We performed a comparison between CAST Highlight and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It offers good performance."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"CAST Highlight is easy to use and has a good dashboard."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"The most valuable features of CAST Highlight are automation and speed."
"Static code analysis is one of the best features of the solution."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"The code scans on the source code itself were valuable."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"There's a bit of a learning curve at the outset."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"The ease of configuration and customization could be improved in CAST Highlight."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"A feature we would like to see is the ability to archive and store historical data, without actually deleting it. It's a problem because it throws my numbers off. When I'm looking at the dashboard's current vulnerabilities, it's not accurate."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
"Compatibility with other products would be great."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"We use Bamboo for CI.CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult."
"The feature for automatic fixing of security breaches could be improved."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while Snyk is ranked 2nd in Software Composition Analysis (SCA) with 41 reviews. CAST Highlight is rated 7.8, while Snyk is rated 8.2. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". CAST Highlight is most compared with SonarQube, Veracode, Checkmarx One, Black Duck and GitLab, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode. See our CAST Highlight vs. Snyk report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.