Comment on page
Git repositories and CI/CD comparisons
- Git repository: Improve application security in your Git repository, preventing vulnerable code from entering your codebase and getting quick visibility for your vulnerabilities.
- CI/CD: Keep your applications secure by preventing deployment of vulnerable applications or components (registries), adding Snyk in the build as a step of the pipeline.
You can decide to implement either Git repository or CI/CD, or both. Both have advantages and disadvantages; your choice will depend on your team's flows and organizational processes.
The following considerations explain the benefits of each type of integration.
Use Git repository integrations to Improve the security of your code and deployed applications.
- Easier to set up and maintain.
- Allows scanning and visibility earlier in the software development lifecycle through:
- Automatic daily rescanning of all imported Projects.
- Checking all submitted PRs for security issues.
- Generating dependency upgrade PRs to deal with technical debt.
- Generating fix PRs for existing vulnerabilities that have not been addressed.
- More friendly experience for developers.
- Does not take resources from your CI/CD pipeline.
Use CI/CD integrations to accomplish the following:
- Keep your code and deployed applications secure
- Give visibility to components that are pushed to production by either breaking builds and reporting to Snyk or only reporting to Snyk.
- Some package managers require local context and are better run within your environment, including Scala, Gradle, Go modules, Artifactory, and Nexus.
- More granular options to block.
- Strong gatekeeper.
- Best practice for container and Infrastructure as Code scans. For IaC, get more accurate results by scanning a Terraform plan file rather than the untemplated IaC declarations.