HCL AppScan and Snyk compete in the security testing category. HCL AppScan seems to have the upper hand in more comprehensive static and dynamic testing, while Snyk holds an edge in simplicity and developer integration.
Features: HCL AppScan integrates deeply with the SDLC to provide robust static and dynamic testing with AI-powered features. It offers extensive language support and accurate vulnerability identification. Snyk stands out for its simplicity, quick developer onboarding, and integration capabilities, coupled with reliable open-source component analysis.
Room for Improvement: HCL AppScan could improve in reducing false positives, enhancing mobile app support, and better integration features. Snyk is critiqued for lacking comprehensive SAST and DAST capabilities and needs to refine its integration with some CI tools.
Ease of Deployment and Customer Service: HCL AppScan offers flexibility being available on-premises and in the cloud but has mixed customer service reviews. Snyk focuses on cloud deployment with generally positive feedback for its user-friendly customer support.
Pricing and ROI: HCL AppScan faces criticism for high pricing but offers competitive ROI through reduced vulnerabilities. Its token-based pricing can be advantageous for large needs. Snyk, considered costly too, is license-based per user, offering value with developer-focused features and competitive DevOps integration rates.
Veracode provides excellent assistance and regularly scheduled calls to address customer concerns and updates.
Their response time aligns with their SLA commitments.
Our long-standing association has ensured smooth communication, resulting in favorable support experiences and satisfactory issue resolution.
We could understand the implementation of the product and other features without the need for human interaction.
Snyk allows for scaling across large organizations, accommodating tens of thousands of applications and over 60,000 repositories.
Both Veracode and Snyk should implement this new scoring system for CVSS and AIVSS.
It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for that functionality.
The inclusion of AI to remove false positives would be beneficial.
Companies often choose based on budget constraints, with Veracode being on the higher end cost-wise.
Snyk is recognized as the cheapest option we have evaluated.
After negotiations, we received a special package with a good price point.
Snyk is less expensive.
AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further.
Snyk helps detect vulnerabilities before code moves to production, allowing for integration with DevOps and providing a shift-left advantage by identifying and fixing bugs before deployment.
Our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.
The best feature of Snyk is the integration with our ticketing system, which is Jira.
| Product | Market Share (%) |
|---|---|
| Snyk | 6.5% |
| HCL AppScan | 2.5% |
| Other | 91.0% |
| Company Size | Count |
|---|---|
| Small Business | 13 |
| Midsize Enterprise | 6 |
| Large Enterprise | 31 |
| Company Size | Count |
|---|---|
| Small Business | 20 |
| Midsize Enterprise | 9 |
| Large Enterprise | 21 |
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
Snyk excels in integrating security within the development lifecycle, providing teams with an AI Trust Platform that combines speed with security efficiency, ensuring robust AI application development.
Snyk empowers developers with AI-ready engines offering broad coverage, accuracy, and speed essential for modern development. With AI-powered visibility and security, Snyk allows proactive threat prevention and swift threat remediation. The platform supports shifts toward LLM engineering and AI code analysis, enhancing security and development productivity. Snyk collaborates with GenAI coding assistants for improved productivity and AI application threat management. Platform extensibility supports evolving standards with API access and native integrations, ensuring comprehensive and seamless security embedding in development tools.
What are Snyk's standout features?Industries leverage Snyk for security in CI/CD pipelines by automating checks for dependency vulnerabilities and managing open-source licenses. Its Docker and Kubernetes scanning capabilities enhance container security, supporting a proactive security approach. Integrations with platforms like GitHub and Azure DevOps optimize implementation across diverse software environments.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
