Need advice about which tool to choose?Ask the StackShare community!
Add tool
Snyk vs pyup: What are the differences?
- Integrations: Snyk primarily focuses on integrating with a wide array of programming languages, package managers, and CI/CD tools, making it versatile for various development environments. On the other hand, pyup is more specialized in Python package management and regularly scans Python dependencies for security vulnerabilities and updates.
- Language Support: Snyk supports a vast range of programming languages beyond just Python, such as JavaScript, Java, Go, and Ruby. In comparison, pyup is exclusively tailored for Python projects, providing specialized support and features for the Python ecosystem.
- Automation: Snyk offers automated security testing and dependency updates for multiple languages, allowing for seamless integration into continuous integration pipelines. In contrast, pyup provides automated dependency updates for Python projects specifically, streamlining the process of keeping dependencies up-to-date within Python environments.
- Alerts and Notifications: Snyk provides detailed security alerts and notifications for vulnerabilities found in dependencies across different languages, offering insights and remediation advice. Pyup, on the other hand, focuses on timely notifications and updates specifically tailored to Python packages, keeping developers informed about security patches and updates within the Python ecosystem.
- Open Source Contribution: Snyk actively contributes to the open-source community by providing vulnerability databases, tooling, and resources to enhance the security of various projects. Pyup also supports open-source initiatives by aiding developers in managing Python dependencies more effectively within their projects.
In Summary, Snyk offers broader language support, integrations, and automation capabilities compared to pyup, which is more specialized in Python dependency management and security updates.
Advice on pyup and Snyk
Bryan Dady
SRE Manager at Subsplash · | 5 upvotes · 459.3K views
I'm beginning to research the right way to better integrate how we achieve SCA / shift-left / SecureDevOps / secure software supply chain. If you use or have evaluated WhiteSource, Snyk, Sonatype Nexus, SonarQube or similar, I would very much appreciate your perspective on strengths and weaknesses and how you selected your ultimate solution. I want to integrate with GitLab CI.
Replies (1)
Moises Figueroa
DevOps Engineer at Ingenium Code · | 2 upvotes · 39.8K views
Recommends
I'd recommend Snyk since it provides an IDE extension for Developers, SAST, auto PR security fixes, container, IaC and includes open source scanning as well. I like their scoring method as well for better prioritization. I was able to remove most of the containers and cli tools I had in my pipelines since Snyk covers secrets, vulns, security and some code cleaning. SAST has false positives but the scoring helps. Also had to spend time putting some training docs but their engineers helped out with content.
Manage your open source components, licenses, and vulnerabilities
Learn MorePros of pyup
Pros of Snyk
Pros of pyup
Be the first to leave a pro
Pros of Snyk
- Github Integration10
- Free for open source projects5
- Finds lots of real vulnerabilities4
- Easy to deployed1
Sign up to add or upvote prosMake informed product decisions
Cons of pyup
Cons of Snyk
Cons of pyup
Be the first to leave a con
Cons of Snyk
- Does not integrated with SonarQube2
- No malware detection1
- No surface monitoring1
- Complex UI1
- False positives1
Sign up to add or upvote consMake informed product decisions
- No public GitHub repository available -
What is pyup?
We help you to keep track of dependency updates by sending you automated pull requests directly to your GitHub repo whenever a new update comes out.
What is Snyk?
Automatically find & fix vulnerabilities in your code, containers, Kubernetes, and Terraform
Need advice about which tool to choose?Ask the StackShare community!
What companies use pyup?
What companies use Snyk?
What companies use pyup?
What companies use Snyk?
Manage your open source components, licenses, and vulnerabilities
Learn MoreSign up to get full access to all the companiesMake informed product decisions
What tools integrate with pyup?
What tools integrate with Snyk?
What tools integrate with Snyk?
Sign up to get full access to all the tool integrationsMake informed product decisions
Blog Posts
+7 3
1216
What are some alternatives to pyup and Snyk?
Git
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over three million people use GitHub to build amazing things together.
Visual Studio Code
Build and debug modern web and cloud applications. Code is free and available on your favorite platform - Linux, Mac OSX, and Windows.
Docker
The Docker Platform is the industry-leading container platform for continuous, high-velocity innovation, enabling organizations to seamlessly build and share any application — from legacy to what comes next — and securely run them anywhere
npm
npm is the command-line interface to the npm ecosystem. It is battle-tested, surprisingly flexible, and used by hundreds of thousands of JavaScript developers every day.