Need advice about which tool to choose?Ask the StackShare community!

Doppins

7
14
+ 1
0
Snyk

473
378
+ 1
20
Add tool

Doppins vs Snyk: What are the differences?

Doppins: Automatically upgrade your dependencies through friendly GitHub pull requests. Doppins creates informative pull requests and commit messages in a timely fashion, and includes a changelog for the released version if available; Snyk: Fix vulnerabilities in Node & npm dependencies with a click. Fix vulnerabilities in Node & npm dependencies with a click.

Doppins and Snyk belong to "Dependency Monitoring" category of the tech stack.

Advice on Doppins and Snyk
Bryan Dady
SRE Manager at Subsplash · | 5 upvotes · 451.8K views

I'm beginning to research the right way to better integrate how we achieve SCA / shift-left / SecureDevOps / secure software supply chain. If you use or have evaluated WhiteSource, Snyk, Sonatype Nexus, SonarQube or similar, I would very much appreciate your perspective on strengths and weaknesses and how you selected your ultimate solution. I want to integrate with GitLab CI.

See more
Replies (1)
Moises Figueroa
DevOps Engineer at Ingenium Code · | 2 upvotes · 36.1K views
Recommends

I'd recommend Snyk since it provides an IDE extension for Developers, SAST, auto PR security fixes, container, IaC and includes open source scanning as well. I like their scoring method as well for better prioritization. I was able to remove most of the containers and cli tools I had in my pipelines since Snyk covers secrets, vulns, security and some code cleaning. SAST has false positives but the scoring helps. Also had to spend time putting some training docs but their engineers helped out with content.

See more
Manage your open source components, licenses, and vulnerabilities
Learn More
Pros of Doppins
Pros of Snyk
    Be the first to leave a pro
    • 10
      Github Integration
    • 5
      Free for open source projects
    • 4
      Finds lots of real vulnerabilities
    • 1
      Easy to deployed

    Sign up to add or upvote prosMake informed product decisions

    Cons of Doppins
    Cons of Snyk
      Be the first to leave a con
      • 2
        Does not integrated with SonarQube
      • 1
        No malware detection
      • 1
        No surface monitoring
      • 1
        Complex UI
      • 1
        False positives

      Sign up to add or upvote consMake informed product decisions

      What is Doppins?

      Doppins creates informative pull requests and commit messages in a timely fashion, and includes a changelog for the released version if available.

      What is Snyk?

      Automatically find & fix vulnerabilities in your code, containers, Kubernetes, and Terraform

      Need advice about which tool to choose?Ask the StackShare community!

      What companies use Doppins?
      What companies use Snyk?
      Manage your open source components, licenses, and vulnerabilities
      Learn More

      Sign up to get full access to all the companiesMake informed product decisions

      What tools integrate with Doppins?
      What tools integrate with Snyk?

      Sign up to get full access to all the tool integrationsMake informed product decisions

      Blog Posts

      What are some alternatives to Doppins and Snyk?
      Git
      Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
      GitHub
      GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over three million people use GitHub to build amazing things together.
      Visual Studio Code
      Build and debug modern web and cloud applications. Code is free and available on your favorite platform - Linux, Mac OSX, and Windows.
      Docker
      The Docker Platform is the industry-leading container platform for continuous, high-velocity innovation, enabling organizations to seamlessly build and share any application — from legacy to what comes next — and securely run them anywhere
      npm
      npm is the command-line interface to the npm ecosystem. It is battle-tested, surprisingly flexible, and used by hundreds of thousands of JavaScript developers every day.
      See all alternatives