We performed a comparison between HCL AppScan and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"It provides a better integration for our ecosystem."
"The security and the dashboard are the most valuable features."
"The solution offers services in a few specific development languages."
"You can easily find particular features and functions through the UI."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"The solution is easy to use."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"It's very easy for developers to use. Onboarding was an easy process for all of the developers within the company. After a quick, half-an-hour to an hour session, they were fully using it on their own. It's very straightforward. Usability is definitely a 10 out of 10."
"The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"The most valuable feature of Snyk is the software composition analysis."
"The solution's vulnerability database, in terms of comprehensiveness and accuracy, is very high-level. As far as I know, it's the best among their competitors."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"There is room for improvement in the pricing model."
"There is not a central management for static and dynamic."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"Sometimes it doesn't work so well."
"They have to improve support."
"The feature for automatic fixing of security breaches could be improved."
"The solution's reporting and storage could be improved."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."
"Compatibility with other products would be great."
HCL AppScan is ranked 15th in Application Security Tools with 41 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. HCL AppScan is rated 7.8, while Snyk is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Mend.io, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode. See our HCL AppScan vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.