We performed a comparison between Rapid7 InsightVM and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management."The most valuable feature for us is the different types of reporting it provides."
"It is stable and scalable."
"The ease of deployment and configuration allows users to onboard quickly."
"The most valuable feature is the site scanning, where we can provide a complete subnet and what it is we need to scan on those devices."
"It is good and fits well with pretty much all of our use case needs."
"InsightVM's most valuable feature is risk scoring, a formula based on different vectors like the ease of exploitation and the availability of the machine."
"The solution is good because it has a lot of options."
"The feature that I have found most valuable is its dashboards."
"The solution has great features and is quite stable."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities."
"What is valuable about Snyk is its simplicity."
"We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"Snyk is a developer-friendly product."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"Rapid7 InsightVM, has impressive capabilities, especially when it comes to managing video equipment. However, we've noticed that Rapid7 also offers a cloud solution called CloudSec, and we don't have that. We think it would be better if InsightVM had all the features for both on-premise and cloud management."
"The drawback is that it is still not a fully SaaS solution, so you must deploy a console."
"I would say that it improved our visibility, but it left things open."
"They should integrate the solution with multiple products."
"This solution creates false-positives which can cause issues with reporting."
"A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group."
"We found that after you passed an endpoint, it didn't always reflect it in the next scan. I'm not sure if it was a glitch or some issue with the product's software. That was never clear. That was always an issue and something that definitely needed improvement."
"The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier."
"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"The solution's reporting and storage could be improved."
"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."
"It would be helpful if we get a recommendation while doing the scan about the necessary things we need to implement after identifying the vulnerabilities."
"Could include other types of security scanning and statistical analysis"
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
Rapid7 InsightVM is ranked 4th in Risk-Based Vulnerability Management with 55 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Rapid7 InsightVM is rated 8.0, while Snyk is rated 8.2. The top reviewer of Rapid7 InsightVM writes "You can scan a network, and receive recommendations to address vulnerabilities with the click of a button". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Rapid7 InsightVM is most compared with Tenable Nessus, Qualys VMDR, Tenable Security Center, Microsoft Defender Vulnerability Management and Wiz, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.