Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs Snyk comparison

HCLSoftware and Snyk are both solutions in the Application Security Tools category. HCLSoftware is ranked #13 with an average rating of 8.0, while Snyk is ranked #4 with an average rating of 8.0. HCLSoftware holds a 2.6% mindshare in AS, compared to Snyk’s 7.6% mindshare. Additionally, 82% of HCLSoftware users are willing to recommend the solution, compared to 100% of Snyk users who would recommend it.
HCL AppScan
Read 42 HCL AppScan reviews
  • 4,509 Views
  • 3,469 Comparison Views
82% willing to recommend
Snyk
Read 43 Snyk reviews
  • 14,638 Views
  • 10,485 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

HCL AppScan and Snyk are competing in the application security testing market. Snyk seems to have the upper hand due to its agility and integration capabilities appealing more to DevOps teams.

Features: HCL AppScan offers extensive scanning capabilities, detailed vulnerability reports, and robust security features. Snyk provides seamless integration with developer workflows, real-time feedback, and user-centric design which makes it worth the premium price.

Room for Improvement: HCL AppScan could improve in speed, ease of use, and deployment process. Some Snyk users express concerns about accuracy, enhanced functionalities for integrations, and specific feature enhancements.

Ease of Deployment and Customer Service: HCL AppScan involves a complex deployment process with reliable support. Snyk is recognized for straightforward deployment and responsive support, enhancing the user experience in rapid development environments.

Pricing and ROI: HCL AppScan's pricing is reasonable but may lead to higher setup costs. Snyk, though often seen as more expensive, delivers quick ROI by embedding security efficiently within the development process.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed HCL AppScan vs. Snyk Report (Updated: October 2024).
Buyer's Guide
HCL AppScan vs. Snyk
October 2024
Download the complete report
Helped 816,192 peers since 2012
 

Categories and Ranking

HCL AppScan
Ranking in Application Security Tools
13th
Average Rating
7.8
Reviews Sentiment
5.8
Number of Reviews
42
Ranking in other categories
Static Application Security Testing (SAST) (12th), Dynamic Application Security Testing (DAST) (1st)
Snyk
Ranking in Application Security Tools
4th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
43
Ranking in other categories
Container Security (7th), Software Composition Analysis (SCA) (3rd), Software Development Analytics (2nd), DevSecOps (1st)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of HCL AppScan is 2.6%, down from 2.8% compared to the previous year. The mindshare of Snyk is 7.6%, down from 8.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Gladwin Christian - PeerSpot reviewer
A useful tool to scan applications that can be easily installed
Given that we have been using HCL AppScan for many years, I think the setup process is not difficult at all. Sometimes, some issues stop or prevent my company from moving forward with the product's setup phase. We have to call HCL's support team and engage in long discussions to smoothly carry out the setup phase. In general, the product's setup phase is not difficult in our company. The solution is deployed on an on-premises model. The licenses for the solution are available only on cloud deployments nowadays. The solution is already installed in our environment. Every time a new release or software comes out from HCL, our company does a scan, which takes maybe a day or two.
Read full review
Jayashree Acharyya - PeerSpot reviewer
Used for image scanning and identifying vulnerabilities, but its integration with other services could be improved
The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not. We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline. Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance. The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub. Overall, I rate the solution a seven out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"The most valuable feature of the solution is the scanning or security part."
"The static scans are good, and the SaaS as well."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"You can easily find particular features and functions through the UI."
"The UI was very intuitive."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
More HCL AppScan pros
"The most valuable feature of Snyk is the software composition analysis."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities."
"Static code analysis is one of the best features of the solution."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
More Snyk pros
 

Cons

"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"Improvement can be done as per customer requirements."
"The databases for HCL are small and have room for improvement."
"There is not a central management for static and dynamic."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"They have to improve support."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
More HCL AppScan cons
"We had some issues integrating into our pipeline, however, they were resolved."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"Basically the licensing costs are a little bit expensive."
"The feature for automatic fixing of security breaches could be improved."
"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."
"Snyk's API and UI features could work better in terms of speed."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
More Snyk cons
 

