I lead a code security practice for our organization. We integrated Snyk into our GitHub, using CLI to automatically scan codebases and identify issues. We are a large organization with three independent entities, consolidating Snyk across all entities.

We also provide access through numerous CI/CD tools. Our default implementation mechanism is CLI, but we also use the Web UI for a comprehensive view and recommendations.

For large organizations like ours, cost is a major factor. Snyk is the most cost-effective solution compared to others like Checkmarx.

We consolidated Snyk across three entities that used different tools. As a result, our organization became one of the largest in implementing Snyk.

The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Checkmarx. It is easy to consolidate Snyk across multiple entities within a large organization.

Additionally, our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.

Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR. It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for that functionality. These limitations were documented in a book that I wrote.

We implemented Snyk starting last year, and it has been in use for around two and a half years.

Snyk allows for scaling across large organizations, accommodating tens of thousands of applications and over 60,000 repositories, making it suitable for wide-scale deployment.

Our organization maintains a good relationship with Snyk's customer support team. Despite potential variations in service quality for smaller organizations, our long-standing association has ensured smooth communication, resulting in favorable support experiences and satisfactory issue resolution.

Previously, we used Synopsys Coverity and later migrated to Checkmarx and Mend before Snyk. Synopsys Coverity was costly, prompting a switch. Snyk's affordability and consolidating capabilities across the entities led to its adoption.

The initial setup of Snyk is simple and straightforward compared to Synopsys Coverity, which is complex. Checkmarx falls in between, not too complicated or easy, but a reliable option. Snyk's ease of implementation makes it user-friendly.

We have different teams managing aspects like licensing and engagement with the support team. They facilitate setup and maintenance, optimally integrating Snyk into our GitHub and CI/CD processes.

Snyk is recognized as the cheapest option we have evaluated. In comparison to eight or nine other solutions, it ranks among the most affordable, providing cost-effective scalability across organizational units.

In my comparative evaluations, I considered tools like AppScan, Veracode, Checkmarx, Synopsys Coverity, and six to eight other alternatives.

Snyk is optimal for organizations starting or looking for an affordable, effective tool. Despite false positives, it combines SAST, SCA, containers, and IaS in one Web UI. On a scale of one to ten, I rate Snyk at six.

We are using an enterprise version of Snyk for image scanning. We use Snyk to identify and address vulnerabilities in our open-source dependencies and to scan the Docker images.

The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities.

The solution's integration with JFrog Artifactory could be improved.

We have been using Snyk for two years.

I rate the solution an eight out of ten for stability.

We use Snyk for microservices, and more than 100 users use it in our organization twice a week.

I rate the solution a seven out of ten for scalability.

The solution’s technical support team was involved during the architecture integration. We got their support, but I think we could probably get a faster response from them.

Snyk's initial setup is not very difficult.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a seven out of ten.

The solution's initial setup took a few weeks. The solution's deployment was done by our app system, and four people were highly engaged in this activity.

Before choosing Snyk, we were exploring different solutions like JFrog Xray and Aqua scan for image scanning. We chose Snyk because we could do both image scanning and SCA with it.

We are comparing Snyk with GitHub Advanced Security, which has a better vulnerability database. They have more vulnerabilities enlisted in their database.

The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not.

We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline.

Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance.

The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub.

Overall, I rate the solution a seven out of ten.

The major problem my company found in relation to our customers was in the area of Zip Slip security as they don't have any security tools in place. My company's customers don't have any security tools integrated into the CI/CD pipelines they use in their company. With Snyk, SCA checks code and third-party dependencies upfront.

When it comes to Snyk, it is not about its features since it is a developer-focused tool, making it possible for developers to easily integrate the tool with other solutions. The automation part and reporting feature of the solution are good. Nowadays, people opt for Cloud Native Pod system architecture, under which good tools are offered to users to use for their applications.

I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks. Snyk needs to focus on the area related to dependencies.

I have been using Snyk for ten years.

Snyk is a good and scalable tool. Some of our customers who get to use the scalability options go ahead and compare Snyk with other options like Veracode, which is a highly expensive tool that is also complex. Snyk is a simpler tool compared to Veracode.

My company deals with mostly medium-sized clients who use Snyk.

In our company, the team I deal with, the delivery team, has never raised concerns regarding the support offered by Snyk. I hope the support offered by Snyk is fine.

My company has dealt with SonarQube a lot in the past. It is not that my company switches over from one tool to another tool. The tools we use in my company depend on our customers. Some of my company's customers prefer SonarQube, while others prefer Snyk.

The product's initial setup phase was easy.

The solution's deployment model varies from customer to customer. My company deals with a mix of clients, some of whom deploy the tool on the cloud while others deploy it on an on-premises model.

Compared to Veracode, Snyk is definitely a cheaper tool. SonarQube's community version or enterprise version is mostly used, but price-wise, it is okay. The price depends on how many lines of code a customer uses in SonarQube.

The major reason why customers prefer Snyk is that, nowadays, people are moving towards cloud-native tools. People also want a tool that offers safety and security, especially during the integration process and during the coding part. Snyk offers a set of much better features when compared to other tools like SonarQube or Veracode. Smaller companies can choose the team plan or enterprise version offered by Snyk. The major reason why people prefer Snyk is because of the security it offers.

I rate the overall tool a six or seven out of ten.

The product's most valuable features are an open-source platform, remote functionality, and good pricing.

Snyk's API and UI features could work better in terms of speed. Additionally, they could optimize and provide better reports, including reports for security, technical, and developer level.

We have been using Snyk for two and a half years.

I rate the platform's stability an eight or nine out of ten. Sometimes, we encounter downtime issues, but it has quick recovery. It impacts our system and needs improvement for better outcomes during the development phase.

We have 20 to 50 Snyk users in the development team of our organization. It is a scalable product.

The technical support services are available quickly for developers. However, they should improve their speed of response for customers.

I have used Checkmarx and some other open-source software.

The initial setup is neither difficult nor easy. However, it works slowly. It takes some weeks or months to complete the process.

The product has good pricing.

I recommend Snyk to others and rate it a seven out of ten.

I use Snyk to review my code.

Snyk helps me pinpoint security errors in my code.

Sometimes we have problems upgrading a library because it's too old. The only thing we can do is use another library.

It is easy to scale Snyk once you install it, but it depends on your cloud service provider. Everything will scale smoothly if you have the correct cloud server settings.

I rate Snyk support eight out of 10.

Setting up Snyk is relatively complex if you're working with multiple developers who use different IDEs. It can be complicated if, for example, one developer uses Visual Studio and another developer uses a different editor.

Snyk is cloud-based. We use Bamboo for CI/CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult.

I rate Snyk three out of 10 for affordability. The price is relatively high, but it's worth it.

I rate Snyk seven out of 10.