The best feature of Snyk is the integration with our ticketing system, which is Jira. That integration was one we were specifically looking for. The deep integration with our IDE and repository is another valuable feature. In terms of deploying these features, it's seamless.
Snyk Runtime Sensor
SnykExternal reviews
142 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Seamless integration and affordable pricing ensure efficient deployment while AI enhancements can further elevate feature set
What is most valuable?
What needs improvement?
Snyk should improve the scanning capabilities for other languages. For example, Veracode is strong with different languages such as Java, C#, and others. However, Snyk performs better at mobile source code scanning compared to Veracode. If both capabilities were combined, that would be exceptional.
As we are moving toward GenAI, we expect Snyk to leverage AI features to improve code scanning findings. One key feature we are currently examining with Veracode is AIVSS (Artificial Intelligence VSS), which is an extension of CVSS to cover use cases or top 10 LLM findings during code scanning. Since this is relatively new, we expect upcoming features to cover AI scoring. We have AI projects currently deploying in our organization, and we want to cover not only normal CVSS but also receive an AI assessment score. Both Veracode and Snyk should implement this new scoring system for CVSS and AIVSS.
For how long have I used the solution?
We are a customer of Snyk, not a partner.
How are customer service and support?
We have contacted Snyk's technical support regarding several issues, and they have resolved them successfully.
Snyk's technical support deserves a rating of seven or eight out of ten. Their response time aligns with their SLA commitments.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
My previous company continues to use Snyk.
How was the initial setup?
The initial setup of Snyk was straightforward.
What's my experience with pricing, setup cost, and licensing?
We discussed pricing with their account manager and secured a favorable deal. Initially, we planned to subscribe through AWS Marketplace at standard rates. After negotiations, we received a special package with a good price point. We signed a two-year contract, and they provided special links for subscription. The payment structure operates on a monthly prepaid basis.
What other advice do I have?
While Snyk may not be the absolute best option in the market, it offers the most seamless experience currently available. Based on their price point and features, it's both affordable and fair considering the license package offered.
During our implementation, we conducted a pilot test with Snyk for approximately two weeks during our UAT session. We spent an additional two to three weeks obtaining management approvals for production repository access. The testing was performed on development repositories before moving to production. While the actual implementation took about a week, the complete process duration was extended due to internal organizational approval processes.
I rate Snyk 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Identifies vulnerabilities early and integrates smoothly with DevOps pipeline
What is our primary use case?
What is most valuable?
Snyk provides a lot of information on vulnerabilities, the packages being used, and their dependencies. It gives good insight into the security of those packages. Snyk helps detect vulnerabilities before code moves to production, allowing for integration with DevOps and providing a shift-left advantage by identifying and fixing bugs before deployment.
What needs improvement?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false positives would be beneficial. So far, I've not seen any AI features to enhance vulnerability detection or to address the issues I mentioned.
For how long have I used the solution?
I've been working with Snyk for almost two years now.
What do I think about the stability of the solution?
Stability-wise, it is okay. I've not seen any issues with stability.
What do I think about the scalability of the solution?
Scalability meets my needs. I would rate it nine out of ten.
Which solution did I use previously and why did I switch?
I used another tool before Snyk but I'm not recalling its name. AppScan was used in the very early days.
How was the initial setup?
Setup is not a big problem. It's easy. If I had to rate it from one to ten, I'd say nine.
What other advice do I have?
They should do their research and see if it definitely adds value to their DevOps pipeline. Overall, I rate the solution eight out of ten.
Developer Centric Platform || Snyk
What do you like best about the product?
Recently they came with feature called, Deep code AI, using this we can fix the issue for 1st party cod in IDE level
What do you dislike about the product?
It doesnt have On-prem, And also we cannot push the SAST results to the Dashboard from CLI
What problems is the product solving and how is that benefiting you?
Snyk is covering from code to cloud and back to code. Which means it is having a wide range of integration in each and every stage of SDLC
Affordable tool boosts code scanning efficiency but faces integration hurdles
What is our primary use case?
