Try our new research platform with insights from 80,000+ expert users

Snyk vs Tenable.io Container Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Container Security
3rd
Average Rating
8.6
Reviews Sentiment
8.1
Number of Reviews
92
Ranking in other categories
Vulnerability Management (6th), Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (3rd)
Snyk
Ranking in Container Security
7th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
43
Ranking in other categories
Application Security Tools (4th), Software Composition Analysis (SCA) (3rd), Software Development Analytics (2nd), DevSecOps (1st)
Tenable.io Container Security
Ranking in Container Security
22nd
Average Rating
8.0
Number of Reviews
8
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Container Security category, the mindshare of SentinelOne Singularity Cloud Security is 2.0%, up from 0.8% compared to the previous year. The mindshare of Snyk is 6.0%, down from 8.8% compared to the previous year. The mindshare of Tenable.io Container Security is 1.3%, down from 2.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security
 

Featured Reviews

Andrew W - PeerSpot reviewer
Aug 29, 2024
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Jayashree Acharyya - PeerSpot reviewer
Mar 4, 2024
Used for image scanning and identifying vulnerabilities, but its integration with other services could be improved
The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not. We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline. Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance. The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub. Overall, I rate the solution a seven out of ten.
Amit Goyal - PeerSpot reviewer
Sep 21, 2022
A great solution for identifying vulnerabilities, and it has helped us secure our organization
The best part about Tenable.io Container Security is that they have well-prepared guidebooks for their deployment. Initially, we had queries and questions about deployment, but after we completed it for one or two clients, it was easier for us. The amount of people needed for deployment depends on the engagement and the number of applications. It is usually a consultant on one application, but an entire application security team is involved. On average, deployment takes around one or two weeks. No maintenance is required, but we need to ensure connectivity with the Tenable Portal. This ensures it updates whenever there are new updates or patches from the back end. Tenable.io Container Security is suitable for all companies.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The user-friendliness is the most valuable feature."
"They're responsive to feature requests. If I suggest a feature for Prisma, I will need to wait until the next release on their roadmap. Cloud Native Security will add it right away."
"The user interface is well-designed and easy to navigate."
"The cloud misconfiguration is the most valuable feature."
"PingSafe provides email alerts and ranks issues based on severity, such as high, critical, etc., that help us prioritize issues."
"The remediation process is good."
"The management console is highly intuitive to comprehend and operate."
"The user-friendly dashboard offers both convenience and security by providing quick access to solutions and keeping us informed of potential threats."
"The valuable aspect is its security capabilities."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful."
"Snyk is a developer-friendly product."
"Static code analysis is one of the best features of the solution."
"The tool's most valuable feature is scanning, reporting, and troubleshooting."
"It is a scalable solution. Scalability-wise, it is a good solution."
"It helps us secure our applications from the build phase and identify the weaknesses from scratch."
"The strong security provided by the product in the container environment is its most valuable feature."
"Tenable.io detects misconfiguration when you deploy a Docker or Kubernetes container. It's much better to remedy these issues during deployment instead of waiting until the container is already in the production environment."
"The solution shows you the exploitable vulnerabilities and helps you prioritize."
"Nessus scanner is very effective for internal penetration testing."
"Currently, I haven't implemented the solution due to its deprecation by the site. However, I can highlight some benefits of Tenable Cloud Security, a cybersecurity solution with various features for scanning vulnerabilities in both cloud environments and on-premises container security."
 

