When I started using Snyk I found the reports useful but still too easy to ignore. So I added Snyk to build pipelines to fail builds that included high risk vulnerabilities. Snyk is now even better and warns me before I even merge my pull requests. In a world where the time from vulnerability being announced to exploit being used is decreasing rapidly it is crazy not to use a service like this. Snyk is by far the best tool I have found in this area

Objective reports on vulnerabilities in code we produce GitHub Integration

Having open source builds count towards your paid count if you are not careful

Snyk is allowing us to make good use of the wealth of great open source software out there, without compromising on security.

As a long time fan of open source software, keeping track of security issues amidst an ever growing software stack was increasingly an impossible task. I was so grateful to find a service like Snyk that does the hard work for me - keeping an eye on any security issues so I can focus on building great software!

The pricing structure gets extremely expensive for medium to large companies, but thankfully for smaller organisations there is a free tier which covers our needs.

So far our company has adopted Snyk across our SDLC and incorporated it into our repos and pipelines and have enjoyed our experience with using Snyk so far.

Snyk simplifies security. It can scan your for vulnerabilities during development or when your run a pipeline in azure dev ops. This raises issues before they make it to production so you have the comfort of knowing that new and existing packages have no known security vulnerabilities. I also really like the ability to one click fix issues within Synk where it can automatically fix the issue and create a PR within azure devops - this simplifies the process and saves time.

Not all issues have a 1 click fix which is understandable.

Overall, the plugin is pretty handy to get started with but I would like to see smarter analysis.

The automated repository analysis is pretty good and can be easy to plug into your PR (pull request) validator

The security analysis is very primitive and often flags false positive which has to be fixed with manual override or skipping the PR validation check

Overall Snyk is very powerful tool but it can be bit expensive for smaller team or organization. Also sometimes access management feels bit finicky.

-Easy to Integrate-Finds vulnerabilities and also patches it-Works well with runtime container security-Automated scanning in repository

-False positive sometimes-Due to false positive, sometimes it provides wrong patches-Provided patches need to validated before they are merged in