I lead a code security practice for our organization. We integrated Snyk into our GitHub, using CLI to automatically scan codebases and identify issues. We are a large organization with three independent entities, consolidating Snyk across all entities.
We also provide access through numerous CI/CD tools. Our default implementation mechanism is CLI, but we also use the Web UI for a comprehensive view and recommendations.
How has it helped my organization?
For large organizations like ours, cost is a major factor. Snyk is the most cost-effective solution compared to others like Checkmarx.
We consolidated Snyk across three entities that used different tools. As a result, our organization became one of the largest in implementing Snyk.
What is most valuable?
The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Checkmarx. It is easy to consolidate Snyk across multiple entities within a large organization.
Additionally, our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.
What needs improvement?
Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR. It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for that functionality. These limitations were documented in a book that I wrote.
For how long have I used the solution?
We implemented Snyk starting last year, and it has been in use for around two and a half years.
What do I think about the scalability of the solution?
Snyk allows for scaling across large organizations, accommodating tens of thousands of applications and over 60,000 repositories, making it suitable for wide-scale deployment.
How are customer service and support?
Our organization maintains a good relationship with Snyk's customer support team. Despite potential variations in service quality for smaller organizations, our long-standing association has ensured smooth communication, resulting in favorable support experiences and satisfactory issue resolution.
Which solution did I use previously and why did I switch?
Previously, we used Synopsys Coverity and later migrated to Checkmarx and Mend before Snyk. Synopsys Coverity was costly, prompting a switch. Snyk's affordability and consolidating capabilities across the entities led to its adoption.
How was the initial setup?
The initial setup of Snyk is simple and straightforward compared to Synopsys Coverity, which is complex. Checkmarx falls in between, not too complicated or easy, but a reliable option. Snyk's ease of implementation makes it user-friendly.
What about the implementation team?
We have different teams managing aspects like licensing and engagement with the support team. They facilitate setup and maintenance, optimally integrating Snyk into our GitHub and CI/CD processes.
What's my experience with pricing, setup cost, and licensing?
Snyk is recognized as the cheapest option we have evaluated. In comparison to eight or nine other solutions, it ranks among the most affordable, providing cost-effective scalability across organizational units.
Which other solutions did I evaluate?
What other advice do I have?
Enhancing security awareness, and finds major issues while managing risks effectively
What is our primary use case?
The main tool today is used to check for security issues in our products. We use it to analyze all the projects, and our security efforts are based partly on this tool.
How has it helped my organization?
There are major impacts related to increasing security awareness and managing risks. Snyk has been an essential tool in that aspect.
What is most valuable?
The valuable aspect is its security capabilities. The tool finds any major issue, and the code is blocked from being promoted to production until the issue is corrected.
What needs improvement?
I'm not responsible for the tool. As far as I know, there are no major concerns or features that we lack. We had some issues integrating into our pipeline, however, they were resolved.
For how long have I used the solution?
We have used Snyk for approximately one year.
What do I think about the stability of the solution?
There are no complaints from the security team. There seem to be no major issues of concern.
What do I think about the scalability of the solution?
The security team is responsible for this tool. I don't have more details, however, there are no complaints, so I believe that's okay.
How are customer service and support?
I don't know about the support or customer service details. It's another team's responsibility.
Which solution did I use previously and why did I switch?
I don't have experience with other products similar to Snyk.
What was our ROI?
I wouldn't be able to say what the company's ROI is.
What's my experience with pricing, setup cost, and licensing?
The pricing and setup are not my responsibilities, so I don't know any details.
Which other solutions did I evaluate?
I have not evaluated any other solutions.
What other advice do I have?
Based on our experience and what I have heard internally, I would recommend Snyk.
I'd rate the solution nine out fo ten.
Bad Customer support, Lots of bugs and a non-working product
What do you like best about the product?
Integrate with most major code repo's. but the integration is not amazing.
What do you dislike about the product?
Customer support is slow to respond, usually not helpful and ended up escalating to a developer, that's when we lost all contact and did not get a solution to a clear bug that prevents us from using the product.
