Snyk Runtime Sensor
SnykExternal reviews
144 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Best for secure your code
What do you like best about the product?
Easy to use. I use snyk extension on my vs code: first scan and fastly detects some security issues.
It creates pull request to fix security problem on your code.
It creates pull request to fix security problem on your code.
What do you dislike about the product?
No integration with google cloud source code but only to GCR.
What problems is the product solving and how is that benefiting you?
The ability to capture vulnerabilities before deployment and when I'm coding.
Company that fits exactly what we were looking for
What do you like best about the product?
I like that they fill a gap in the compliance world that no one else really can compete with.
What do you dislike about the product?
I wish they had more of a relationship with HITRUST
What problems is the product solving and how is that benefiting you?
It helps assure us that we're staying HIPAA compliant.
Fugue is a great tool to use to manage your compliance
What do you like best about the product?
It is very intuitive and makes managing compliance easier. They have controls for everything from HIPAA to CIS. The customer support and documentation are also great and provide excellent help.
What do you dislike about the product?
The only current drawback is non support of AWS Organizations but that is a roadmap item.
What problems is the product solving and how is that benefiting you?
We use Fugue to manage HIPAA compliance in AWS.
Snyk enables you to stay safe and let you focus on business value creation
What do you like best about the product?
The vulnerability scanning tool can detect dependencies even if it is nested inside the project which is quite powerful.
What do you dislike about the product?
There are too many login options that my company is not preferred. Would be better if it can tightly integrate with the corporate standard
What problems is the product solving and how is that benefiting you?
Open sources vulnerabilities discovery and auto fix. It allows developers to fix most of the issue with just 1 click commit.
Essential in understanding our vulnerability landscape
What do you like best about the product?
Snyk's UI and tooling present complex information in a straightforward, easy-to-digest manner. These qualities make it easy for teams to spin up and start acting on the information given. With new services supported and other quality of life upgrades happening frequently, it makes using the tool a breeze. The number of supported services Snyk offers ensures we only need one tool for the many environments we have.
What do you dislike about the product?
With our on-prem requirements, we've spent several cycles performing upgrades and transitioning to the brand new CNA offering. There have been some hiccups here and there, and sometimes it means we're not always on the latest version to utilize all the available features advertised. The team has been working hard to improve this aspect of the tool of the non-SaaS offering and I believe will no longer be a pain point very soon!
What problems is the product solving and how is that benefiting you?
From scanning docker images to dozens of team projects, we're able to aggregate and act on lots of information in a speedy way. This allows us to ship more secure code and environments, giving us better peace of mind we're staying secure with the latest package updates.
A robust platform to oversight from dev to prod
What do you like best about the product?
A robust platform to give you an immediate view of your security posture in from development to production. Strong API support. Very good customer support.
What do you dislike about the product?
Lack of flexibility in data extraction for further reporing customization
What problems is the product solving and how is that benefiting you?
To ensure the development is clean before moving production not limited only to code but also container image, infra deployment..
Recommendations to others considering the product:
Try it immediately
Snyk is a developer-focused, one-stop shop for our cloud & application security!
What do you like best about the product?
Snyk keeps on expanding its offering to cover all aspects of cloud and application security (IAC, kubernetes, containers, ...), and listens to customer input while doing that. The automation capabilities & integrations with SCMs such as Github & Gitlab greatly help to roll-out the tool for hundreds of projects.
What do you dislike about the product?
Some languages don't have all features (yet). New features are usually focused on Node.js.
What problems is the product solving and how is that benefiting you?
Snyk gives us full visibility on licensing issues, vulnerabilities & insecure cloud configurations within our repositories. The rich metadata attached to vulnerabilities allow us to focus our efforts on the most important & exploitable vulnerabilities. Since it easily integrates with our CI/CD pipelines, all developers working on a repository have instant feedback on potential vulnerabilities added in their merge requests.
Best-in-class, developer-focused security scanner
What do you like best about the product?
It is very simple to to integrate the CLI to both scan and continually monitor projects inside CI/CD pipelines and against PRs. On our Javascript, Python and Go projects, scanning is very fast and natively supports the Poetry and Yarn package managers.
The vulnerability database is very comprehensive and timely and contains a wealth of information beyond a severity score, often including PoC code, links to outstanding Github issues or PRs, HackerOne reports etc, as well as an indication of the maturity of any exploits out-in-the-wild. We have found that competing solutions tend to lag in this regard.
Snyk Advisor assists our developers when introducing new third party dependencies to go beyond popularity and consider other factors such as their license, security history and maintenance status.
The combination of the Open Source, Container and IaaC products is a very powerful combination of tools to assess security across the entire stack at the app, OS, and infra levels.
