We performed a comparison between HCL AppScan and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."This solution saves us time due to the low number of false positives detected."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"The UI was very intuitive."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"The static scans are good, and the SaaS as well."
"I like the recording feature."
"The solution is easy to use."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"Snyk categorizes the level of vulnerability into high, medium, and low, which helps organizations prioritize which issues to tackle first."
"A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"It's very easy for developers to use. Onboarding was an easy process for all of the developers within the company. After a quick, half-an-hour to an hour session, they were fully using it on their own. It's very straightforward. Usability is definitely a 10 out of 10."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"The penetration testing feature should be included."
"AppScan is too complicated and should be made more user-friendly."
"The databases for HCL are small and have room for improvement."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"The solution's integration with JFrog Artifactory could be improved."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
"Generating reports and visibility through reports are definitely things they can do better."
HCL AppScan is ranked 14th in Application Security Tools with 39 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. HCL AppScan is rated 7.6, while Snyk is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and Mend.io, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Veracode and GitHub Advanced Security. See our HCL AppScan vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.