This a question about comparing the available security features of GitLab vs Snyk. I understand I could call Snyk from a GitLab build. But I’m more interested to know if GitLab can do everything that Snyk does, or some of it, what are the overlap or extra from one of them.
I haven’t played with Gitlab’s SCA yet as I don’t believe it’s in the free tier yet, but I think SCA wise Snyk is pretty progressive in what they are doing in terms of SCA. I have dabbled with other SCA vendors like Checkmarx and SNYK has invested heavily in determining where the vulnerabilities are in the dependency and whether they are exploitable with how they are being leveraged in your code. Checkmarx is just now beta testing this functionality. I think I have a free trial that I haven’t used yet, maybe I can play around with it this weekend if nobody else has answers for you.