Need advice about which tool to choose?Ask the StackShare community!

GitHub

281.8K
246K
+ 1
10.3K
Snyk

462
370
+ 1
20
Add tool

GitHub vs Snyk: What are the differences?

Key Differences between GitHub and Snyk

1. Integration with Development Workflow: GitHub is a web-based version control platform that enables developers to collaborate and manage their code. It provides a complete code development and management environment, allowing users to create repositories, collaborate on projects, and track changes made to the codebase. On the other hand, Snyk is primarily focused on security and vulnerability management. It integrates with the existing development workflow and provides automated security testing and monitoring to help developers identify and fix vulnerabilities in their code.

2. Scope and Purpose: GitHub is primarily used as a code repository and collaboration platform, allowing developers to work on code together and manage the versioning and history of their projects. It provides features like pull requests, issue tracking, and project management tools. Snyk, on the other hand, specifically focuses on identifying and fixing security vulnerabilities in software dependencies and container images. It provides automated vulnerability scanning, remediation advice, and developer-friendly workflows for fixing vulnerabilities.

3. Vulnerability Detection and Monitoring: GitHub provides basic vulnerability scanning through its Dependabot security alerts feature. It alerts developers about any known vulnerabilities in their project dependencies. However, Snyk provides more comprehensive vulnerability detection and monitoring capabilities. It offers advanced vulnerability databases and continuous monitoring for both open source and proprietary code. It can detect vulnerabilities not only in dependencies but also in container images, giving developers a more complete view of potential security threats.

4. Remediation Advice and Fixes: When a vulnerability is detected, GitHub provides information about the affected dependency and suggests possible solutions or fixes through its security alerts. However, Snyk goes a step further by providing extensive remediation advice and fixes. It offers actionable recommendations on how to remediate vulnerabilities, including code changes and version upgrades. Snyk also provides pull requests and automated fixes for certain vulnerabilities, making it easier for developers to apply the necessary patches.

5. Developer-Focused Workflow: GitHub provides a developer-friendly workflow with features like pull requests, code review tools, and project management functionalities. It is designed to facilitate collaboration and code contribution among developers. Snyk, on the other hand, focuses on providing developers with a streamlined and integrated security workflow. It integrates with popular development tools and CI/CD pipelines, enabling developers to easily incorporate security testing and remediation into their existing processes.

6. Open Source and Pricing: GitHub offers free hosting for public repositories and a range of paid plans for private repositories. It also provides free access to its basic security features, including vulnerability alerts. Snyk offers a free tier for open source projects, allowing developers to scan and monitor vulnerabilities in their open source dependencies. However, for private repositories and additional features like detailed vulnerability reports and fix PRs, Snyk offers different pricing tiers.

In Summary, GitHub provides a comprehensive code development and management platform, while Snyk focuses specifically on vulnerability detection, monitoring, and remediation in software dependencies and container images.

Advice on GitHub and Snyk
Bryan Dady
SRE Manager at Subsplash · | 5 upvotes · 436.1K views

I'm beginning to research the right way to better integrate how we achieve SCA / shift-left / SecureDevOps / secure software supply chain. If you use or have evaluated WhiteSource, Snyk, Sonatype Nexus, SonarQube or similar, I would very much appreciate your perspective on strengths and weaknesses and how you selected your ultimate solution. I want to integrate with GitLab CI.

See more
Replies (1)
Moises Figueroa
DevOps Engineer at Ingenium Code · | 2 upvotes · 30.7K views
Recommends

I'd recommend Snyk since it provides an IDE extension for Developers, SAST, auto PR security fixes, container, IaC and includes open source scanning as well. I like their scoring method as well for better prioritization. I was able to remove most of the containers and cli tools I had in my pipelines since Snyk covers secrets, vulns, security and some code cleaning. SAST has false positives but the scoring helps. Also had to spend time putting some training docs but their engineers helped out with content.

See more
Decisions about GitHub and Snyk
Weverton Timoteo

Do you review your Pull/Merge Request before assigning Reviewers?

