Snyk Reviews & Product Details

What I appreciate most about Snyk is its "Reachability" feature. This means that if a vulnerable or exploitable library or package is imported in the code but not actually called or used, it is identified as a false positive and does not require remediation. However, this feature is only available in the paid subscription, not in the free version. It significantly reduces the time the VAPT team spends validating issues, and also helps the DevOps team address problems more efficiently.

Another aspect I value is how quickly Snyk adapts to new CVEs. If a zero-day exploit appears, Snyk updates its CVE database within a maximum of 24 hours, helping to keep the code secure. Review collected by and hosted on G2.com.

After some months of project being imported, scanned, and tested, snyk starts providing false-positives issues as well. Review collected by and hosted on G2.com.

Snyk's product features a highly intuitive GUI, making it straightforward to identify and address vulnerabilities. The platform allows you to organize developers into Orgs, which is helpful for ensuring that only specific development teams can view the vulnerabilities related to their own products. This structure also enhances the reporting capabilities. Integration with GitHub Cloud is relatively simple; you can use a GitHub app to onboard individual repositories to team orgs. Implementation is also quite manageable, provided you know which teams are responsible for which repositories and the products or services they support. Customer support is accessible online through the portal, making it easy to submit a ticket or arrange a call when needed. Snyk is fairly customisable per org too, allowing you to decide which settings you want to enable on a per team / product basis, so you can get quite granular in terms of what PR's get raised for which activities. Feedback is also provided in GitHub itself, which is useful for the developers. Review collected by and hosted on G2.com.

It's DAST product is in a seperate interface and not integrated into the Snyk product itself, I beleive this was due to it being an acquisition. Equally, their secret detection capability is not very good and they don't focus on code quality so you will need a different product for that. Review collected by and hosted on G2.com.

Snyk has an extensive and up-to-date vulnerability database which helps early detection of vulnerabilities in applications. It is very developer friendly with easy integration set-up and descriptive remediation advice for detected vulnerabilities. I use it daily running in CI/CD pipelines. Review collected by and hosted on G2.com.

Sometimes it flags false positives. Scans can take a few minutes for a medium sized repository which can slow down pipeline. Review collected by and hosted on G2.com.

Its Scanning capabilities are very Good. For instance, it really does well in SAST scans and even SCA scans. It is also helpful in mitigating vulnerabilities by providing the best solutions Review collected by and hosted on G2.com.

It’s cost. It is very expensive. Other than that, The UI can be a bit better Review collected by and hosted on G2.com.

Recently they came with feature called, Deep code AI, using this we can fix the issue for 1st party cod in IDE level Review collected by and hosted on G2.com.

It doesnt have On-prem, And also we cannot push the SAST results to the Dashboard from CLI Review collected by and hosted on G2.com.

Integrate with most major code repo's. but the integration is not amazing. Review collected by and hosted on G2.com.

Customer support is slow to respond, usually not helpful and ended up escalating to a developer, that's when we lost all contact and did not get a solution to a clear bug that prevents us from using the product.

Another really important note around SBOM, the CLI does not provide all the information that you get from the UI, the solution provided was to use another tool to extract data. not sure why we pay for a product if we need to use outside, 3rd party tools to get the information we need. Review collected by and hosted on G2.com.

Integration with both Bitbucket and Github, policy as a code, Review collected by and hosted on G2.com.

Too much unnecessary false positives, policy overrides, hard and complex to manage and track alerts Review collected by and hosted on G2.com.

I think it is so easy to use. I like that it includes solutions to the issues I have, it can quickly scan a codebase and will constantly scan it. We had no issues including it into our code base. Review collected by and hosted on G2.com.

The solutions sometimes overlap and don't coincide. Another issue I could say would be pricing. Review collected by and hosted on G2.com.

Great integration with version control tools like Github and Bitbucket Review collected by and hosted on G2.com.

Initially when using Snyk it was a bit confusing, but since then they have improved all the UX and features. Review collected by and hosted on G2.com.

-Easy integration available for GIthub

-Vulenrabilities false positive rate is slightly better than other tools

-Can be easily integrated within CI/Cd pipline.

-Automatic code scanning and report generation available

-Works with almost all languages

-Very straightforward to use Review collected by and hosted on G2.com.

-Sometimes vulenrability reported are false positive and also rarely misses some of the genuine vulnerabilities. Review collected by and hosted on G2.com.