Snyk Runtime Sensor
SnykExternal reviews
137 reviews
from
and
External reviews are not included in the AWS star rating for the product.
A robust platform to oversight from dev to prod
What do you like best about the product?
A robust platform to give you an immediate view of your security posture in from development to production. Strong API support. Very good customer support.
What do you dislike about the product?
Lack of flexibility in data extraction for further reporing customization
What problems is the product solving and how is that benefiting you?
To ensure the development is clean before moving production not limited only to code but also container image, infra deployment..
Recommendations to others considering the product:
Try it immediately
Snyk is a developer-focused, one-stop shop for our cloud & application security!
What do you like best about the product?
Snyk keeps on expanding its offering to cover all aspects of cloud and application security (IAC, kubernetes, containers, ...), and listens to customer input while doing that. The automation capabilities & integrations with SCMs such as Github & Gitlab greatly help to roll-out the tool for hundreds of projects.
What do you dislike about the product?
Some languages don't have all features (yet). New features are usually focused on Node.js.
What problems is the product solving and how is that benefiting you?
Snyk gives us full visibility on licensing issues, vulnerabilities & insecure cloud configurations within our repositories. The rich metadata attached to vulnerabilities allow us to focus our efforts on the most important & exploitable vulnerabilities. Since it easily integrates with our CI/CD pipelines, all developers working on a repository have instant feedback on potential vulnerabilities added in their merge requests.
Best-in-class, developer-focused security scanner
What do you like best about the product?
It is very simple to to integrate the CLI to both scan and continually monitor projects inside CI/CD pipelines and against PRs. On our Javascript, Python and Go projects, scanning is very fast and natively supports the Poetry and Yarn package managers.
The vulnerability database is very comprehensive and timely and contains a wealth of information beyond a severity score, often including PoC code, links to outstanding Github issues or PRs, HackerOne reports etc, as well as an indication of the maturity of any exploits out-in-the-wild. We have found that competing solutions tend to lag in this regard.
Snyk Advisor assists our developers when introducing new third party dependencies to go beyond popularity and consider other factors such as their license, security history and maintenance status.
The combination of the Open Source, Container and IaaC products is a very powerful combination of tools to assess security across the entire stack at the app, OS, and infra levels.
The vulnerability database is very comprehensive and timely and contains a wealth of information beyond a severity score, often including PoC code, links to outstanding Github issues or PRs, HackerOne reports etc, as well as an indication of the maturity of any exploits out-in-the-wild. We have found that competing solutions tend to lag in this regard.
Snyk Advisor assists our developers when introducing new third party dependencies to go beyond popularity and consider other factors such as their license, security history and maintenance status.
The combination of the Open Source, Container and IaaC products is a very powerful combination of tools to assess security across the entire stack at the app, OS, and infra levels.
What do you dislike about the product?
The CLI, main dashboard and reports are great, but some of the other integrations are not quite as good.
The native ECR scanner in the dashboard requires you to opt-in on a tag-basis, you can’t scan all images pushed by default without using the CLI. Snyk can automatically open PRs in Github to upgrade dependencies, but if you'd prefer to create Jira tickets that appears to be a manual process. Out-of-the-box notification support is currently limited to Slack as well.
The native ECR scanner in the dashboard requires you to opt-in on a tag-basis, you can’t scan all images pushed by default without using the CLI. Snyk can automatically open PRs in Github to upgrade dependencies, but if you'd prefer to create Jira tickets that appears to be a manual process. Out-of-the-box notification support is currently limited to Slack as well.
What problems is the product solving and how is that benefiting you?
Security is a non-negotiable part of any SDLC but we work in an industry where it is particularly paramount. Surfacing security information to our developers directly on each PR and code push allows us to shorten the feedback loop and be as proactive as possible when it comes to addressing security vulnerabilities.
Snyk also ensures we receive timely information on newly-disclosed vulnerabilities to better assess and plan mitigation work, and that we are license-compliant.
Snyk also ensures we receive timely information on newly-disclosed vulnerabilities to better assess and plan mitigation work, and that we are license-compliant.
Recommendations to others considering the product:
Consider how comprehensive and timely Snyk is in reporting vulnerabilities for your particular languages -- some may not be as comprehensive as others.
Consider whether the out-of-the-box integrations are suitable for your needs or if you will be heavily CLI-based.
Consider whether the out-of-the-box integrations are suitable for your needs or if you will be heavily CLI-based.
I use Snyk and maybe you should also
What do you like best about the product?
It is really easy to use. It gives good insights. It does a thorough scan. Many integrations. Responsive support team eager and available to help.
What do you dislike about the product?
It has many integrations but it can be hard to know which one to use. For example you can have it scan your repositories and you can have it scan as part of your build pipeline. I'm not sure why we decided to use the one that we did.
What problems is the product solving and how is that benefiting you?
