The major problem my company found in relation to our customers was in the area of Zip Slip security as they don't have any security tools in place. My company's customers don't have any security tools integrated into the CI/CD pipelines they use in their company. With Snyk, SCA checks code and third-party dependencies upfront.

When it comes to Snyk, it is not about its features since it is a developer-focused tool, making it possible for developers to easily integrate the tool with other solutions. The automation part and reporting feature of the solution are good. Nowadays, people opt for Cloud Native Pod system architecture, under which good tools are offered to users to use for their applications.

I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks. Snyk needs to focus on the area related to dependencies.

I have been using Snyk for ten years.

Snyk is a good and scalable tool. Some of our customers who get to use the scalability options go ahead and compare Snyk with other options like Veracode, which is a highly expensive tool that is also complex. Snyk is a simpler tool compared to Veracode.

My company deals with mostly medium-sized clients who use Snyk.

In our company, the team I deal with, the delivery team, has never raised concerns regarding the support offered by Snyk. I hope the support offered by Snyk is fine.

My company has dealt with SonarQube a lot in the past. It is not that my company switches over from one tool to another tool. The tools we use in my company depend on our customers. Some of my company's customers prefer SonarQube, while others prefer Snyk.

The product's initial setup phase was easy.

The solution's deployment model varies from customer to customer. My company deals with a mix of clients, some of whom deploy the tool on the cloud while others deploy it on an on-premises model.

Compared to Veracode, Snyk is definitely a cheaper tool. SonarQube's community version or enterprise version is mostly used, but price-wise, it is okay. The price depends on how many lines of code a customer uses in SonarQube.

The major reason why customers prefer Snyk is that, nowadays, people are moving towards cloud-native tools. People also want a tool that offers safety and security, especially during the integration process and during the coding part. Snyk offers a set of much better features when compared to other tools like SonarQube or Veracode. Smaller companies can choose the team plan or enterprise version offered by Snyk. The major reason why people prefer Snyk is because of the security it offers.

I rate the overall tool a six or seven out of ten.

The product's most valuable features are an open-source platform, remote functionality, and good pricing.

Snyk's API and UI features could work better in terms of speed. Additionally, they could optimize and provide better reports, including reports for security, technical, and developer level.

We have been using Snyk for two and a half years.

I rate the platform's stability an eight or nine out of ten. Sometimes, we encounter downtime issues, but it has quick recovery. It impacts our system and needs improvement for better outcomes during the development phase.

We have 20 to 50 Snyk users in the development team of our organization. It is a scalable product.

The technical support services are available quickly for developers. However, they should improve their speed of response for customers.

Neutral

I have used Checkmarx and some other open-source software.

The initial setup is neither difficult nor easy. However, it works slowly. It takes some weeks or months to complete the process.

The product has good pricing. 

I recommend Snyk to others and rate it a seven out of ten.

In my company, Snyk is useful because it provides container security and DAST.

Snyk is a strong security solution that helps customers analyze static code and improve their security and code in their main application.

DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings.

I have experience with Snyk, and it is a new solution chosen by my company. I am a reseller of the solution.

It is a stable solution. Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution an eight out of ten.

One security engineer uses Snyk in our company, but we don't use the tool for our own use cases, and we only deploy it for our customers.

I rate the technical support a ten out of ten.

Positive

Our company previously used Micro Focus for three or four months. We have worked with Checkmark for more than two or three years.

We provide Snyk to our customers. It is a very strong solution.

I rate the initial setup a ten on a scale of one to ten, where one is difficult, and ten is easy.

The solution is deployed on the cloud since it is a SaaS solution and doesn't have an on-premises version.

The deployment process for Snyk takes like a week.

For the steps in Snyk's deployment, one has to buy a license and click on the deploy icon on Snyk's website, after which it syncs up with the system.

One person is required for deployment. Even if we talk about something like container security or DAST, only one person would be required for the deployment process.

On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing a three. It is a cheap solution.

I would definitely recommend the solution to those planning to use it since it is easy to deploy and has strong features like machine learning and the ability to analyze static codes.

Overall, I rate the solution an eight out of ten.

