We performed a comparison between Rapid7 Metasploit and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, SentinelOne and others in Vulnerability Management."It is scalable. It's in line with our needs."
"I use Rapid7 Metasploit for payload generation and Post-Exploitation."
"It allows us to concentrate solely on identified vulnerabilities without the hassle of additional setup."
"It's not possible to do penetration testing without being very proficient in Metasploit."
"The solution is open source and has many small targetted penetration tests that have been written by many people that are useful. You can choose different subjects for the test, such as Oracle databases or Apache servers."
"The Search Engineering feature is good."
"All of the features are great."
"The reporting on the solution is good."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact."
"Static code analysis is one of the best features of the solution."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."
"Rapid7 Metasploit could be made easier for new users to learn."
"The solution is not user-friendly and has room for improvement."
"I would like to see more capabilities, more functions, and more features. More types of attack vectors."
"Metasploit cannot be installed on a machine with an antivirus."
"Rapid7 Metasploit can add a GUI feature because it is only available online."
"If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective."
"I think areas with shortcomings that need improvement are more integration and automation."
"Advanced Infrastructure should be implemented in the next release for better orchestration."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."
"I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"Generating reports and visibility through reports are definitely things they can do better."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
Rapid7 Metasploit is ranked 13th in Vulnerability Management with 18 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Rapid7 Metasploit is rated 7.6, while Snyk is rated 8.2. The top reviewer of Rapid7 Metasploit writes "Helps find vulnerabilities in a system to determine whether the system needs to be upgraded". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Rapid7 Metasploit is most compared with Tenable Nessus, Pentera, Acunetix, Rapid7 InsightVM and Nucleus, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.