We use the product mainly for software composition analysis. It is used to identify vulnerabilities in the application plug-ins. If we use Python 3.8, it’ll tell us that the version is outdated and that it has several vulnerabilities. It also helps in threat identification. It also provides infrastructure as code.
Snyk Runtime Sensor
SnykExternal reviews
138 reviews
from
and
External reviews are not included in the AWS star rating for the product.
A stable solution that provides excellent features and enables users to identify vulnerabilities in the application plug-ins
What is our primary use case?
What is most valuable?
Static code analysis is one of the best features of the solution.
What needs improvement?
The product is very expensive.
For how long have I used the solution?
I have been using the solution for three years.
What do I think about the stability of the solution?
The product is stable.
What do I think about the scalability of the solution?
We have around 2000 users. Every developer in the organization has access to it.
How are customer service and support?
The support has improved a lot.
How would you rate customer service and support?
Neutral
How was the initial setup?
We use the SaaS version. The initial setup is easy. We just have to click the buttons.
What was our ROI?
I do not think that the tool is worth the money. A lot of free tools are available online.
What's my experience with pricing, setup cost, and licensing?
The solution costs half a million dollars per year. It depends on the number of users. If the number of users increases, the cost will increase further.
What other advice do I have?
People who want to use the product must utilize the code analysis on IDE. It would really help a lot of the developers. It performs the shift left concept very well. It is a very good tool, but the pricing is absurd. Overall, I rate the product an eight out of ten.
Check vulnerabilities and rectify potential leaks in GitHub
What is our primary use case?
We use Snyk to check vulnerabilities and rectify potential leaks in GitHub.
What needs improvement?
The tool's initial use is complex.
For how long have I used the solution?
I have been working with the product for three to four months.
What other advice do I have?
I rate the product an eight out of ten.
A scalable tool that needs to add more vulnerability protection features
What is our primary use case?
The major problem my company found in relation to our customers was in the area of Zip Slip security as they don't have any security tools in place. My company's customers don't have any security tools integrated into the CI/CD pipelines they use in their company. With Snyk, SCA checks code and third-party dependencies upfront.
What is most valuable?
When it comes to Snyk, it is not about its features since it is a developer-focused tool, making it possible for developers to easily integrate the tool with other solutions. The automation part and reporting feature of the solution are good. Nowadays, people opt for Cloud Native Pod system architecture, under which good tools are offered to users to use for their applications.
What needs improvement?
I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks. Snyk needs to focus on the area related to dependencies.
For how long have I used the solution?
I have been using Snyk for ten years.
What do I think about the scalability of the solution?
Snyk is a good and scalable tool. Some of our customers who get to use the scalability options go ahead and compare Snyk with other options like Veracode, which is a highly expensive tool that is also complex. Snyk is a simpler tool compared to Veracode.
My company deals with mostly medium-sized clients who use Snyk.
How are customer service and support?
In our company, the team I deal with, the delivery team, has never raised concerns regarding the support offered by Snyk. I hope the support offered by Snyk is fine.
Which solution did I use previously and why did I switch?
My company has dealt with SonarQube a lot in the past. It is not that my company switches over from one tool to another tool. The tools we use in my company depend on our customers. Some of my company's customers prefer SonarQube, while others prefer Snyk.
How was the initial setup?
The product's initial setup phase was easy.
The solution's deployment model varies from customer to customer. My company deals with a mix of clients, some of whom deploy the tool on the cloud while others deploy it on an on-premises model.
What's my experience with pricing, setup cost, and licensing?
Compared to Veracode, Snyk is definitely a cheaper tool. SonarQube's community version or enterprise version is mostly used, but price-wise, it is okay. The price depends on how many lines of code a customer uses in SonarQube.
What other advice do I have?
The major reason why customers prefer Snyk is that, nowadays, people are moving towards cloud-native tools. People also want a tool that offers safety and security, especially during the integration process and during the coding part. Snyk offers a set of much better features when compared to other tools like SonarQube or Veracode. Smaller companies can choose the team plan or enterprise version offered by Snyk. The major reason why people prefer Snyk is because of the security it offers.
I rate the overall tool a six or seven out of ten.
Centralised vulnerability management for product security
What do you like best about the product?
Centralised vulnerability visibility and reduction for our products that we develop. The UI also provides good reporting on KPI data to provide to the relevant stakeholders for full risk reduction visibility. The integration is easy to setup with GitHub and out of the box.
What do you dislike about the product?
One aspect to consider is if you would like all features available of the platform, there could be a high cost involved, however the Snyk platform is worth the investment in the long run.
What problems is the product solving and how is that benefiting you?
Snyk is helping our organisation to prevent vulnerabilities being coded into our products by using a shifting left approach in our DevSecOps pipeline.
Provides good scalability, but its reporting feature needs improvement
What is most valuable?
