We performed a comparison between Snyk and Tenable Vulnerability Management based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"The most valuable feature of Snyk is the software composition analysis."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact."
"Snyk is a developer-friendly product."
"The code scans on the source code itself were valuable."
"What is valuable about Snyk is its simplicity."
"A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools."
"The dashboard is pretty intuitive, and it lets you do a drill-down analysis of each vulnerability. That is something that brings a lot of value to the organization."
"It is pretty stable. I would rate it nine or maybe ten."
"It is a very, very user-friendly tool...The setup is easy"
"The vulnerability scanning is the most important aspect of the solution for us."
"The product is easy to use."
"They are on a good trajectory as a company and investing in R&D in the right ways."
"The initial setup is very straightforward."
"The tool has an easy-to-use interface."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"The tool needs improvement in license compliance. I would like to see the integration of better policy management in the product's future release. When it comes to the organization that I work for, there are a lot of business units since we are a group of companies. Each of these companies has its specific requirements and its own appetite for risk. This should be able to reflect in flexible policies. We need to be able to configure policies that can be adjusted later or overridden by the business unit that is using the product."
"A feature we would like to see is the ability to archive and store historical data, without actually deleting it. It's a problem because it throws my numbers off. When I'm looking at the dashboard's current vulnerabilities, it's not accurate."
"The solution's integration with JFrog Artifactory could be improved."
"For the areas that they're new in, it's very early stages for them. For example, their expertise is in looking at third-party components and packages, which is their bread-and-butter and what they've been doing for ages, but for newer features such as static analysis I don't think they've got compatibility for all the languages and frameworks yet."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
"Tenable could improve visibility into assets, including automated asset tagging. You should be able to automatically tag assets based on location, function, ownership, etc. That would help us because we spend a lot of time identifying and tagging assets by hand."
"They've been able to think about everything in terms of where the world is going and the type of assets that you've got. They've everything sorted out in that aspect, but you have to pay for most of the other components that they've got to give you complete visibility across your tech surface. If it already had those capabilities in-built, without having to add them on to take advantage of them, it would be a very compelling value proposition."
"It would be helpful if Tenable could be more clear with regard to everything the solution can and cannot do with the particular license that you have."
"The tool's reports are bad. They're not very customizable or flexible. During audits, we often have to exclude things that aren't relevant to our organization, but we can't do that easily with the reports. They come in HTML or PDF format, and we can't compare current results with previous ones in Excel because we never receive reports in Excel."
"The price could be lower."
"The user interface could be improved by being able to change the user interface to fit your position or your job. The graphs are set in stone and you can only print reports."
"They should include better customization of the dashboard, and integration tools."
"The only drawback of the solution is that it is expensive."
More Tenable Vulnerability Management Pricing and Cost Advice →
Snyk is ranked 4th in Application Security Tools with 41 reviews while Tenable Vulnerability Management is ranked 2nd in Vulnerability Management with 38 reviews. Snyk is rated 8.2, while Tenable Vulnerability Management is rated 8.2. The top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". On the other hand, the top reviewer of Tenable Vulnerability Management writes "Discovers vulnerabilities and integrates well with other solutions". Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Veracode and GitHub Advanced Security, whereas Tenable Vulnerability Management is most compared with Tenable Security Center, Tenable Nessus, Qualys VMDR, Amazon Inspector and Armis.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.