We performed a comparison between Rapid7 Metasploit and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, SentinelOne and others in Vulnerability Management."It is scalable. It's in line with our needs."
"It contains almost all the available exploits and payloads."
"The Search Engineering feature is good."
"The most valuable feature for us is the support for testing Linux-based web server components."
"The solution is open source and has many small targetted penetration tests that have been written by many people that are useful. You can choose different subjects for the test, such as Oracle databases or Apache servers."
"I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing,"
"All of the features are great."
"Stability-wise, I rate the solution a nine out of ten...Scalability-wise, I rate the solution a nine out of ten."
"What is valuable about Snyk is its simplicity."
"It's very easy for developers to use. Onboarding was an easy process for all of the developers within the company. After a quick, half-an-hour to an hour session, they were fully using it on their own. It's very straightforward. Usability is definitely a 10 out of 10."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"Snyk is a good and scalable tool."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"Our customers find container scans most valuable. They are always talking about it."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"Rapid7 Metasploit could be made easier for new users to learn."
"Rapid7 Metasploit can add a GUI feature because it is only available online."
"Better automation capabilities would be an improvement."
"If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective."
"We'd like them to offer better coverage of malware."
"It is necessary to add some training materials and a tutorial for beginners."
"I would like to see more capabilities, more functions, and more features. More types of attack vectors."
"Metasploit cannot be installed on a machine with an antivirus."
"It would be helpful if we get a recommendation while doing the scan about the necessary things we need to implement after identifying the vulnerabilities."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
"Could include other types of security scanning and statistical analysis"
"We use Bamboo for CI.CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult."
"The solution's integration with JFrog Artifactory could be improved."
"Basically the licensing costs are a little bit expensive."
Rapid7 Metasploit is ranked 12th in Vulnerability Management with 18 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Rapid7 Metasploit is rated 7.6, while Snyk is rated 8.2. The top reviewer of Rapid7 Metasploit writes "Helps find vulnerabilities in a system to determine whether the system needs to be upgraded". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Rapid7 Metasploit is most compared with Tenable Nessus, Pentera, Acunetix, Rapid7 InsightVM and Nucleus, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.