Pricing and Cost Advice

"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
"The price is very expensive."
"Our clients are willing to pay the extra money. It is expensive."
"The product has premium pricing and could be more competitive."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"The tool was expensive."
"The solution is cheap."
More HCL AppScan pricing and cost advice
"The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."
"Compared to Veracode, Snyk is definitely a cheaper tool."
"The product has good pricing."
"The pricing is reasonable."
"With Snyk, you get what you pay for. It is not a cheap solution, but you get a comprehensiveness and level of coverage that is very good. The dollars in the security budget only go so far. If I can maximize my value and be able to have some funds left over for other initiatives, I want to do that. That is what drives me to continue to say, "What's out there in the market? Snyk's expensive, but it's good. Is there something as good, but more affordable?" Ultimately, I find we could go cheaper, but we would lose the completeness of vision or scope. I am not willing to do that because Snyk does provide a pretty important benefit for us."
"It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website."
"The price of the solution is expensive compared to other solutions."
"We are using the open-source version for the scans."
More Snyk pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
816,192 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
14%
Manufacturing Company
11%
Government
10%
Financial Services Firm
15%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
See all answers
What needs improvement with HCL AppScan?
They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities.
See all answers
What is your primary use case for HCL AppScan?
We use AppScan primarily for security testing and performance monitoring across our systems.
See all answers
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
See all answers
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.
See all answers
What needs improvement with Snyk?
I'm not responsible for the tool. As far as I know, there are no major concerns or features that we lack. We had some issues integrating into our pipeline, however, they were resolved.
See all answers
 

Comparisons

Acunetix vs HCL AppScan Logo
Acunetix vs HCL AppScan
Compared 15% of the time
SonarQube Server (formerly SonarQube) vs HCL AppScan Logo
SonarQube Server (formerly SonarQube) vs HCL AppScan
Compared 13% of the time
Veracode vs HCL AppScan Logo
Veracode vs HCL AppScan
Compared 11% of the time
Fortify on Demand vs HCL AppScan Logo
Fortify on Demand vs HCL AppScan
Compared 9% of the time
Invicti vs HCL AppScan Logo
Invicti vs HCL AppScan
Compared 3% of the time
More HCL AppScan Competitors
GitHub Advanced Security vs Snyk Logo
GitHub Advanced Security vs Snyk
Compared 13% of the time
SonarQube Server (formerly SonarQube) vs Snyk Logo
SonarQube Server (formerly SonarQube) vs Snyk
Compared 12% of the time
Black Duck vs Snyk Logo
Black Duck vs Snyk
Compared 11% of the time
Wiz vs Snyk Logo
Wiz vs Snyk
Compared 6% of the time
Fortify Static Code Analyzer vs Snyk Logo
Fortify Static Code Analyzer vs Snyk
Compared 6% of the time
More Snyk Competitors
 

Product Reports

Buyer's Guide
HCL AppScan
November 2024
HCL AppScan reportDownload HCL AppScan product report
Buyer's Guide
Snyk
October 2024
Snyk reportDownload Snyk product report
 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
No data available
 

Learn More

HCLSoftware
Snyk
 

Overview

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.

Benefits of Snyk

Some of the benefits of using Snyk include:

  • Conserves resources: Snyk easily integrates with other security solutions and uses their security features to ensure that the work that users are doing is completely secure. These integrations allow them to protect themselves without pulling resources from their continued integration or continued delivery workflows. Resources can be conserved for areas of the greatest need.
  • Highly flexible: Snyk enables users to customize the system’s security automation features to meet their needs. Users can guarantee that the automation performs the functions that are most essential for their current project. Additionally, users are able to maintain platform governance consistency across their system.
  • Keeps users ahead of emerging threats. Snyk employs a database of threats that help it detect and keep track of potential issues. This database is constantly being updated to reflect the changes that take place in the realm of cybersecurity. It also uses machine learning. Users are prepared to deal with new issues as they arise.
  • Automatically scans projects for threats. Snyk’s command-line interface enables users to schedule the solution to run automatic scans of their projects. Time and manpower can be conserved for the areas of greatest need without sacrificing security.

Reviews from Real Users

Snyk is a security platform for developers that stands out among its competitors for a number of reasons. Two major ones are its ability to integrate with other security solutions and important insights that it can enable users to discover. Snyk enables users to combine its already existing security features with those of other solutions to create far more robust and flexible layers of security than what it can supply on its own. It gives users the ability to dig into the security issues that they may experience. Users are given a clear view of the root causes of these problems. This equips them to address the problem and prevent similar issues in the future.

Cameron G., a security software engineer at a tech company, writes, “The most valuable features are their GitLab and JIRA integrations.The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using. Snyk is something of a bridge that we use; we get our projects into it and then get the information out of it. Those two integrations are crucial for us to be able to do that pretty simply.”

Sean M., the chief information security officer of a technology vendor, writes, "From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Buyer's Guide
HCL AppScan vs. Snyk
October 2024
Free Report: HCL AppScan vs. Snyk
Find out what your peers are saying about HCL AppScan vs. Snyk and other solutions. Updated: October 2024.
DOWNLOAD NOW
816,192 professionals have used our research since 2012.
See our HCL AppScan vs. Snyk report.
See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.