We performed a comparison between Qualys Web Application Scanning and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"The product prevents possible vulnerabilities in our network."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"It is a very stable solution."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"The vulnerability management feature is a strong one. And also the patch management feature."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"I am impressed with the product's security vulnerability detection. My peers in security are praising the tool for its accuracy to detect security vulnerabilities. The product is very easy to onboard. It doesn't require a lot of preparation or prerequisites. It's a bit of a plug-and-play as long as you're using a package manager or for example, you are using a GitHub repository. And that is an advantage for this tool because developers don't want to add more tools to what they're currently using."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"The most valuable feature of Snyk is the SBOM."
"Snyk has given us really good results because it is fully automated. We don't have to scan projects every time to find vulnerabilities, as it already stores the dependencies that we are using. It monitors 24/7 to find out if there are any issues that have been reported out on the Internet."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"There could be better management and faster scanning."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"The product's pricing could be better."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"They should try to include business logic vulnerabilities in the scanner testing."
"The software’s pricing could be improved."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."
"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"We use Bamboo for CI.CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
"Snyk's API and UI features could work better in terms of speed."
"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Qualys Web Application Scanning is rated 7.8, while Snyk is rated 8.2. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Checkmarx One, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode. See our Qualys Web Application Scanning vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.