The vulnerability database is very comprehensive and timely and contains a wealth of information beyond a severity score, often including PoC code, links to outstanding Github issues or PRs, HackerOne reports etc, as well as an indication of the maturity of any exploits out-in-the-wild. We have found that competing solutions tend to lag in this regard.
Snyk Advisor assists our developers when introducing new third party dependencies to go beyond popularity and consider other factors such as their license, security history and maintenance status.
The combination of the Open Source, Container and IaaC products is a very powerful combination of tools to assess security across the entire stack at the app, OS, and infra levels.
What do you dislike about the product?
The CLI, main dashboard and reports are great, but some of the other integrations are not quite as good.
The native ECR scanner in the dashboard requires you to opt-in on a tag-basis, you can’t scan all images pushed by default without using the CLI. Snyk can automatically open PRs in Github to upgrade dependencies, but if you'd prefer to create Jira tickets that appears to be a manual process. Out-of-the-box notification support is currently limited to Slack as well.
The native ECR scanner in the dashboard requires you to opt-in on a tag-basis, you can’t scan all images pushed by default without using the CLI. Snyk can automatically open PRs in Github to upgrade dependencies, but if you'd prefer to create Jira tickets that appears to be a manual process. Out-of-the-box notification support is currently limited to Slack as well.
What problems is the product solving and how is that benefiting you?
Security is a non-negotiable part of any SDLC but we work in an industry where it is particularly paramount. Surfacing security information to our developers directly on each PR and code push allows us to shorten the feedback loop and be as proactive as possible when it comes to addressing security vulnerabilities.
Snyk also ensures we receive timely information on newly-disclosed vulnerabilities to better assess and plan mitigation work, and that we are license-compliant.
Snyk also ensures we receive timely information on newly-disclosed vulnerabilities to better assess and plan mitigation work, and that we are license-compliant.
Recommendations to others considering the product:
Consider how comprehensive and timely Snyk is in reporting vulnerabilities for your particular languages -- some may not be as comprehensive as others.
Consider whether the out-of-the-box integrations are suitable for your needs or if you will be heavily CLI-based.
Consider whether the out-of-the-box integrations are suitable for your needs or if you will be heavily CLI-based.
I use Snyk and maybe you should also
What do you like best about the product?
It is really easy to use. It gives good insights. It does a thorough scan. Many integrations. Responsive support team eager and available to help.
What do you dislike about the product?
It has many integrations but it can be hard to know which one to use. For example you can have it scan your repositories and you can have it scan as part of your build pipeline. I'm not sure why we decided to use the one that we did.
What problems is the product solving and how is that benefiting you?
It reports on the vulnerabilities in the open source projects I use and reminds me to upgrade them in a timely fashion. I know if I don't upgrade regularly I will see a large number of vulnerabilities.
Recommendations to others considering the product:
It is certainly worth giving it a try. The team was very generous with the trial.
Simplest way to improve application security is using Snyk
What do you like best about the product?
Easy to set-up and to use, without compromising on custom use-cases with the API and CLI features.
Very exceptional coverage in terms of security database, and works with the vast majority of the different programming languages we implement.
Great Features already in place and more are coming with Snyk Code (SAST) that was recently announced.
Very exceptional coverage in terms of security database, and works with the vast majority of the different programming languages we implement.
Great Features already in place and more are coming with Snyk Code (SAST) that was recently announced.
What do you dislike about the product?
The way the different projects are grouped and presented in the UI could be improved (especially if you have a lot of them, and are using multiple features, it can get confusing quickly)
Documentation: It can be troublesome to find how to use a specific feature, as the documentation is often hard to navigate.
Documentation: It can be troublesome to find how to use a specific feature, as the documentation is often hard to navigate.
What problems is the product solving and how is that benefiting you?
Give visibility on licence usage, and helps compliance on those
Gave visibility on all the issues that could arise from Open Source Vulnerabilities, and gave us a great way to prioritize and tackle the issues.
The Snyk Score displayed by the application is particularly interesting to let users prioritize what issue should be tackled first, as it takes into account Exploit maturity and impact of the vulnerability.
Gave visibility on all the issues that could arise from Open Source Vulnerabilities, and gave us a great way to prioritize and tackle the issues.
The Snyk Score displayed by the application is particularly interesting to let users prioritize what issue should be tackled first, as it takes into account Exploit maturity and impact of the vulnerability.
Recommendations to others considering the product:
Take the time to properly understand and use the functionality provided by Snyk. Trying to implement it too fast simply for compliance can make you miss out on a lot of very useful features.
showing 51 - 60