If you work in a team opening a Pull Request (or Merge Request) looks appropriate. However, have you ever thought about opening a Pull/Merge Request when working by yourself? Here's a checklist of things you can review in your own:

  • Pick the correct target branch
  • Make Drafts explicit
  • Name things properly
  • Ask help for tools
  • Remove the noise
  • Fetch necessary data
  • Understand Mergeability
  • Pass the message
  • Add screenshots
  • Be found in the future
  • Comment inline in your changes

Read the blog post for more detailed explanation for each item :D

What else do you review before asking for code review?

See more
Weverton Timoteo

Using an inclusive language is crucial for fostering a diverse culture. Git has changed the naming conventions to be more language-inclusive, and so you should change. Our development tools, like GitHub and GitLab, already supports the change.

SourceLevel deals very nicely with repositories that changed the master branch to a more appropriate word. Besides, you can use the grep linter the look for exclusive terms contained in the source code.

As the inclusive language gap may happen in other aspects of our lives, have you already thought about them?

See more
Weverton Timoteo

One of the magic tricks git performs is the ability to rewrite log history. You can do it in many ways, but git rebase -i is the one I most use. With this command, It’s possible to switch commits order, remove a commit, squash two or more commits, or edit, for instance.

It’s particularly useful to run it before opening a pull request. It allows developers to “clean up” the mess and organize commits before submitting to review. If you follow the practice 3 and 4, then the list of commits should look very similar to a task list. It should reveal the rationale you had, telling the story of how you end up with that final code.

See more
Kamaleshwar BN
Senior Software Engineer at Pulley · | 8 upvotes · 675K views

Out of most of the VCS solutions out there, we found Gitlab was the most feature complete with a free community edition. Their DevSecops offering is also a very robust solution. Gitlab CI/CD was quite easy to setup and the direct integration with your VCS + CI/CD is also a bonus. Out of the box integration with major cloud providers, alerting through instant messages etc. are all extremely convenient. We push our CI/CD updates to MS Teams.

See more

Gitlab as A LOT of features that GitHub and Azure DevOps are missing. Even if both GH and Azure are backed by Microsoft, GitLab being open source has a faster upgrade rate and the hosted by gitlab.com solution seems more appealing than anything else! Quick win: the UI is way better and the Pipeline is way easier to setup on GitLab!

See more
Nazar Atamaniuk
Shared insights
on
DeployPlaceDeployPlaceGitHubGitHubGitLabGitLab

At DeployPlace we use self-hosted GitLab, we have chosen GitLab as most of us are familiar with it. We are happy with all features GitLab provides, I can’t imagine our life without integrated GitLab CI. Another important feature for us is integrated code review tool, we use it every day, we use merge requests, code reviews, branching. To be honest, most of us have GitHub accounts as well, we like to contribute in open source, and we want to be a part of the tech community, but lack of solutions from GitHub in the area of CI doesn’t let us chose it for our projects.

