Compare Rapid7 Metasploit vs. Snyk

Cancel
You must select at least 2 products to compare!
Rapid7 Metasploit Logo
6,150 views|3,713 comparisons
Snyk Logo
Read 16 Snyk reviews.
8,413 views|6,636 comparisons
Most Helpful Review
Find out what your peers are saying about Tenable Network Security, Rapid7, Acunetix and others in Vulnerability Management. Updated: November 2020.
448,542 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"It's not possible to do penetration testing without being very proficient in Metasploit.""The option to generate phishing emails has proven to be very valuable in understanding the behavior of users.""It contains almost all the available exploits and payloads.""The most valuable feature for us is the support for testing Linux-based web server components.""The reporting on the solution is good.""All of the features are great."

More Rapid7 Metasploit Pros »

"What is valuable about Snyk is its simplicity.""It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now.""Snyk has given us really good results because it is fully automated. We don't have to scan projects every time to find vulnerabilities, as it already stores the dependencies that we are using. It monitors 24/7 to find out if there are any issues that have been reported out on the Internet.""The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree.""Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there.""The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI.""It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well.""The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."

More Snyk Pros »

Cons
"The initial setup was a bit "tweaky" for the open-source version.""Metasploit cannot be installed on a machine with an antivirus.""It is necessary to add some training materials and a tutorial for beginners.""Better automation capabilities would be an improvement.""The solution should improve the responsiveness of its live technical support.""At the time I was using it, the graphical user interface needed some improvements."

More Rapid7 Metasploit Cons »

"Could include other types of security scanning and statistical analysis""There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform.""They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer.""We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity.""Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this.""The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise.""We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading.""Generating reports and visibility through reports are definitely things they can do better."

More Snyk Cons »

Pricing and Cost Advice
"I use the open-source version of this product. Pricing is not relevant.""It is expensive. Our license expired, and our company is not thinking to renew because of our budget.""The great advantage with Rapid7 Metasploit, of course, is that it's free."

More Rapid7 Metasploit Pricing and Cost Advice »

"It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website.""We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon""You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it.""Their licensing model is fairly robust and scalable for our needs. I believe we have reached a reasonable agreement on the licensing to enable hundreds of developers to participate in this product offering. The solution is very tailored towards developers and its licensing model works well for us.""The price is good. Snyk had a good price compared to the competition, who had higher pricing than them. Also, their licensing and billing are clear.""It's good value. That's the primary thing. It's not cheap-cheap, but it's good value.""With Snyk, you get what you pay for. It is not a cheap solution, but you get a comprehensiveness and level of coverage that is very good. The dollars in the security budget only go so far. If I can maximize my value and be able to have some funds left over for other initiatives, I want to do that. That is what drives me to continue to say, "What's out there in the market? Snyk's expensive, but it's good. Is there something as good, but more affordable?" Ultimately, I find we could go cheaper, but we would lose the completeness of vision or scope. I am not willing to do that because Snyk does provide a pretty important benefit for us.""Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."

More Snyk Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
448,542 professionals have used our research since 2012.
Questions from the Community
Ask a question

Earn 20 points

Top Answer: What is valuable about Snyk is its simplicity.
Top Answer: The product could be improved by including other types of security scanning (e.g. SAST or DAST), which is important. It would also help to include the static analysis specifically to the open-source… more »
Top Answer: We use the product to scan our code for any vulnerable dependencies we might have. We depend on open source libraries and need to make sure they're secure. If not, we need to highlight the areas and… more »
Ranking
7th
Views
6,150
Comparisons
3,713
Reviews
5
Average Words per Review
468
Avg. Rating
7.4
5th
Views
8,413
Comparisons
6,636
Reviews
15
Average Words per Review
1,863
Avg. Rating
8.5
Popular Comparisons
Compared 51% of the time.
Compared 12% of the time.
Compared 7% of the time.
Compared 20% of the time.
Compared 17% of the time.
Compared 14% of the time.
Compared 8% of the time.
Compared 6% of the time.
Also Known As
Metasploit
Learn
Rapid7
Snyk
Overview

Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

Snyk’s mission is to help developers use open source code and stay secure. The use of open source is booming, but security is a key concern (https://snyk.io/stateofossecurity/). Snyk’s unique developer focused product enables developers and enterprise security to continuously find & fix vulnerable dependencies without slowing down, with seamless integration into Dev & DevOps workflows. Snyk is adopted by over 100,000 developers, has multiple enterprise customers (such as Google, New Relic, ASOS and others) and is experiencing rapid growth. Our investors are Canaan Partners, BOLDStart, and several successful developer tools entrepreneurs. Snyk was founded in 2015 and is headquartered in London with offices in Israel and the US. For more information, go to https://snyk.io/.

Offer
Learn more about Rapid7 Metasploit
Learn more about Snyk
Sample Customers
City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon UniversityStartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Top Industries
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company26%
K 12 Educational Company Or School4%
Media Company4%
VISITORS READING REVIEWS
Computer Software Company35%
Comms Service Provider17%
Media Company8%
Financial Services Firm6%
Company Size
REVIEWERS
Small Business14%
Midsize Enterprise43%
Large Enterprise43%
REVIEWERS
Small Business29%
Midsize Enterprise41%
Large Enterprise29%
Find out what your peers are saying about Tenable Network Security, Rapid7, Acunetix and others in Vulnerability Management. Updated: November 2020.
448,542 professionals have used our research since 2012.

Rapid7 Metasploit is ranked 7th in Vulnerability Management with 5 reviews while Snyk is ranked 5th in Application Security with 16 reviews. Rapid7 Metasploit is rated 7.4, while Snyk is rated 8.6. The top reviewer of Rapid7 Metasploit writes "Straightforward to set up, and helpful for moving from development to production". On the other hand, the top reviewer of Snyk writes "Helps Avoid The Pain And The Cost Of Trying To Retrofit Security in your Code". Rapid7 Metasploit is most compared with Tenable Nessus, Wireshark, Rapid7 InsightVM, Qualys VM and Fortinet FortiOS, whereas Snyk is most compared with WhiteSource, Black Duck, SonarQube, JFrog Xray and Checkmarx.

See our list of .

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.