We performed a comparison between Qualys VMDR and Snyk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Qualys VMDR is praised for its user-friendly interface, prioritization system, and customizable dashboard. It effectively addresses vulnerabilities and offers valuable scanning capabilities. Snyk users highlighted its developer-friendly approach, automatic pull requests, and software composition analysis features. Reviewers said Qualys VMDR could improve by offering more customization options and integrating more seamlessly with other systems. The interface could be clearer, and Qualys could enhance scanning capabilities for IoT and industrial control systems. Snyk should focus on improving compatibility, reporting, and automatic remediation.
Service and Support: Qualys VMDR's customer service is mostly considered accessible and responsive. However, some reviewers reported slow response times and expressed a desire for more skilled support personnel. Some Snyk customers found the solution's support to be dependable. Others say Snyk should overhaul how it categorizes and prioritizes support requests. Both products offer sufficient support, but Qualys VMDR appears to leave a more positive impression in terms of customer service.
Ease of Deployment: Qualys VMDR is considered uncomplicated and efficient, requiring only a short amount of time. A few users encountered challenges with integration and ensuring data privacy. Snyk users were somewhat divided about the product's setup difficulty. Some found it to be straightforward and fast, while others needed additional guidance. The time needed to implement Snyk could range from several days up to a couple of weeks.
Pricing: The cost of Qualys VMDR varies depending on the organization's business requirements. Some find it affordable, but others consider it costly compared to alternatives. Snyk's pricing is on the higher end of the spectrum, but it is regarded as reasonably priced for the features it offers.
ROI: Qualys VMDR is highly efficient in identifying vulnerabilities and reducing risks. Snyk offers a cost-effective solution for addressing bugs sooner in the development process, offsetting the high annual subscription fees.
Comparison Results: Our users prefer Qualys VMDR over Snyk for its robust features, such as continuous monitoring and a customizable dashboard. Users appreciate the great technical support and find the solution stable and reliable. Snyk needs improvement in terms of reporting and customer support. Also, Qualys VMDR's pricing is competitive, while Snyk's license is relatively expensive.
"Cloud Native Security offers a valuable tool called an offensive search engine."
"PingSafe's integration is smooth. They are highly customer-oriented, and the integration went well for us."
"It is pretty easy to integrate with this platform. When properly integrated, it monitors end-to-end."
"We use the infrastructure as code scanning, which is good."
"The multi-cloud support is valuable. They are expanding to different clouds. It is not restricted to only AWS. It allows us to have different clouds on one platform."
"It is fairly simple. Anybody can use it."
"Cloud Native Security offers attack path analysis."
"Our previous product took a lot of man hours to manage. Once we got Singularity Cloud Workload Security, it freed up our time to work on other tasks."
"It's a good product. After the scan our internet works well. It scans our security posture."
"We also like the flexibility in their licensing."
"Qualys has a continuous endpoint monitoring feature for agent-based scanning. Once you deploy the solution, it monitors everything that is happening every 30 minutes. Then, if there are any vulnerabilities, they are reported."
"Monitors workstations and servers for vulnerabilities and creates reports."
"Qualys VM's best feature is vulnerability management."
"The solution is easy to use."
"They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability."
"Technical support is great and we've never really had a problem."
"Snyk helps me pinpoint security errors in my code."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario."
"It is easy for developers to use. The documentation is clear as well as the APIs are good and easily readable. It's a good solution overall."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"The solution has great features and is quite stable."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful."
"In addition to our telecom and Slack channels, it would be helpful to receive Cloud Native Security security notifications in Microsoft Teams."
"PingSafe's current documentation could be improved to better assist customers during the cluster onboarding process."
"It would be really helpful if the solution improves its agent deployment process."
"I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes."
"One area for improvement could be the internal analysis process, specifically the guidance provided for remediation."
"They could generally give us better comprehensive rules."
"PingSafe is an excellent CSPM tool, but the CWPP features need to improve, and there is a scope for more application security posture management features. There aren't many ASPM solutions on the market, and existing ones are costly. I would like to see PingSafe develop into a single pane of glass for ASPM, CSPM, and CWPP. Another feature I'd like to see is runtime protection."
"I'd like to see better onboarding documentation."
"The reporting and the GUI need improvements."
"If anything, I would like to see the user interface modernized a bit more."
"Qualys could improve the inbuilt dashboards."
"One of the biggest issues from the clients' perspective is that all Qualys computing is on the cloud."
"What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem."
"I do not like that all of the data is stored on the cloud."
"Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems."
"They have integrated with other third parties, but it is still not viable."
"The tool's initial use is complex."
"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"Compatibility with other products would be great."
"The feature for automatic fixing of security breaches could be improved."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
Qualys VMDR is ranked 11th in Container Security with 77 reviews while Snyk is ranked 5th in Container Security with 41 reviews. Qualys VMDR is rated 8.2, while Snyk is rated 8.2. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode. See our Qualys VMDR vs. Snyk report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.