Recently, we have enabled Snyk scanning with Konflux, and following @Hardik Vyas guidance, it is recommended to shift left by enabling it on upstream (Medik8s repos).
The main pros are early and comprehensive vulnerability detection, automated and accelerated remediation (by PRs), and a common tool that we already support for our downstream builds, while the main con is the alert fatigue and false positives resulting in too many PRs.

We should have a Snyk connection for free after making the first connection in the project Hybrid Platforms - OpenShift Layered Services (used with other layered operators) https://app.snyk.io/org/hybrid-platforms-openshift-layered-services/projects