Snyk is praised for its ability to detect vulnerabilities, reasonable pricing, and customer service. On the other hand, Wiz is commended for data security and exposure prevention, and collaboration tools. Areas for improvement for Snyk include UI, customization, and integration capabilities, while Wiz could enhance tutorials, and customizable dashboards.
The summary above is based on 57 interviews we conducted recently with Snyk and Wiz users. To access the review's full transcripts, download our report.
"The offensive security feature is valuable because it publicly detects the offensive and vulnerable things present in our domain or applications. It checks any applications with public access. Some of the applications give public access to certain files or are present over a particular domain. It detects and lets us know with evidence. That is quite good. It is protecting our infrastructure quite well."
"It is advantageous in terms of time-saving and cost reduction."
"I did a lot of research before signing up and doing the demo. They have a good reputation as far as catching threats early on."
"It is pretty easy to integrate with this platform. When properly integrated, it monitors end-to-end."
"Cloud Native Security is user-friendly. Everything in the Cloud Native Security tool is straightforward, including detections, integration, reporting, etc. They are constantly improving their UI by adding plugins and other features."
"The cloud misconfiguration is the most valuable feature."
"Cloud Native Security offers a valuable tool called an offensive search engine."
"Cloud Native Security's best feature is its ability to identify hard-coded secrets during pull request reviews."
"Static code analysis is one of the best features of the solution."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"The code scans on the source code itself were valuable."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"The most valuable feature of Snyk is the software composition analysis."
"What is valuable about Snyk is its simplicity."
"The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities."
"It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."
"The first thing that stood out was the ease of installation and the quick value we got out of the solution."
"With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment."
"The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address."
"The security baseline and vulnerability assessments is the valuable feature."
"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"One area for improvement could be the internal analysis process, specifically the guidance provided for remediation."
"While it is good, I think the solution's console could be improved."
"I export CSV. I cannot export graphs. Restricting it to the CSV format has its own disadvantages. These are all machine IP addresses and information. I cannot change it to the JSON format. The export functionality can be improved."
"They could generally give us better comprehensive rules."
"It does not bring much threat intel from the outside world. All it does is scan. If it can also correlate things, it will be better."
"There is no break-glass account feature. They should implement this as soon as possible because we can't implement SSO without a break-glass feature."
"We've found a lot of false positives."
"I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes."
"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."
"Compatibility with other products would be great."
"The tool's initial use is complex."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"Basically the licensing costs are a little bit expensive."
"Generating reports and visibility through reports are definitely things they can do better."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
"The solution's reporting and storage could be improved."
"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."
"Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform."
"We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."
"The only thing that needs to be improved is the number of scans per day."
"The remediation workflow within the Wiz could be improved."
"We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade... We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately."
"Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes."
"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
Snyk is ranked 5th in Container Security with 41 reviews while Wiz is ranked 2nd in Container Security with 12 reviews. Snyk is rated 8.2, while Wiz is rated 9.2. The top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". On the other hand, the top reviewer of Wiz writes "Multiple features help us prioritize remediation, and agentless implementation reduces overhead". Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Prisma Cloud by Palo Alto Networks, whereas Wiz is most compared with Prisma Cloud by Palo Alto Networks, Orca Security, Microsoft Defender for Cloud, AWS Security Hub and AWS GuardDuty. See our Snyk vs. Wiz report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.