We performed a comparison between Qualys VMDR and Snyk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Qualys VMDR is praised for its user-friendly interface, prioritization system, and customizable dashboard. It effectively addresses vulnerabilities and offers valuable scanning capabilities. Snyk users highlighted its developer-friendly approach, automatic pull requests, and software composition analysis features. Reviewers said Qualys VMDR could improve by offering more customization options and integrating more seamlessly with other systems. The interface could be clearer, and Qualys could enhance scanning capabilities for IoT and industrial control systems. Snyk should focus on improving compatibility, reporting, and automatic remediation.
Service and Support: Qualys VMDR's customer service is mostly considered accessible and responsive. However, some reviewers reported slow response times and expressed a desire for more skilled support personnel. Some Snyk customers found the solution's support to be dependable. Others say Snyk should overhaul how it categorizes and prioritizes support requests. Both products offer sufficient support, but Qualys VMDR appears to leave a more positive impression in terms of customer service.
Ease of Deployment: Qualys VMDR is considered uncomplicated and efficient, requiring only a short amount of time. A few users encountered challenges with integration and ensuring data privacy. Snyk users were somewhat divided about the product's setup difficulty. Some found it to be straightforward and fast, while others needed additional guidance. The time needed to implement Snyk could range from several days up to a couple of weeks.
Pricing: The cost of Qualys VMDR varies depending on the organization's business requirements. Some find it affordable, but others consider it costly compared to alternatives. Snyk's pricing is on the higher end of the spectrum, but it is regarded as reasonably priced for the features it offers.
ROI: Qualys VMDR is highly efficient in identifying vulnerabilities and reducing risks. Snyk offers a cost-effective solution for addressing bugs sooner in the development process, offsetting the high annual subscription fees.
Comparison Results: Our users prefer Qualys VMDR over Snyk for its robust features, such as continuous monitoring and a customizable dashboard. Users appreciate the great technical support and find the solution stable and reliable. Snyk needs improvement in terms of reporting and customer support. Also, Qualys VMDR's pricing is competitive, while Snyk's license is relatively expensive.
"It's helped free up staff time so that they can work on other projects."
"It is very straightforward. It is not complicated. For the information that it provides, it does a pretty good job."
"The most valuable feature of PingSafe is its integration with most of our technology stack, specifically all of our cloud platforms and ticketing software."
"PingSafe offers comprehensive security posture management."
"It is advantageous in terms of time-saving and cost reduction."
"PingSafe's integration is smooth. They are highly customer-oriented, and the integration went well for us."
"The management console is highly intuitive to comprehend and operate."
"The solution is a good alerting tool."
"The most valuable feature is the certificate management."
"Tech support is helpful."
"I find the solution's dashboard interesting...The response time is fine. You can pull up reports without dragging or consuming bandwidth."
"The reporting functionality is great."
"Technical support is great and we've never really had a problem."
"It's really beneficial for scanning and interacting with the agent."
"The solution is easy to use."
"The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities."
"Snyk is a developer-friendly product."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"It is easy for developers to use. The documentation is clear as well as the APIs are good and easily readable. It's a good solution overall."
"The solution has great features and is quite stable."
"The most valuable feature of Snyk is the SBOM."
"I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario."
"The solution's vulnerability database, in terms of comprehensiveness and accuracy, is very high-level. As far as I know, it's the best among their competitors."
"There should be more documentation about the product."
"We are experiencing problems with Cloud Native Security reporting."
"In terms of ease of use, initially, it is a bit confusing to navigate around, but once you get used to it, it becomes easier."
"PingSafe is an excellent CSPM tool, but the CWPP features need to improve, and there is a scope for more application security posture management features. There aren't many ASPM solutions on the market, and existing ones are costly. I would like to see PingSafe develop into a single pane of glass for ASPM, CSPM, and CWPP. Another feature I'd like to see is runtime protection."
"Maybe container runtime security could be improved."
"Scanning capabilities should be added for the dark web."
"The main area for improvement I want to see is for the platform to become less resource-intensive. Right now, it can slow down processes on the machine, and it would be a massive improvement if it were more lightweight than it currently is."
"It took us a while to configure the software to work well in this type of environment, as the support documents were not always clear."
"One of the biggest issues from the clients' perspective is that all Qualys computing is on the cloud."
"The reporting and the GUI need improvements."
"Qualys could improve the inbuilt dashboards."
"They're still evolving their platform in terms of reporting capabilities."
"If anything, I would like to see the user interface modernized a bit more."
"I would like to see this solution simplified to work more easily in a multi-cloud environment."
"This solution could be improved by extending the agent capabilities to different operating systems including Mac and Linux. We would also like the capability to easily check for vulnerability in assets in the IOTs."
"Qualys does have an on-prem solution, but it is very expensive."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"The tool's initial use is complex."
"Generating reports and visibility through reports are definitely things they can do better."
"It would be great if they can include dynamic, interactive, and run-time scanning features. Checkmarx and Veracode provide dynamic, interactive, and run-time scanning, but Snyk doesn't do that. That's the reason there is more inclination towards Veracode, Checkmarx, or AppScan. These are a few tools available in the market that do all four types of scanning: static, dynamic, interactive, and run-time."
"It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."
"The product is very expensive."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
Qualys VMDR is ranked 11th in Container Security with 77 reviews while Snyk is ranked 5th in Container Security with 41 reviews. Qualys VMDR is rated 8.2, while Snyk is rated 8.2. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode. See our Qualys VMDR vs. Snyk report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.