiftLeft?
I would highly recommend ShiftLeft. It greatly simplifies the job for both security professionals and developers. By identifying and fixing bugs earlier in the development lifecycle, it significant...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.
What needs improvement with Snyk?
I'm not responsible for the tool. As far as I know, there are no major concerns or features that we lack. We had some issues integrating into our pipeline, however, they were resolved.
 

Comparisons

 

Learn More

 

Overview

 

Sample Customers

Information Not Available
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: October 2024.
814,763 professionals have used our research since 2012.