It reports on the vulnerabilities in the open source projects I use and reminds me to upgrade them in a timely fashion. I know if I don't upgrade regularly I will see a large number of vulnerabilities.
Recommendations to others considering the product:
It is certainly worth giving it a try. The team was very generous with the trial.
Simplest way to improve application security is using Snyk
What do you like best about the product?
Easy to set-up and to use, without compromising on custom use-cases with the API and CLI features.
Very exceptional coverage in terms of security database, and works with the vast majority of the different programming languages we implement.
Great Features already in place and more are coming with Snyk Code (SAST) that was recently announced.
Very exceptional coverage in terms of security database, and works with the vast majority of the different programming languages we implement.
Great Features already in place and more are coming with Snyk Code (SAST) that was recently announced.
What do you dislike about the product?
The way the different projects are grouped and presented in the UI could be improved (especially if you have a lot of them, and are using multiple features, it can get confusing quickly)
Documentation: It can be troublesome to find how to use a specific feature, as the documentation is often hard to navigate.
Documentation: It can be troublesome to find how to use a specific feature, as the documentation is often hard to navigate.
What problems is the product solving and how is that benefiting you?
Give visibility on licence usage, and helps compliance on those
Gave visibility on all the issues that could arise from Open Source Vulnerabilities, and gave us a great way to prioritize and tackle the issues.
The Snyk Score displayed by the application is particularly interesting to let users prioritize what issue should be tackled first, as it takes into account Exploit maturity and impact of the vulnerability.
Gave visibility on all the issues that could arise from Open Source Vulnerabilities, and gave us a great way to prioritize and tackle the issues.
The Snyk Score displayed by the application is particularly interesting to let users prioritize what issue should be tackled first, as it takes into account Exploit maturity and impact of the vulnerability.
Recommendations to others considering the product:
Take the time to properly understand and use the functionality provided by Snyk. Trying to implement it too fast simply for compliance can make you miss out on a lot of very useful features.
Easy to integrate into your build process
What do you like best about the product?
It was very easy for us to integrate snyk into out build pipeline
What do you dislike about the product?
Sometimes you get false positives and when you check the developers website it says that it's not an actual vulnerability
What problems is the product solving and how is that benefiting you?
finding vulnerabilities in our dependencies
Engineer friendly and trust worthy.
What do you like best about the product?
Quality of results which are available in a short period of time and on top of it, the integration options.
What do you dislike about the product?
I would like to have an automatic integration with Jira when a vulnerability is discovered, not a manual process. And ability to create Jira tickets per project not in a general project.
What problems is the product solving and how is that benefiting you?
OSA and licensing. Safer usage of libs and shorter due diligence cycles.
Recommendations to others considering the product:
A top vendor to rely on!
Scalable tool, it was easy to integrate multiple projects in no time.
What do you like best about the product?
I believe that we had very good communication with Snyk representatives. We received support whenever it was needed, discussions were always professional and the actions were followed up on Snyk part.
Another thing that helped us a lot was the scalability of the product. Very fast scans and easy to onboard new projects helped us speed the development process and let our developers focus on business aspects rather than integration concerns. With trusted partners like Snyk, we were able to automate and enforce a lot of SDLC practices and decrease the release frequency from once in 6 months to multiple per week.
Another thing that helped us a lot was the scalability of the product. Very fast scans and easy to onboard new projects helped us speed the development process and let our developers focus on business aspects rather than integration concerns. With trusted partners like Snyk, we were able to automate and enforce a lot of SDLC practices and decrease the release frequency from once in 6 months to multiple per week.
What do you dislike about the product?
I cannot say I found something that I disliked. All feedback was received and addressed.
What problems is the product solving and how is that benefiting you?
We are developing banking software and security for us is not optional. We are using snyk for automatic OSA checks as part of our secure development life cycle. Every new merge is checked and this helps us to have a continuous delivery approach on a monolith of 1.5 millions of line of code where more than 50 developers are working on it.
works great for us with mainly being a javascript and python shop.
What do you like best about the product?
developer-first and integrations work well with popular services like GitHub. CLI is also great as well.
What do you dislike about the product?
UI can sometime clunky and difficult to navigate. The API is good, but the Reporting API could use some improvements regarding getting stats on a group-level.
What problems is the product solving and how is that benefiting you?
Figuring out what our software is made of and the vulnerabilities within. Some benefits include seeing the amount of not-supported or abandoned projects we use and being able to report on it.
Great tool for tracking vulnerabilities
What do you like best about the product?
It’s completely automated eliminates lots of manual intervention for fixing the vulnerability with different versions of repository.
What do you dislike about the product?
Sometimes the vulnerability alerts might not be genuine.
What problems is the product solving and how is that benefiting you?
Identify secure vulnerability versions.
Recommendations to others considering the product:
It's a great automated software for detecting vulnerabilities.
showing 51 - 60