When I started using Snyk I found the reports useful but still too easy to ignore. So I added Snyk to build pipelines to fail builds that included high risk vulnerabilities. Snyk is now even better and warns me before I even merge my pull requests. In a world where the time from vulnerability being announced to exploit being used is decreasing rapidly it is crazy not to use a service like this. Snyk is by far the best tool I have found in this area

Objective reports on vulnerabilities in code we produce GitHub Integration

Having open source builds count towards your paid count if you are not careful

Snyk is allowing us to make good use of the wealth of great open source software out there, without compromising on security.

As a long time fan of open source software, keeping track of security issues amidst an ever growing software stack was increasingly an impossible task. I was so grateful to find a service like Snyk that does the hard work for me - keeping an eye on any security issues so I can focus on building great software!

The pricing structure gets extremely expensive for medium to large companies, but thankfully for smaller organisations there is a free tier which covers our needs.

Nice component analysis tool, great interface and dashboards. Very fast and easy deployment and use.

SAST component is very weak and don’t support increment scanning.

Have been using Snyk for around 1 year now and it's one of the tool which we can't avoid though it annoys us now and then by finding new vulnerabilities in our packages and forcing us to mitigate the risk. They provide details of the vulnerability and in most cases the version to fix it. It integrates very well with the build pipelines and other CI/CD tools along with a nice IntelliJ plugin.

Sometimes the UI is confusing and access management is a bit vague.

So far our company has adopted Snyk across our SDLC and incorporated it into our repos and pipelines and have enjoyed our experience with using Snyk so far.

Snyk simplifies security. It can scan your for vulnerabilities during development or when your run a pipeline in azure dev ops. This raises issues before they make it to production so you have the comfort of knowing that new and existing packages have no known security vulnerabilities. I also really like the ability to one click fix issues within Synk where it can automatically fix the issue and create a PR within azure devops - this simplifies the process and saves time.

Not all issues have a 1 click fix which is understandable.

Snyc guards our Node.js projects in our Medical applications

Active scan for malicious software. Freeware model for small businesses with single project. Nice dashboard and nice CLI for SSH access.

The cheapest paid plan should cost a bit less

Has delivered value from the day I started using it. I hope you will enjoy it too.

Concise reporting and the vulnerability scan is excellent regarding categorization of issues.

Nothing really. It is excellent as it is.

We were looking to have a quick method of checking for vulnerabilities in open source, Snyc fir that bill perfectly. It was fast to set up and the cost was quite low. A great tool.

I liked the easy of setting the tool up. I did not have to spend a lot of time configuring this tool.

The user interface can be a bit short on details. When I go to use it, there are really just a few items that say "everything is fine".

Helpful tool that integrates seamlessly and works as advertised.

Snyk is easy to use, provides clear feeback, integrates well into GitHub

Doesn't always update its results the fastest

i enjoyed using snyk so not bad

it gave me really useful code to add to mine in really creative ways I didn't think about before using it

your barely get any suggestions till you start typing, i feel this takes a lot of creativity out. just my opinion

As a beta stage startup I appreciate the free offering and expect Snyk usage to grow with our business.

Snyk was easy to setup and use. The weekly reports are a great way to regularly check in on overall package health. The alerts on new vulnerabilities are very useful and enable us to respond to important issues rapidly.

No problems using the tool so far. I look forward to more information on vulnerability resolution in the platform.

Overall, the plugin is pretty handy to get started with but I would like to see smarter analysis.

The automated repository analysis is pretty good and can be easy to plug into your PR (pull request) validator

The security analysis is very primitive and often flags false positive which has to be fixed with manual override or skipping the PR validation check

It took only seconds to set up, yet works for my projects every day. Knowing what my venerabilities are during the development phase allows the evaluation of the concern prior to code ever seeing production

I wish it had a way to automatically inform the creators in the chain of dependencies so we as developers did not have to.

Helps me keep on top of the dependent packages that my software relies on and motivates me to help in open source software with issue reporting or making PRs if I can.

Informative email messages when vulnerabilities are found in dependencies. Very clear explanations. I also appreciate the email newsletters.

So far nothing. It seems to fit my use-case really well.

We can identify security vulnerabilities during the development and fix them. Its easy to use, and the depth at which the scans are performed to find the vulnalerabities is great.

Nothing as much, but the pricing is expensive.

Quick results for vulnerabilities scanning

I did not like the user interface. You should provide some dashboard

It is fast at making the fixes it explains thing well

that I don't understand if the changes will break my code