When comparing CFEngine vs Snyk, the Slant community recommends CFEngine for most people. In the question“What are the best DevOps tools?” CFEngine is ranked 14th while Snyk is ranked 15th. The most important reason people chose CFEngine is:
The cfengine agent is written in C and has some of the fastest execution times around.
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro Fast
The cfengine agent is written in C and has some of the fastest execution times around.
Pro Scaleable
The decentralized architecture and innate speed allow cfengine to easily scale to thousands of nodes.
Pro Secure
Very good security track record.
Pro Helpful community
Although the community is not as big as puppets its very friendly and helpful to get thing's fixed or to point you in the right direction.
Pro Works great on low power devices and appliances
Because CFEngine is written in C it's not only very fast and scaleable but it only uses a few MB of memory and it's easy on the CPU.
Pro Integrations
Snyk can connect directly to GitHub, GitLab, Heroku, AWS Lambda, Bitbucket Server etc. It is also possible to use the CLI.
Pro TeamCity plugin
TeamCity plugin available.
Pro Multi language support
Snyk supports .NET, GO, Java. Node.js, PHP, Python, Ruby, Scala.
Cons
Con Lacking ready to use modules like puppet
Because there is no ECOsystem like the puppetforge to share code you have to figure things out for yourself, which is good if you want to learn things but bad when you need to get things done.
Con Steep learning curve
It takes time and lots of practice to learn. Documentation is a bit lacking and if there are no examples to look to, it's that much more difficult to work with.
Con Shallow .NET support
Only seems to check the NuGet packages and not much else.
Con ASP.NET Core is "High risk"
The TeamCity plugin fails the build for all ASP.NET Core applications stating that it is vulnerable to DOS attacks and that "there is no fix available".