We performed a comparison between HCL AppScan and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The static scans are good, and the SaaS as well."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"The solution is easy to use."
"I like the recording feature."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"Technical support is helpful."
"It provides a better integration for our ecosystem."
"We are now deploying less defects to production."
"Snyk categorizes the level of vulnerability into high, medium, and low, which helps organizations prioritize which issues to tackle first."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"Static code analysis is one of the best features of the solution."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"It has crashed at times."
"HCL AppScan needs to improve security."
"The databases for HCL are small and have room for improvement."
"They have to improve support."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"Scans become slow on large websites."
"The tool's initial use is complex."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."
"Snyk's API and UI features could work better in terms of speed."
"The solution's integration with JFrog Artifactory could be improved."
"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."
"The product is very expensive."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
HCL AppScan is ranked 15th in Application Security Tools with 40 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. HCL AppScan is rated 7.6, while Snyk is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Mend.io, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode. See our HCL AppScan vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.