We use some legacy and some new languages as we are aiming for serverless solutions. We're using serverless as is and with Python. We import it to Snyk to do SAST scanning for every one of our repositories on the Bitbucket pipeline. At least 350 repositories, including libraries and some automation such as robots or scripts. We have a huge background in using this tool.

We have seen an improvement this month. My security team told me, "We need to break your pipeline if the tools present critical and high-end security issues on the code, so this code cannot go to a staging or homologation environment." I then made improvements to the tools, which were not cheap. But it's a standard feature and a customer need, so I do this, then we apply. Using Snyk, we get the results and the reports and deploy the applications with high-end critical issues of security such as DoS or Cross-Site scripting, any kind of present, on the Snyk IO solution.

I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario. Snyk was built for SCA initially, so it's the main goal of the solution so far. But SCA only loses the battle with Black Duck from Synopsys.

They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features. It's very basic right now. For example, you need to make many workarounds to get reports from API RUSH. Improving how the plugin works is the best way to get any partnership with most tools. This way, Snyk could, for example, integrate with the Atlassian Bitbucket pipeline. If the plugins could be improved, I could integrate plugins in a few seconds instead of making many workarounds using API REST.

We have been using Snyk for two years in a row now. It scans all of our applications on the site. It's mandatory for all of our applications to be scanned on this tool.

I have never faced downtime for maintenance or any kind of trouble in the two years I've used the tool. I rate the stability a nine-point five out of ten because we sometimes face delays.

I rate Snyk's scalability a ten out of ten. Snyk is a huge platform. You don't have limits on the number of repositories you can import. You only have a limitation on the number of scans, but that depends on your license. We have 50 users using Snyk in my company. Snyk's usage in the bank I work for has been elastic. Last year we had 75 users, but we needed to fire a few while others left for other jobs. If we start to grow again, I will ask for a bigger license, and we can work with a huge pool. My target is to work with 100 licenses.

I contact customer support at least once a month, not because we are facing issues, but to give technical reports as a customer. When we bought the solution, we asked the sales team about the technical support provided to engineers. Snyk has a monthly feedback meeting to see if the tool works well and if you have any issues or needs. Every month I have at least one call with my account manager and the solution engineer to discuss the solution. I can speak directly to the engineer if I've found some improvement. He takes notes and then proceeds internally. If I face some bugs, I can send a mail, and they'll always respond within two days because of the time zone, and always with a link or a descriptive solution for the issue or bug I'm facing. Snyk customer support is one of the best I have contacted.

Positive

Apart from Snyk, I have used Veracode. We switched because we faced a bug on Veracode using Atlassian Jira. I tried to figure it out with the support for at least four months in a row, and they didn't find it. I did my own tests and found that Veracode doesn't support the Brazilian keyboard, and my keyboard is entirely Brazilian-encoded. We have some special characters in our vocabulary that Veracode can't read, which breaks the platform plugin. I needed to make a workaround to upload my tickets. I tried asking them to improve and apply the solution to our language, but they said they didn't have a roadmap and suggested I work in English. I didn't want to take the risk of rewriting Jira in English just because of one tool, so I looked for other solutions on the market at the time. Snyk was listed as a visionary in Gartner, so we contacted them, and they made an offer, and we were given the enterprise edition for free for three months. We decided to make a POC using the enterprise solution for three months.

In the end, Snyk brought more results and connectivity with Jira and Atlassian for a lot cheaper.

I brought Snyk into the bank I work with. I held the technical interview, made a POC, and the initial commits and imports on the tool.

The initial setup's difficulty depends on whether you use it on CI/CD, but I rate it eight out of ten. The initial setup is not very hard, especially if you use the Snyk IO on the cloud platform. It is just point-and-click. If you are using it on your customizations, on your CI/CD, the rating drops to six out of ten because you need to understand very well what you need on your CI/CD staging to apply Snyk as the correct tool for that demand.

It took at least about 30 seconds to deploy Snyk on the platform. The authorization to break the pipeline takes at least 15 seconds.