Another really important note around SBOM, the CLI does not provide all the information that you get from the UI, the solution provided was to use another tool to extract data. not sure why we pay for a product if we need to use outside, 3rd party tools to get the information we need.
Another really important note around SBOM, the CLI does not provide all the information that you get from the UI, the solution provided was to use another tool to extract data. not sure why we pay for a product if we need to use outside, 3rd party tools to get the information we need.
What problems is the product solving and how is that benefiting you?
Security scanning, SBOM.
Very Good SAST tool to begin with
What do you like best about the product?
Integration with both Bitbucket and Github, policy as a code,
What do you dislike about the product?
Too much unnecessary false positives, policy overrides, hard and complex to manage and track alerts
What problems is the product solving and how is that benefiting you?
Help in reducing efforts on Manual VAPT, helps in identifying muliple vuln in a single package thus reduces effort to mitigate vuln with minimum number of upgrades and patches
Very helpful and feature rich tool
What do you like best about the product?
Great integration with version control tools like Github and Bitbucket
What do you dislike about the product?
Initially when using Snyk it was a bit confusing, but since then they have improved all the UX and features.
What problems is the product solving and how is that benefiting you?
Using Snyk as our primary security tool offers us a lot of benefits from SAST to vulnerabiltiy scanning.
Supports multiple programming languages for security practices
What is our primary use case?
Snyk protects vulnerabilities in the code as usual, detects abnormal data flow inside the field, and similar tasks.
How has it helped my organization?
The specific feature of Snyk that has significantly improved my vulnerability management is its ability to identify vulnerabilities and suggest solutions to fix them. Snyk's automation capabilities streamline my security tasks by scanning code every time I commit.
What is most valuable?
Snyk's focus on security is a valuable feature. Also, Snyk supports multiple programming languages, which has positively affected my security practices. I use only two or three languages, and when I change the language in a file, it detects it in the same suite.
I find the AI-powered scanning beneficial. Using Snyk's AI-powered scanning, I can detect around ten or twenty errors in my project with about twenty thousand lines of code, so it helps improve my project by identifying a lot of potential vulnerabilities.
What needs improvement?
I use Snyk alongside Sonar, and Snyk tends to generate a lot of false positives. Improving the overall report quality and reducing false positives would be beneficial.
I don't need additional features; just improving the existing ones would be enough.
What do I think about the stability of the solution?
It scans the entire code really fast, and the auto-scan process is done repeatedly.
I would rate the stability of Snyk an eight out of ten.
What do I think about the scalability of the solution?
It detects issues really fast, but it still has a lot of false positives, and sometimes the suggestions aren't quite on point. This can sometimes lead to other vulnerabilities.
I would rate the scalability of Snyk a seven out of ten.
How was the initial setup?
I would rate the initial setup of Snyk a nine out of ten because it's straightforward. The web version is also easy to use. I'm working with both the web version and the IDE at the same time.
For deployment, I just link it to GitHub, upload the repository there and it automatically scans for any errors. It took around a minute to deploy Snyk.
What's my experience with pricing, setup cost, and licensing?
I'm currently using the free version, which the company offers before buying the full version. So, the price is affordable, especially for an enterprise.
Which other solutions did I evaluate?
I did evaluate other options before choosing Snyk. I only considered Sonar before Snyk, but I ended up with Snyk because it's faster and more focused on security.
What other advice do I have?
My advice for others considering using Snyk is to rely on it for security issues but still manually review your overall code. It's great for detecting syntax errors but might miss some broader issues, so it's important to do a thorough check yourself.
Based on my experience, I'd rate Snyk an eight overall. Its performance is indeed good.
Very quick to find security issues with code bases
What do you like best about the product?
I think it is so easy to use. I like that it includes solutions to the issues I have, it can quickly scan a codebase and will constantly scan it. We had no issues including it into our code base.
What do you dislike about the product?
The solutions sometimes overlap and don't coincide. Another issue I could say would be pricing.
What problems is the product solving and how is that benefiting you?
We have had some security issues in the code base we never would have realized without it.
showing 11 - 20