TrustRadius Insights for Snyk are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
Integration with CI/CD tools: Users appreciate Snyk's integration with CI/CD tools, finding it beneficial for their development process. Several reviewers have mentioned how this integration has improved their workflow and made it easier to incorporate security measures into their continuous integration and deployment pipelines.
Identifying and updating code to keep it secure: The ability to identify and update code to keep it secure is seen as a valuable feature by users. Many reviewers have praised Snyk for its effectiveness in pinpointing vulnerabilities in their codebase and providing guidance on how to resolve them, ensuring that their software remains secure.
Helpful in identifying issues with dependencies: Users find Snyk helpful in identifying issues with dependencies and providing upgrade pathways for resolving them. Numerous reviewers have mentioned that Snyk's dependency scanning capabilities have been instrumental in uncovering vulnerabilities and guiding them towards the necessary updates or patches.
Snyk is an integral part of our development process. It is fully integrated into our deployment process to ensure that Snyk scans any new code to identify security issues. We trust this tool to support our effort for clean and secure code. It is sometimes verbose but almost always correct on issues it identifies or areas of concern.
Pros
Identify potential security issues.
Analyse library dependencies.
Secure code as it is written close to development.
Cons
Setting up is complex and when not do no properly provides too many false positives.
We use another tool in parallel because it does not cover all of our languages especially for older code that is in mixed languages.
Integrating it with bitbucket was not straight forward.
Likelihood to Recommend
Snyk is a good tool to give you some confidence in the quality and security of your code. There is always old code; no matter how much teams would like to get rid of it, it is not easy or cost-effective most times. Snyk struggles a bit with old monoliths and services and complex code with sometimes very old libraries.
We use Snyk in our continuous integration and continuous delivery to ensure no major issues end up in the production environment and the cms is used in a responsible and secure manner. Using this in a periodic setup gives us automatic insight and prevents big production security issues, especially in the current cloud environments we operate in.
Pros
Integration in CI/CD pipeline.
Periodic reporting is also an option.
Clear separation of issues/categories.
Insightful reasoning for issue and suggested solutions.
Likelihood to Recommend
Integrated into a CI/CD setup is ideal, especially with a quality gate combined with the intention never to let critical or major errors land in a production environment. If the full service isn't achievable budget-wise a periodic scan is better than nothing. I can imagine if your code runs somewhere very deep behind a plethora of other secured systems and doesn't handle any sensitive data you might not want to use it, but if you don't actually have trained security developers on your team this is definitely the next best thing.
VU
Verified User
Engineer in Information Technology (1001-5000 employees)
Snyk has been a savior for us, right from enforcing container security to scanning GitHub repositories for detecting threats and vulnerabilities with CVEs, which helps in the identification and mitigation of high-severity security issues. Snyk also features a user-friendly interface, enabling developers to gain valuable data insights.
Pros
Offers real-time alerts as new CVEs are published.
Suggests automated fix PRs with updated, secure versions.
Scans project dependencies (npm, Maven, pip, etc.) for known vulnerabilities.
Cons
Although Snyk Code uses ML to reduce noise, it can still generate false positives or low-priority issues that may overwhelm developers.
Snyk doesn't allow users to define custom security policies or scanning rules, especially in SAST and IaC modules.
While Snyk offers a generous free tier, enterprise pricing can be cost-prohibitive for larger teams or startups scanning many repositories or containers.
Likelihood to Recommend
Scenarios Where Snyk Is Well-Suited CI/CD Pipeline Integration (Node.js, Python, etc.) Container Security Open Source License Compliance Infrastructure as Code (IaC) SecurityScenarios Where Snyk May Be Less Appropriate Scanning Proprietary or Custom Code for Unknown Vulnerabilities Complex Monorepos with Custom Build Tools Organizations Requiring Custom Security Rules Advanced Security Teams Needing Correlation and Deep Triage.
Verified User
Engineer in Information Technology (5001-10,000 employees)