We performed a comparison between Rapid7 Metasploit and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, SentinelOne and others in Vulnerability Management."The most valuable feature for us is the support for testing Linux-based web server components."
"The reporting on the solution is good."
"All of the features are great."
"I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing,"
"The most valuable features of the solution are the scripts, the modules, and the tools that the Rapid7 Metasploit framework has."
"It allows us to concentrate solely on identified vulnerabilities without the hassle of additional setup."
"The solution is open source and has many small targetted penetration tests that have been written by many people that are useful. You can choose different subjects for the test, such as Oracle databases or Apache servers."
"Technical support has been helpful and responsive."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"The most valuable features are their GitLab and JIRA integrations. The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using."
"The solution has great features and is quite stable."
"The product's most valuable features are an open-source platform, remote functionality, and good pricing."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"I am impressed with the product's security vulnerability detection. My peers in security are praising the tool for its accuracy to detect security vulnerabilities. The product is very easy to onboard. It doesn't require a lot of preparation or prerequisites. It's a bit of a plug-and-play as long as you're using a package manager or for example, you are using a GitHub repository. And that is an advantage for this tool because developers don't want to add more tools to what they're currently using."
"The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact."
"Snyk has given us really good results because it is fully automated. We don't have to scan projects every time to find vulnerabilities, as it already stores the dependencies that we are using. It monitors 24/7 to find out if there are any issues that have been reported out on the Internet."
"The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better."
"Advanced Infrastructure should be implemented in the next release for better orchestration."
"I would like to see more capabilities, more functions, and more features. More types of attack vectors."
"The solution should improve the responsiveness of its live technical support."
"At the time I was using it, the graphical user interface needed some improvements."
"It is necessary to add some training materials and a tutorial for beginners."
"There are numerous outdated exploits in their database that should be updated."
"The initial setup was a bit "tweaky" for the open-source version."
"It would be helpful if we get a recommendation while doing the scan about the necessary things we need to implement after identifying the vulnerabilities."
"A feature we would like to see is the ability to archive and store historical data, without actually deleting it. It's a problem because it throws my numbers off. When I'm looking at the dashboard's current vulnerabilities, it's not accurate."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"The product is very expensive."
"Snyk's API and UI features could work better in terms of speed."
"The solution's integration with JFrog Artifactory could be improved."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
"We use Bamboo for CI.CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult."
Rapid7 Metasploit is ranked 12th in Vulnerability Management with 18 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Rapid7 Metasploit is rated 7.6, while Snyk is rated 8.2. The top reviewer of Rapid7 Metasploit writes "Helps find vulnerabilities in a system to determine whether the system needs to be upgraded". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Rapid7 Metasploit is most compared with Tenable Nessus, Pentera, Rapid7 InsightVM, Acunetix and Nucleus, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.