Snyk Runtime Sensor

The most recent client had experience with other products that did not have some features Snyk  provides, such as Fortify in the old version before OpenText  acquisition. They gave feedback about the precision in discovering vulnerabilities. They found that Snyk  can provide more insights about vulnerabilities than older applications in SAST  and SCA .

We have integration with GitHub Actions  to analyze the code and we use a double check in the pipeline. Our strategy is about shift left. The developers connect with Snyk, Git , and use this with the pipeline.

They evolved their maturity because they could find the vulnerabilities before the pipeline runs. They can find and correct these vulnerabilities in a step before the pushes and PRs to GitHub . They think it is a very positive feature.

I appreciate the UI. It is simple, fast, and I value the precision in the tests. The responses are positive.

Regarding the vulnerability database and AI, we have good experience with that. I cannot compare with other providers or vendors such as Veracode , Checkmarx, and others. All the tests are positive in my analysis.

Technically, we have better vulnerabilities detection in Checkmarx and Veracode . Both of them are more precise about vulnerabilities detection. Snyk is slightly less effective, but this is something they can improve on in the future.

We have been using the solution for one and a half years. Not much time.

We did not need support during the proof of concept.

The documentation is good. It is one of the reasons we did not need support. We could understand the implementation of the product and other features without the need for human interaction.

Positive

I made a proof of concept for a client with Checkmarx for about one month. I provided them a review about my experience. Now they are analyzing my results and considerations about other products too. I do not know if they already have a response about which product they will buy.

Snyk is less expensive.

It is simpler than other vendors. We have some difficulties with other license models. They are more complex and involve an acquisition of more products such as Synopsys and Checkmarx used a complex license model. Snyk has a license model simpler than most of the other vendors.

It was one of my three recommendations for my client. I am satisfied with the product. I rate Snyk 8.5 out of 10.

Hybrid Cloud

Other

What do you like best about the product?

Its Scanning capabilities are very Good. For instance, it really does well in SAST scans and even SCA scans. It is also helpful in mitigating vulnerabilities by providing the best solutions

What do you dislike about the product?

It’s cost. It is very expensive. Other than that, The UI can be a bit better

What problems is the product solving and how is that benefiting you?

Snyk tackles the challenge of spotting and fixing security vulnerabilities across your software stack—everything from open‑source libraries and container images to infrastructure‑as‑code and your own codebase. It fits right into your workflow (think GitHub, IDEs, CI/CD), so you catch real issues early and get actionable fixes automatically. This means fewer surprises, faster development, and stronger confidence that security isn’t slowing you down—it’s built in.

The best feature of Snyk  is the integration with our ticketing system, which is Jira . That integration was one we were specifically looking for. The deep integration with our IDE  and repository is another valuable feature. In terms of deploying these features, it's seamless.

Snyk  should improve the scanning capabilities for other languages. For example, Veracode  is strong with different languages such as Java, C#, and others. However, Snyk performs better at mobile source code scanning compared to Veracode . If both capabilities were combined, that would be exceptional.

As we are moving toward GenAI, we expect Snyk to leverage AI features to improve code scanning findings. One key feature we are currently examining with Veracode is AIVSS (Artificial Intelligence VSS), which is an extension of CVSS to cover use cases or top 10 LLM findings during code scanning. Since this is relatively new, we expect upcoming features to cover AI scoring. We have AI projects currently deploying in our organization, and we want to cover not only normal CVSS but also receive an AI assessment score. Both Veracode and Snyk should implement this new scoring system for CVSS and AIVSS.

We are a customer of Snyk, not a partner.

We have contacted Snyk's technical support regarding several issues, and they have resolved them successfully.

Snyk's technical support deserves a rating of seven or eight out of ten. Their response time aligns with their SLA commitments.

Positive

My previous company continues to use Snyk.

The initial setup of Snyk was straightforward.

We discussed pricing with their account manager and secured a favorable deal. Initially, we planned to subscribe through AWS Marketplace  at standard rates. After negotiations, we received a special package with a good price point. We signed a two-year contract, and they provided special links for subscription. The payment structure operates on a monthly prepaid basis.

While Snyk may not be the absolute best option in the market, it offers the most seamless experience currently available. Based on their price point and features, it's both affordable and fair considering the license package offered.

During our implementation, we conducted a pilot test with Snyk for approximately two weeks during our UAT session. We spent an additional two to three weeks obtaining management approvals for production repository access. The testing was performed on development repositories before moving to production. While the actual implementation took about a week, the complete process duration was extended due to internal organizational approval processes.

I rate Snyk 8 out of 10.

Public Cloud

Amazon Web Services  (AWS )

I use Snyk  in the DevOps pipeline to identify vulnerabilities before deploying the application. It integrates with Jenkins .

Snyk  provides a lot of information on vulnerabilities, the packages being used, and their dependencies. It gives good insight into the security of those packages. Snyk helps detect vulnerabilities before code moves to production, allowing for integration with DevOps and providing a shift-left advantage by identifying and fixing bugs before deployment.

There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false positives would be beneficial. So far, I've not seen any AI features to enhance vulnerability detection or to address the issues I mentioned.

I've been working with Snyk for almost two years now.

Stability-wise, it is okay. I've not seen any issues with stability.

Scalability meets my needs. I would rate it nine out of ten.

I used another tool before Snyk but I'm not recalling its name. AppScan  was used in the very early days.

Setup is not a big problem. It's easy. If I had to rate it from one to ten, I'd say nine.

They should do their research and see if it definitely adds value to their DevOps pipeline. Overall, I rate the solution eight out of ten.

On-premises

What do you like best about the product?

Recently they came with feature called, Deep code AI, using this we can fix the issue for 1st party cod in IDE level

What do you dislike about the product?

It doesnt have On-prem, And also we cannot push the SAST results to the Dashboard from CLI

What problems is the product solving and how is that benefiting you?

Snyk is covering from code to cloud and back to code. Which means it is having a wide range of integration in each and every stage of SDLC