We performed a comparison between Snyk and Tenable Security Center based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"The most valuable feature of Snyk is the software composition analysis."
"I am impressed with the product's security vulnerability detection. My peers in security are praising the tool for its accuracy to detect security vulnerabilities. The product is very easy to onboard. It doesn't require a lot of preparation or prerequisites. It's a bit of a plug-and-play as long as you're using a package manager or for example, you are using a GitHub repository. And that is an advantage for this tool because developers don't want to add more tools to what they're currently using."
"The product's most valuable features are an open-source platform, remote functionality, and good pricing."
"The code scans on the source code itself were valuable."
"Our customers find container scans most valuable. They are always talking about it."
"The most valuable feature of Snyk is the SBOM."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"Tenable also helps us to focus resources on the vulnerabilities that are most likely to be exploited. And since it is continuously updated, it allows us to reevaluate quickly if there are new vulnerabilities found..."
"I found the dashboard features very useful. It made it easy to track remediation progress. I could publish dashboards to remediation teams and track the progress on the dashboards."
"The tool provides us insight into the happens of the network and its hosts. It provides me with a list of hosts."
"The solution has a lean and easy-to-use interface that is not confusing to first-time users."
"Initial setup was pretty straightforward."
"The scanning part, the agent part – that's the valuable aspect."
"We really love the Security Center dashboard. It basically performs vulnerability scanning and then outputs a vulnerability data."
"Tenable is the leading product for vulnerability scanning."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"It would be helpful if we get a recommendation while doing the scan about the necessary things we need to implement after identifying the vulnerabilities."
"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."
"At times we have had the typical bugs."
"Support could be faster."
"The reporting needs a lot of work on the template."
"I think the vendor training provided for Tenable.sc could be a lower price. It's quite expensive for the training."
"Tenable.sc's user interface could be improved."
"Tenable SC can improve by making it easier to create complicated reports and have more effectiveness in the remediation area for comparison between the scans."
"There is not much room for improvement. However, there should be a guide that describes the step-by-step procedures for doing tasks. Otherwise, training is required from a senior guy to a junior guy."
"The solution should provide better web application features and support."
Snyk is ranked 4th in Application Security Tools with 41 reviews while Tenable Security Center is ranked 1st in Risk-Based Vulnerability Management with 48 reviews. Snyk is rated 8.2, while Tenable Security Center is rated 8.2. The top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". On the other hand, the top reviewer of Tenable Security Center writes "A security solution for vulnerability assessment with automated scans". Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode, whereas Tenable Security Center is most compared with Tenable Vulnerability Management, Qualys VMDR, Tenable Nessus, Rapid7 InsightVM and Horizon3.ai.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.