Try our new research platform with insights from 80,000+ expert users
Snyk Logo

Snyk pros and cons

Vendor: Snyk
4.1 out of 5
Badge Ranked 1
477 followers
Post review

Pros & Cons summary

Snyk provides automated vulnerability scanning and integrates with tools like GitLab and JIRA for seamless workflow incorporation. Supporting multiple programming languages and offering AI-powered scanning, it enhances vulnerability management with detailed insights. Its CLI feature allows for customized commands, but scalability issues can result in slow performance. Excessive alerts in the notification system and challenging IDE plugin integration can hinder efficiency. Documentation is often lacking and newer features may not be fully compatible.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Snyk simplifies vulnerability management through automation, monitoring dependencies continuously to detect issues without manual scans.
It enhances security by significantly reducing vulnerabilities and providing detailed, actionable information on vulnerabilities, improving overall company security metrics.
The CLI feature offers flexibility, enabling users to customize commands and utilize outputs effectively within their development pipelines.
Integrations with tools like GitLab and JIRA streamline workflows, making it easy for teams to adopt and integrate Snyk into existing processes.
It offers comprehensive software composition analysis, enabling deep visibility into the vulnerability layers even in complex dependencies.

CONS

Documentation issues hinder integration and troubleshooting, creating delays and confusion.
Inadequate filtering in notifications results in an overwhelming amount of irrelevant alerts, reducing their effectiveness.
Lacks dynamic, interactive, and run-time scanning features, making it less competitive compared to tools like Checkmarx and Veracode.
Reporting and visibility through reports need significant improvement to be more useful and comprehensive.
Integration challenges in software development environments have made implementation difficult and less efficient for development teams.
 

Snyk Pros review quotes

NS
Jul 8, 2020
The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there.
Read full review
CG
Aug 30, 2020
The most valuable features are their GitLab and JIRA integrations. The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using.
Read full review
reviewer1417671 - PeerSpot reviewer
Sep 9, 2020
We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful.
Read full review
Buyer's Guide
Snyk
October 2024
Free Report: Snyk Reviews and More
Learn what your peers think about Snyk. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.
SM
Oct 21, 2020
From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that.
Read full review
Eryk Lawyd - PeerSpot reviewer
Jul 5, 2023
I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario.
Read full review
SK
May 21, 2020
The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree.
Read full review
reviewer1412625 - PeerSpot reviewer
Aug 31, 2020
The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact.
Read full review
reviewer1354503 - PeerSpot reviewer
May 21, 2020
Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there.
Read full review
reviewer1367229 - PeerSpot reviewer
Jun 10, 2020
The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI.
Read full review
RZ
Sep 1, 2020
It has an accurate database of vulnerabilities with a low amount of false positives.
Read full review
Show 10 more reviews (out of 43)
 

Snyk Cons review quotes

NS
Jul 8, 2020
Generating reports and visibility through reports are definitely things they can do better.
Read full review
CG
Aug 30, 2020
Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help.
Read full review
reviewer1417671 - PeerSpot reviewer
Sep 9, 2020
There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved.
Read full review
Buyer's Guide
Snyk
October 2024
Free Report: Snyk Reviews and More
Learn what your peers think about Snyk. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.
SM
Oct 21, 2020
It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security.
Read full review
Eryk Lawyd - PeerSpot reviewer
Jul 5, 2023
They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features.
Read full review
SK
May 21, 2020
We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity.
Read full review
reviewer1412625 - PeerSpot reviewer
Aug 31, 2020
We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have...
Read full review
reviewer1354503 - PeerSpot reviewer
May 21, 2020
Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this.
Read full review
reviewer1367229 - PeerSpot reviewer
Jun 10, 2020
The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise.
Read full review
RZ
Sep 1, 2020
The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings.
Read full review
Show 10 more reviews (out of 43)

Product Categories

Product Categories
Application Security Tools
Container Security
Software Composition Analysis (SCA)
Software Development Analytics
DevSecOps

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Snyk Logo
SonarQube Server (formerly SonarQube) vs Snyk
Veracode vs Snyk Logo
Veracode vs Snyk
GitLab vs Snyk Logo
GitLab vs Snyk
Checkmarx One vs Snyk Logo
Checkmarx One vs Snyk
Mend.io vs Snyk Logo
Mend.io vs Snyk
Fortify on Demand vs Snyk Logo
Fortify on Demand vs Snyk
Sonatype Lifecycle vs Snyk Logo
Sonatype Lifecycle vs Snyk
Acunetix vs Snyk Logo
Acunetix vs Snyk
CrowdStrike Falcon Cloud Security vs Snyk Logo
CrowdStrike Falcon Cloud Security vs Snyk
PortSwigger Burp Suite Professional vs Snyk Logo
PortSwigger Burp Suite Professional vs Snyk
HCL AppScan vs Snyk Logo
HCL AppScan vs Snyk
GitHub Advanced Security vs Snyk Logo
GitHub Advanced Security vs Snyk
Qualys Web Application Scanning vs Snyk Logo
Qualys Web Application Scanning vs Snyk
GitHub vs Snyk Logo
GitHub vs Snyk
Klocwork vs Snyk Logo
Klocwork vs Snyk
See all alternatives

Product Categories

Product Categories
Application Security Tools
Container Security
Software Composition Analysis (SCA)
Software Development Analytics
DevSecOps

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Snyk Logo
SonarQube Server (formerly SonarQube) vs Snyk
Veracode vs Snyk Logo
Veracode vs Snyk
GitLab vs Snyk Logo
GitLab vs Snyk
Checkmarx One vs Snyk Logo
Checkmarx One vs Snyk
Mend.io vs Snyk Logo
Mend.io vs Snyk
Fortify on Demand vs Snyk Logo
Fortify on Demand vs Snyk
Sonatype Lifecycle vs Snyk Logo
Sonatype Lifecycle vs Snyk
Acunetix vs Snyk Logo
Acunetix vs Snyk
CrowdStrike Falcon Cloud Security vs Snyk Logo
CrowdStrike Falcon Cloud Security vs Snyk
PortSwigger Burp Suite Professional vs Snyk Logo
PortSwigger Burp Suite Professional vs Snyk
HCL AppScan vs Snyk Logo
HCL AppScan vs Snyk
GitHub Advanced Security vs Snyk Logo
GitHub Advanced Security vs Snyk
Qualys Web Application Scanning vs Snyk Logo
Qualys Web Application Scanning vs Snyk
GitHub vs Snyk Logo
GitHub vs Snyk
Klocwork vs Snyk Logo
Klocwork vs Snyk
See all alternatives
Related questions
  • 203
Which software is ideal for code quality and security?
  • 489
How does Snyk compare with SonarQube?
  • 17
How do you use Snyk for running SAST?
  • 14
What do I scan when changing code in Snyk?
  • 997
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 104
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 212
What are the Top 5 cybersecurity trends in 2022?
  • 175
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 28
Which application security solutions include both vulnerability scans and quality checks?
  • 78
We're evaluating Tripwire, what else should we consider?