TrustRadius: an HG Insights company

Snyk

Score8.1 out of 10

22 Reviews and Ratings

Get a Demo

What is Snyk?

Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and helps security teams to collaborate with their development teams. It boasts a developer-first approach that ensures organizations can secure all of the critical components of their applications from code to cloud, driving developer productivity, revenue growth, customer satisfaction, cost savings and an improved security posture. The vendor states Snyk is used by 1,200 customers worldwide today, including Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Products include:

  • Snyk Open Source - Automatically detect vulnerabilities and automate fixes during development with an SCA backed by intelligence
  • Snyk Code - Static Application Security Testing (SAST) re-imagined for the developer
  • Snyk Container - Container and Kubernetes security designed to help developers find and fix vulnerabilities in cloud native applications
  • Snyk Infrastructure as Code - Reduce risk by automating IaC security and compliance in development workflows pre-deployment and detecting drifted and missing resources post-deployment
  • Snyk Cloud - Cloud security with a unified policy as code engine so every team can develop, deploy, and operate safely in the cloud

Categories & Use Cases

Reviews

What users are saying about Snyk.
View all reviews

Snyk - A Security saviour.

Incentivized
Verified User
Engineer in Information Technology (5001-10,000 employees employees)

Use Cases and Deployment Scope

Snyk has been a savior for us, right from enforcing container security to scanning GitHub repositories for detecting threats and vulnerabilities with CVEs, which helps in the identification and mitigation of high-severity security issues. Snyk also features a user-friendly interface, enabling developers to gain valuable data insights.

Pros

  • Offers real-time alerts as new CVEs are published.
  • Suggests automated fix PRs with updated, secure versions.
  • Scans project dependencies (npm, Maven, pip, etc.) for known vulnerabilities.

Cons

  • Although Snyk Code uses ML to reduce noise, it can still generate false positives or low-priority issues that may overwhelm developers.
  • Snyk doesn't allow users to define custom security policies or scanning rules, especially in SAST and IaC modules.
  • While Snyk offers a generous free tier, enterprise pricing can be cost-prohibitive for larger teams or startups scanning many repositories or containers.

Return on Investment

  • Improved Security Posture.
  • Accelerated Development Cycles.
  • Cost at Scale.
  • Lack of Custom Rules/Policies.

Usability

Alternatives Considered

SonarQube Cloud

Other Software Used

Sonar Enterprise, Veracode

A Tech-Savvy Solution for Managing Security Concerns

Incentivized
Verified User
Engineer in Engineering (10,001+ employees employees)

Use Cases and Deployment Scope

We have been using Snyk for over 4 years now, Snyk Code in comparison to its peers gives a very precise outline of code level vulnerabilities, it has a very low false positive rate and the coverage across languages is also something which addresses a vast range of product portfolio. All in all, when compared to its peers we find Snyk Code giving a better ROI and empowers the developers in a much more positive way than others.

Pros

  • The Snyk Code IDE plugin is something that really works very well and brings out the true shift left story by providing very accurate findings and equally good mitigation solutions to the developers.
  • The fact that even at the level of enterprise the ability to collate all the snyk code information on to a common dashboard is also something which adds a lot of value.
  • Improve compliance & risk management
  • Snyk has been exceptional throughout the entire selection, on-boarding, and implementation process

Cons

  • The tool itself has many capabilities but using them operationally within the platform on a day to day basis for managing vulnerabilities is not a good experience.
  • Our company was in desparate need of a tool to help us manage vulnerabilities so we could achieve a SOC 2 assurance report without findings.

Return on Investment

  • The API is extensive enough for many integration options.
  • API keys are rotated on a non-preferred time schedule. There's no way to configure this.
  • We had a great experience with the support team and success managers while setting up the product and onboarding projects into the tool

Usability

Alternatives Considered

New Relic

Other Software Used

New Relic, GitLab, Snyk

A first line of safety but you might need more.

Incentivized
Alex Campos
Head of Engineering in Engineering at inSided (51-200 employees employees)

Use Cases and Deployment Scope

Snyk is an integral part of our development process. It is fully integrated into our deployment process to ensure that Snyk scans any new code to identify security issues. We trust this tool to support our effort for clean and secure code. It is sometimes verbose but almost always correct on issues it identifies or areas of concern.

Pros

  • Identify potential security issues.
  • Analyse library dependencies.
  • Secure code as it is written close to development.

Cons

  • Setting up is complex and when not do no properly provides too many false positives.
  • We use another tool in parallel because it does not cover all of our languages especially for older code that is in mixed languages.
  • Integrating it with bitbucket was not straight forward.

Most Important Features

  • Snyk Code.
  • Snyk open source.

Return on Investment

  • Positive impact with cleaner and more secure code coming out.
  • Reduction of defects.
  • Reduction of time to fix defects.

Alternatives Considered

SonarQube

Snyk - So now that you know

Incentivized
Manas Singh
IT Architect in Information Technology at Guardian (10,001+ employees employees)

Use Cases and Deployment Scope

Snyk is used for Open Source Software Governance. It helps in dependency management and identifying vulnerability in open-source libraries/packages used in the software.

Pros

  • Helps in dependency management
  • SAST - Static Application Security Testing
  • Infra Code Scan ( Terraform , Cloud Formation , Docker image scan)
  • OSSG

Cons

  • Customizable Dashboard for analytics is missing
  • Snyk has a sleek GUI but customizing the policies leaves room for improvement
  • Autoremediation can be improved.
  • OPA based Infra scan is missing and is probably covered by a recent acquisition ( Fugue)

Most Important Features

  • Vulnerability in Open-source
  • Identifying the license violation
  • Snyk Code for SAST
  • Infra Code Scan

Return on Investment

  • Increased developer experience
  • Better productivity due to shift left as Vulnerabilities are caught earlier in the SDLC process
  • Improved Vulnerability Management
  • Common dashboard for various stages in CI/CD

Alternatives Considered

Sonatype Nexus Platform and JFrog Artifactory

Other Software Used

Bitbucket, Atlassian Jira Align (formerly AgileCraft), CloudBees Jenkins Platform

Snyk (sneek)

Incentivized
Verified User
Manager in Corporate (10,001+ employees employees)

Use Cases and Deployment Scope

We use Snyk as a mandatory pre-deployment test that is run on all pipelines before code can be sent to production. Any vulnerabilities identified are raised as tickets in Jira and assigned to the relevant team for remediation with a link to the relevant Synk page for more details on the vulnerability and how it can be fixed.This is then linked to our internal processes on how quickly the vulnerability needs to be remediated based on the CVSS score.

Pros

  • Reliable
  • Up to date
  • Easy to use
  • Clear guidance

Cons

  • Its a bit costly

Most Important Features

  • Mapping CVSS
  • integrations with other tools

Return on Investment

  • Security it hard to quantify but it regularly highlights vulnerabilities that need to be fixed.
  • We would not be able to successfully perform CICD without Snyk

Alternatives Considered

Amazon Inspector

Other Software Used

Jira Software, Fiix, by Rockwell Automation, Looker Studio

Related Products

Products similar to Snyk that may also meet your needs.
All comparisons
Aqua Cloud Native Security Platform
CompareLearn more
Lacework
CompareLearn more
Wiz
CompareLearn more
Orca Cloud Security Platform
CompareLearn more