We performed a comparison between Rapid7 InsightVM and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management."The discovery and prioritization of vulnerabilities."
"It is stable and scalable."
"InsightVM's best features are the vulnerability database and remediation steps."
"The product is scalable."
"The solution is automatically scheduled so it runs by itself."
"This solution's most useful feature is that it is entirely a single-page application."
"The most valuable features are its reporting capabilities and the host discovery functionality."
"The solution scales well."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."
"I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier."
"Some difficulties with the online reporting and lack of integrations."
"All products have room for increased security and Rapid7 InsightVM is no exception."
"We have some issues with how it scans patches."
"There are end-user needs and expectations that are being overlooked in the development that could be addressed by appointing a customer advisory board."
"There should be containerization within the VM."
"Reporting could be expanded."
"I would like to see more integration."
"For the areas that they're new in, it's very early stages for them. For example, their expertise is in looking at third-party components and packages, which is their bread-and-butter and what they've been doing for ages, but for newer features such as static analysis I don't think they've got compatibility for all the languages and frameworks yet."
"Snyk's API and UI features could work better in terms of speed."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"The tool's initial use is complex."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"The product is very expensive."
"I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks."
Rapid7 InsightVM is ranked 4th in Risk-Based Vulnerability Management with 55 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Rapid7 InsightVM is rated 8.0, while Snyk is rated 8.2. The top reviewer of Rapid7 InsightVM writes "You can scan a network, and receive recommendations to address vulnerabilities with the click of a button". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Rapid7 InsightVM is most compared with Tenable Nessus, Qualys VMDR, Tenable Security Center, Microsoft Defender Vulnerability Management and Wiz, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.