The steps taken for deploying Snyk differ for each kind of solution and application we have here, but they follow the same recipe. First, we perform a SaTScan, to look for a hardcoded password or access key, then perform a unit test to see if the solution passes and then install. We check to see, "Oh, you have these kinds of issues." We might have high, critical, lower, or information issues. After that, we deploy the solution on the deployment environment, then repeat the same steps in staging the environment. After this, we make the build for the production site or environment.

I handled Snyk's deployment by myself.

I have seen a 70% ROI from Snyk. The other 15% is my company's fault. If you don't have your development team engaged to reduce all kinds of issues to zero, you are wasting some of your money. In the past, some squads didn't use the platform at all even though they had access, which is a waste of money because we could use the free solution instead. Some other squads engaged with calls trying to bring the number of issues down to zero. They worked so hard on the platform and got so deep into the documentation that they brought huge results.

For example, some of our projects had 25 critical and 100 high-level issues. My development team brought it down to 0 criticals and reduced 75% of the high-level issues by only using the tools on Snyk without asking me any questions, only looking at the platform and reading the solution on their own to find out what could be done to fix the problem.

I saw an ROI for some of my squads. For others, I only saw 20%. Seeing an ROI depends on the scenario in your company.

For what Snyk offers, it has the best cost-benefit I have ever seen because you're buying the license per user. With most similar tools on the market, you buy the application and pay for each application, so you have a limited number of projects you can put inside it. For example, if you have ten applications in your company, you need to buy one application to get these ten projects inside this application. Your application then becomes your organization, and your applications in your organization become your project. It's different on Snyk, where you buy the application for computers.

Every three months, Snyk runs a script on your organization and checks each of your computers and providers of code. They check activity for three months for each license. In my bank, for example, I have 50 licenses. But if one person goes off or is fired, their support is freed up to be used by someone else. The permit is bought per user rather than application, and it's not limited to the number of projects you can import. For example, in the beginning, I made some mistakes, and I imported my entire Bitbucket three times, so my whole Bitbucket has at least 715 projects, but I still wasn't charged for it. I only had to remove each one manually.

You don't have a limitation on repositories to be scanned. You are limited to how much scanning you do based on the plan you're working with. With the free plan, you have 300 scans. With the business plan, you have 1,000 scans, and the enterprise plan is unlimited. You need to understand how much you will use the tool to ensure you buy the correct Snyk license. I rate Snyk's pricing eight out of ten because it is a bit high.

You can use Snyk to develop tech IT, and you can use it anywhere from small sectors and large sectors. For example, if you have IOPS, you can use this as IaC in infrastructure to read files.

Snyk is the best place to start for a SaaS solution because it's cheaper. It's a good start for small FinTech companies that don't have a large budget. It's one of the best places to start for this kind of security scanning application. After a few months, Snyk was bought by Atlassian. Atlassian creates a lot of plugins to, for example, create a pull request for Bitbucket pipelines or Bitbucket cloud to create Jira tickets integrated with Snyk IO. In the last year, they changed the way they connect. We no longer have to use an application password because it's native for the Bitbucket cloud to use a plugin in Atlassian's marketplace. They made a huge improvement in a year and a half. This year I compared Snyk to Veracode and saw that it has huge tools, but it doesn't fit my requirements right now, so I continue using Snyk IO.

The main difference between Snyk and Veracode is the UI. Snyk IO is far more user-friendly and easier to manage your issues, and the SCA solution is much better than Veracode's.

I rate Snyk an eight out of ten.

I use Snyk to review my code. 

Snyk helps me pinpoint security errors in my code. 

Sometimes we have problems upgrading a library because it's too old. The only thing we can do is use another library. 

It is easy to scale Snyk once you install it, but it depends on your cloud service provider. Everything will scale smoothly if you have the correct cloud server settings. 

I rate Snyk support eight out of 10. 

Positive

Setting up Snyk is relatively complex if you're working with multiple developers who use different IDEs. It can be complicated if, for example, one developer uses Visual Studio and another developer uses a different editor. 

Snyk is cloud-based. We use Bamboo for CI/CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult.

I rate Snyk three out of 10 for affordability. The price is relatively high, but it's worth it. 

I rate Snyk seven out of 10.