We performed a comparison between GitHub and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product helps our team collaborate across different locations."
"We are finding GitHub is very stable."
"GitHub is pure or open-source; you can access it anywhere. You can have a lot of collateral information. You can make the changes and do the reviews from one place."
"I'm able to access any repository that I like, whether it's public or private."
"GitHub provides good time reduction and this is what I value the most."
"The versioning of the code and the tracking of changes are definitely some of my top features."
"The code versioning is excellent, and having a detailed log, including every change made to the code by every developer, is invaluable. It makes it so that if there is a bug or problem in the product channel, we can find exactly where it happened and how to fix it."
"I like the CI/CD features."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario."
"Snyk helps me pinpoint security errors in my code."
"A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools."
"It is easy for developers to use. The documentation is clear as well as the APIs are good and easily readable. It's a good solution overall."
"The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact."
"The code scans on the source code itself were valuable."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"GitHub needs to improve its UI."
"The storage for this solution could be improved."
"The project management sector really needs some improvement for GitHub. I don't know if GitHub made sense for me as a project manager."
"The solution should have less integration with the AI part, but it needs to add features with other automation tools so that it can be easily integrated."
"The solution needs some more controls for deleting code."
"Scalability is an area with a shortcoming, because of which it has room for improvement."
"The ticketing system is not working."
"They're improving the work items to track the progress of the team, but in my experience, Azure DevOps is better in this functionality. GitHub needs to improve the form to track the progress of the work done by a team."
"Basically the licensing costs are a little bit expensive."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"Generating reports and visibility through reports are definitely things they can do better."
"The feature for automatic fixing of security breaches could be improved."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
"Compatibility with other products would be great."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
GitHub is ranked 12th in Application Security Tools with 69 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. GitHub is rated 8.6, while Snyk is rated 8.2. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". GitHub is most compared with AWS CodeCommit, Bitbucket, Fortify on Demand, Atlassian SourceTree and Checkmarx One, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Mend.io. See our GitHub vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.