Biggest issue with snyk is that when you run snyk protect as part of your post install scripts, it can slow things down a bit. Their servers often seem to go offline or fail to respond, and it can take a while for the script to actually report a failure.
Apart from that it's a pretty useful tool. They often pick up vulnerabilities that aren't found by github (which also offers dependency vulnerability scanning now), and the ability to automatically open a Pull Request with a remediation is super handy.
The part I find a little strange is their pricing. There's a free tier and then after that it instantly becomes very expensive. We're able to make do on the free tier but honestly I'd prefer to be able to contribute at an affordable rate, it's a useful service they're offering! Worth noting that it's completely free for OSS too.
mxxx 1737 days ago. link 1 point ▲ ▼