Cons

"It took us a while to configure the software to work well in this type of environment, as the support documents were not always clear."
"The integration with Oracle has room for improvement."
"The application module focuses on the different codes and libraries that can be run on the machines. It is very important for Singularity EDR to detect what type of codes and what type of libraries can run in the machine. If they can implement a white list or a black list of codes or libraries that can be used in the machine, it would be very helpful. They can focus more on the application module."
"One area for improvement could be the internal analysis process, specifically the guidance provided for remediation."
"Cloud Native Security's reporting could be better. We are unable to see which images are impacted. Several thousand images have been deployed, so if we can see some application-specific information in the dashboard, we can directly send that report to the team that owns the application. We'd also like the option to download the report from the portal instead of waiting for the report to be sent to our email."
"In some cases, the rules are strictly enforced but do not align with real-world use cases."
"I would like additional integrations."
"here is a bit of a learning curve. However, you only need two to three days to identify options and get accustomed."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
"A feature we would like to see is the ability to archive and store historical data, without actually deleting it. It's a problem because it throws my numbers off. When I'm looking at the dashboard's current vulnerabilities, it's not accurate."
"We use Bamboo for CI.CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"The tool's initial use is complex."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"The solution's reporting and storage could be improved."
"I feel that in certain areas this product has false positives which the company should work on. They should also try to include business logic vulnerabilities in the scanner testing. Finally, the vulnerability assessment feature should be increased to other hardware devices, apart from firewalls."
"I believe integration plays a crucial role for Tenable, particularly in terms of connecting with other products and various container solutions like Docker or Kubernetes. It seems that in future updates, enhanced integration is something I would appreciate. Currently, there is integration with Docker, but when it comes to Kubernetes or other container solutions, it appears to be a challenge, especially with on-prem scanners."
"The initial setup is highly complex."
"The solution’s pricing could be improved."
"Tenable.io Container Security should improve integration modules. It should also improve stability."
"They need to work on auto-remediation so it's easier for the security team to act quickly when certain assets or resources are deployed. The latest version has a CIS benchmark that you need to meet for containers in the cloud, but more automation is needed."
"The support is tricky to reach, so we would like better-oriented technical support enabled."
"The stability and setup phase of the product are areas with shortcomings where improvements are needed."
 

Pricing and Cost Advice

"The price depends on the extension of the solution that you want to buy. If you want to buy just EDR, the price is less. XDR is a little bit more expensive. There are going to be different add-ons for Singularity."
"For pricing, it currently seems to be in line with market rates."
"I am not involved in the pricing, but it is cost-effective."
"PingSafe falls within the typical price range for cloud security platforms."
"Their pricing appears to be based simply on the number of accounts we have, which is common for cloud-based products."
"We have an enterprise license. It is affordable. I'm not sure, but I think we pay 150,000 rupees per month."
"Its pricing is constant. It has been constant over the previous year, so I am happy with it. However, price distribution can be better explained. That is the only area I am worried about. Otherwise, the pricing is very reasonable."
"The features included in PingSafe justify its price point."
"We are using the open-source version for the scans."
"The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."
"Cost-wise, it's similar to Veracode, but I don't know the exact cost."
"Their licensing model is fairly robust and scalable for our needs. I believe we have reached a reasonable agreement on the licensing to enable hundreds of developers to participate in this product offering. The solution is very tailored towards developers and its licensing model works well for us."
"The product has good pricing."
"Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."
"The pricing is reasonable."
"The solution is less expensive than Black Duck."
"The solution's pricing is neither cheap nor very expensive."
"It's best to be an institutional buyer and directly contact the sales team as they can provide over-the-top discounts for bulk orders."
"The product does not operate on a pay-per-license model."
"I rate the tool's pricing a three out of ten."
"I rate the product’s pricing a six out of ten."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
16%
Manufacturing Company
10%
Insurance Company
5%
Financial Services Firm
15%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
7%
Financial Services Firm
21%
Manufacturing Company
10%
Government
10%
Computer Software Company
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
I am personally not taking care of the pricing part, but when we moved from CrowdStrike to Singularity Cloud Native S...
What needs improvement with PingSafe?
They can provide some kind of alert when a new type of risk is there. There can be a specific type of alert showing t...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to...
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilit...
What needs improvement with Snyk?
I'm not responsible for the tool. As far as I know, there are no major concerns or features that we lack. We had some...
What do you like most about Tenable.io Container Security?
The tool's most valuable feature is scanning, reporting, and troubleshooting.
 

Also Known As

PingSafe
No data available
Tenable FlawCheck, FlawCheck
 

Overview

 

Sample Customers

Information Not Available
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
ServiceMaster
Find out what your peers are saying about Snyk vs. Tenable.io Container Security and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.