We performed a comparison between Cisco Vulnerability Management (formerly Kenna.VM) and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management."The risk context of any vulnerability is a valuable feature."
More Cisco Vulnerability Management (formerly Kenna.VM) Pros →
"The most valuable feature of Snyk is the software composition analysis."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"The solution's vulnerability database, in terms of comprehensiveness and accuracy, is very high-level. As far as I know, it's the best among their competitors."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"An improvement would be some sort of an integration with any GRC suite."
More Cisco Vulnerability Management (formerly Kenna.VM) Cons →
"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"We use Bamboo for CI.CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult."
"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
More Cisco Vulnerability Management (formerly Kenna.VM) Pricing and Cost Advice →
Cisco Vulnerability Management (formerly Kenna.VM) is ranked 10th in Risk-Based Vulnerability Management with 1 review while Snyk is ranked 4th in Application Security Tools with 41 reviews. Cisco Vulnerability Management (formerly Kenna.VM) is rated 8.0, while Snyk is rated 8.2. The top reviewer of Cisco Vulnerability Management (formerly Kenna.VM) writes "Offers contextual prioritization and risk-based remediation of vulnerability". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Cisco Vulnerability Management (formerly Kenna.VM) is most compared with Qualys VMDR, Rapid7 InsightVM, Tenable Security Center, Ivanti Neurons for RBVM and Lacework, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Veracode and GitHub Advanced Security.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.