What I appreciate most about Snyk is its "Reachability" feature. This means that if a vulnerable or exploitable library or package is imported in the code but not actually called or used, it is identified as a false positive and does not require remediation. However, this feature is only available in the paid subscription, not in the free version. It significantly reduces the time the VAPT team spends validating issues, and also helps the DevOps team address problems more efficiently. Another aspect I value is how quickly Snyk adapts to new CVEs. If a zero-day exploit appears, Snyk updates its CVE database within a maximum of 24 hours, helping to keep the code secure.

Snyk has an extensive and up-to-date vulnerability database which helps early detection of vulnerabilities in applications. It is very developer friendly with easy integration set-up and descriptive remediation advice for detected vulnerabilities. I use it daily running in CI/CD pipelines.

Snyk's product features a highly intuitive GUI, making it straightforward to identify and address vulnerabilities. The platform allows you to organize developers into Orgs, which is helpful for ensuring that only specific development teams can view the vulnerabilities related to their own products. This structure also enhances the reporting capabilities. Integration with GitHub Cloud is relatively simple; you can use a GitHub app to onboard individual repositories to team orgs. Implementation is also quite manageable, provided you know which teams are responsible for which repositories and the products or services they support. Customer support is accessible online through the portal, making it easy to submit a ticket or arrange a call when needed. Snyk is fairly customisable per org too, allowing you to decide which settings you want to enable on a per team / product basis, so you can get quite granular in terms of what PR's get raised for which activities. Feedback is also provided in GitHub itself, which is useful for the developers.