The product's most valuable features are an open-source platform, remote functionality, and good pricing.
What needs improvement?
Snyk's API and UI features could work better in terms of speed. Additionally, they could optimize and provide better reports, including reports for security, technical, and developer level.
For how long have I used the solution?
We have been using Snyk for two and a half years.
What do I think about the stability of the solution?
I rate the platform's stability an eight or nine out of ten. Sometimes, we encounter downtime issues, but it has quick recovery. It impacts our system and needs improvement for better outcomes during the development phase.
What do I think about the scalability of the solution?
We have 20 to 50 Snyk users in the development team of our organization. It is a scalable product.
How are customer service and support?
The technical support services are available quickly for developers. However, they should improve their speed of response for customers.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have used Checkmarx and some other open-source software.
How was the initial setup?
The initial setup is neither difficult nor easy. However, it works slowly. It takes some weeks or months to complete the process.
What's my experience with pricing, setup cost, and licensing?
The product has good pricing.
What other advice do I have?
I recommend Snyk to others and rate it a seven out of ten.
Tool for managing your open source vulnerabilities
What do you like best about the product?
Snyk give you a good coverage for your open source vulnerabilities, license probelm and basic static code analysis.
What do you dislike about the product?
The integration part can be misleading, for a real detection you need to integrate it into the ci/cd, and the simple detection of requirements files is not working for all use cases.
Dashboards and reporting can be improved and better organized.
Dashboards and reporting can be improved and better organized.
What problems is the product solving and how is that benefiting you?
Detection and prioritization of vulnerabilities
Synk
What do you like best about the product?
While you are do coding and faces the error in your code sometimes you will not be able to find the error easily so this software wil help to find the error and also solve that error.
What do you dislike about the product?
When you have a many errors and code is very big this software not work properly it not find the error all the time sometimes you have to find error by your self.
What problems is the product solving and how is that benefiting you?
Bugs in the code it will solve so that's why your time will be reduced by this so you can work very fast and very efficiently so for programmers this software very beneficial
Snyk is amazing
What do you like best about the product?
Snyk identifies the library vulnerabilities and give CVSS score right next to it to understand the impact as well as the filters are amazing and easy to use.
What do you dislike about the product?
Snyk doesn't have inbuilt support for marking false positives for test suite software directories like cypress.
What problems is the product solving and how is that benefiting you?
It gives me all insights and leads to check for manual pentesting
Best tool for SAST
What do you like best about the product?
quickly identifies and categorises the vulnerabilities. As you create the code, it highlights the problems, improving both the security and the quality of the code. The best aspect is that you can begin using it for nothing.
What do you dislike about the product?
They can raise various resource quotas in the free plan. Additionally, more documentation detailing how Synk functions at the backend when integrated would be more beneficial.
What problems is the product solving and how is that benefiting you?
It checks for weaknesses in our product. It aids in protecting our merchandise from hacker assaults. Developers don't need to conduct security research for the new library they integrate into their projects because Snyk will handle it. When the Snyk tool is integrated into a developer's IDE, they may concentrate on their top objectives.
A stable and affordable solution that offers exceptional technical support to its users
What is our primary use case?
In my company, Snyk is useful because it provides container security and DAST.
How has it helped my organization?
Snyk is a strong security solution that helps customers analyze static code and improve their security and code in their main application.
What is most valuable?
What needs improvement?
DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings.
For how long have I used the solution?
I have experience with Snyk, and it is a new solution chosen by my company. I am a reseller of the solution.
What do I think about the stability of the solution?
It is a stable solution. Stability-wise, I rate the solution a ten out of ten.
What do I think about the scalability of the solution?
Scalability-wise, I rate the solution an eight out of ten.
One security engineer uses Snyk in our company, but we don't use the tool for our own use cases, and we only deploy it for our customers.
How are customer service and support?
I rate the technical support a ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Our company previously used Micro Focus for three or four months. We have worked with Checkmark for more than two or three years.
We provide Snyk to our customers. It is a very strong solution.
How was the initial setup?
I rate the initial setup a ten on a scale of one to ten, where one is difficult, and ten is easy.
The solution is deployed on the cloud since it is a SaaS solution and doesn't have an on-premises version.
The deployment process for Snyk takes like a week.
For the steps in Snyk's deployment, one has to buy a license and click on the deploy icon on Snyk's website, after which it syncs up with the system.
One person is required for deployment. Even if we talk about something like container security or DAST, only one person would be required for the deployment process.
What's my experience with pricing, setup cost, and licensing?
On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing a three. It is a cheap solution.
What other advice do I have?
I would definitely recommend the solution to those planning to use it since it is easy to deploy and has strong features like machine learning and the ability to analyze static codes.
Overall, I rate the solution an eight out of ten.
showing 21 - 30