See more
Get Advice from developers at your company using StackShare Enterprise. Sign up for StackShare Enterprise.
Learn More
Pros of GitHub
Pros of Snyk
  • 1.8K
    Open source friendly
  • 1.5K
    Easy source control
  • 1.3K
    Nice UI
  • 1.1K
    Great for team collaboration
  • 867
    Easy setup
  • 504
    Issue tracker
  • 486
    Great community
  • 483
    Remote team collaboration
  • 451
    Great way to share
  • 442
    Pull request and features planning
  • 147
    Just works
  • 132
    Integrated in many tools
  • 121
    Free Public Repos
  • 116
    Github Gists
  • 112
    Github pages
  • 83
    Easy to find repos
  • 62
    Open source
  • 60
    It's free
  • 60
    Easy to find projects
  • 56
    Network effect
  • 49
    Extensive API
  • 43
    Organizations
  • 42
    Branching
  • 34
    Developer Profiles
  • 32
    Git Powered Wikis
  • 30
    Great for collaboration
  • 24
    It's fun
  • 23
    Clean interface and good integrations
  • 22
    Community SDK involvement
  • 20
    Learn from others source code
  • 16
    Because: Git
  • 14
    It integrates directly with Azure
  • 10
    Standard in Open Source collab
  • 10
    Newsfeed
  • 8
    It integrates directly with Hipchat
  • 8
    Fast
  • 8
    Beautiful user experience
  • 7
    Easy to discover new code libraries
  • 6
    Smooth integration
  • 6
    Cloud SCM
  • 6
    Nice API
  • 6
    Graphs
  • 6
    Integrations
  • 6
    It's awesome
  • 5
    Quick Onboarding
  • 5
    Reliable
  • 5
    Remarkable uptime
  • 5
    CI Integration
  • 5
    Hands down best online Git service available
  • 4
    Uses GIT
  • 4
    Version Control
  • 4
    Simple but powerful
  • 4
    Unlimited Public Repos at no cost
  • 4
    Free HTML hosting
  • 4
    Security options
  • 4
    Loved by developers
  • 4
    Easy to use and collaborate with others
  • 3
    Ci
  • 3
    IAM
  • 3
    Nice to use
  • 3
    Easy deployment via SSH
  • 2
    Easy to use
  • 2
    Leads the copycats
  • 2
    All in one development service
  • 2
    Free private repos
  • 2
    Free HTML hostings
  • 2
    Easy and efficient maintainance of the projects
  • 2
    Beautiful
  • 2
    Easy source control and everything is backed up
  • 2
    IAM integration
  • 2
    Very Easy to Use
  • 2
    Good tools support
  • 2
    Issues tracker
  • 2
    Never dethroned
  • 2
    Self Hosted
  • 1
    Dasf
  • 1
    Profound
  • 10
    Github Integration
  • 5
    Free for open source projects
  • 4
    Finds lots of real vulnerabilities
  • 1
    Easy to deployed

Sign up to add or upvote prosMake informed product decisions

Cons of GitHub
Cons of Snyk
  • 54
    Owned by micrcosoft
  • 38
    Expensive for lone developers that want private repos
  • 15
    Relatively slow product/feature release cadence
  • 10
    API scoping could be better
  • 9
    Only 3 collaborators for private repos
  • 4
    Limited featureset for issue management
  • 3
    Does not have a graph for showing history like git lens
  • 2
    GitHub Packages does not support SNAPSHOT versions
  • 1
    No multilingual interface
  • 1
    Takes a long time to commit
  • 1
    Expensive
  • 2
    Does not integrated with SonarQube
  • 1
    No malware detection
  • 1
    No surface monitoring
  • 1
    Complex UI
  • 1
    False positives

Sign up to add or upvote consMake informed product decisions

What is GitHub?

GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over three million people use GitHub to build amazing things together.

What is Snyk?

Automatically find & fix vulnerabilities in your code, containers, Kubernetes, and Terraform

Need advice about which tool to choose?Ask the StackShare community!

What companies use GitHub?
What companies use Snyk?
See which teams inside your own company are using GitHub or Snyk.
Sign up for StackShare EnterpriseLearn More

Sign up to get full access to all the companiesMake informed product decisions

What tools integrate with GitHub?
What tools integrate with Snyk?

Sign up to get full access to all the tool integrationsMake informed product decisions

Blog Posts

Dec 8 2020 at 5:50PM

DigitalOcean

GitHubMySQLPostgreSQL+11
2
2383
GitHubOptimizelySegment+3
2
1181
Mar 18 2020 at 9:12AM

LaunchDarkly

GitHubLaunchDarkly+2
7
1120
JavaScriptGitHubReact+12
5
4152
What are some alternatives to GitHub and Snyk?
GitLab
GitLab offers git repository management, code reviews, issue tracking, activity feeds and wikis. Enterprises install GitLab on-premise and connect it with LDAP and Active Directory servers for secure authentication and authorization. A single GitLab server can handle more than 25,000 users but it is also possible to create a high availability setup with multiple active servers.
Bitbucket
Bitbucket gives teams one place to plan projects, collaborate on code, test and deploy, all with free private Git repositories. Teams choose Bitbucket because it has a superior Jira integration, built-in CI/CD, & is free for up to 5 users.
AWS CodeCommit
CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.
Git
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
SVN (Subversion)
Subversion exists to be universally recognized and adopted as an open-source, centralized version control system characterized by its reliability as a safe haven for valuable data; the simplicity of its model and usage; and its ability to support the needs of a wide variety of users and projects, from individuals to large-scale enterprise operations.
See all alternatives