Snyk vs Tenable.io Web Application Scanning comparison

Snyk and Tenable are both solutions in the Application Security Tools category. Snyk is ranked #4 with an average rating of 8.0, while Tenable is ranked #21 with an average rating of 7.5. Snyk holds a 7.6% mindshare in AS, compared to Tenable’s 1.3% mindshare. Additionally, 100% of Snyk users are willing to recommend the solution, compared to 92% of Tenable users who would recommend it.

Snyk

Read 43 Snyk reviews

14,638 Views
10,485 Comparison Views

100% willing to recommend

Tenable.io Web Application ...

Read 15 Tenable.io Web Application Scanning reviews

2,526 Views
1,946 Comparison Views

92% willing to recommend

Snyk

Tenable.io Web Application ...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Tenable.io Web Application Scanning and Snyk are key players in application security. Snyk tends to be preferred due to developer-friendly integrations and seamless developer workflow integration.

Features: Tenable.io is recognized for comprehensive vulnerability detection and usability in finding security issues. It simplifies identifying vulnerabilities and provides a user-friendly interface. Its straightforward use is an advantage. Snyk, however, stands out in managing open source vulnerabilities and its real-time scanning works well within CI/CD pipelines. Snyk’s integration gives quick development feedback, essential for agile teams.

Room for Improvement: Tenable.io could improve in supporting cloud environments, enhancing its reporting options, and refining its user interface for more intuitive navigation. Snyk can develop more enterprise-focused features, improve compliance tracking, and expand policy control options.

Ease of Deployment and Customer Service: Tenable.io is appreciated for a simple deployment process and responsive customer support, providing strong backing to its functionalities. Snyk quickly integrates into existing developer environments, although customer support quality can vary.

Pricing and ROI: Tenable.io is frequently viewed as cost-effective, ideal for organizations with limited budgets due to its pricing model, which offers substantial value for money. While Snyk may be more expensive, it offers high ROI through its comprehensive integration features and impact on secure software development processes.

To learn more, read our detailed Snyk vs. Tenable.io Web Application Scanning Report (Updated: October 2024).

Buyer's Guide

Snyk vs. Tenable.io Web Application Scanning

October 2024

Download the complete report

Helped 814,572 peers since 2012

Categories and Ranking

Snyk

Ranking in Application Security Tools

4th

Average Rating

8.2

Reviews Sentiment

7.3

Number of Reviews

Ranking in other categories

Container Security (7th), Software Composition Analysis (SCA) (3rd), Software Development Analytics (2nd), DevSecOps (1st)

Tenable.io Web Application ...

Ranking in Application Security Tools

21st

Average Rating

7.6

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of Snyk is 7.6%, down from 8.5% compared to the previous year. The mindshare of Tenable.io Web Application Scanning is 1.3%, down from 1.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Featured Reviews

Jayashree Acharyya

Director at PepsiCo

Mar 4, 2024

Used for image scanning and identifying vulnerabilities, but its integration with other services could be improved

The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not. We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline. Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance. The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub. Overall, I rate the solution a seven out of ten.

Read full review

Harshal Deshmukh

CEO and Managing Director at Digidata Infsystems Private Limited

Jul 12, 2024

Simple tool to use, good dashboard capabilities and offers asset criticality ratings

It's nice to work with because it gives good results for web application scanning according to OWASP Top 10 and NISC. It's also a very simple tool to use It supports cybersecurity strategy. For me, it works. AndI sell this tool to my customers, and they are also happy with it. It has good…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Snyk is a developer-friendly product."

"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."

"Snyk's focus on security is a valuable feature. Also Snyk supports multiple programming languages, which has positively affected my security practices. I use only two or three languages, and when I change the language in a file, it detects it in the same suite. I find the AI-powered scanning overall beneficial.Using Snyk's AI-powered scanning, I can detect around ten or twenty errors in my project with about twenty thousand lines of code, so it helps improve my project by identifying a lot of potential vulnerabilities."

"The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact."

"The product's most valuable features are an open-source platform, remote functionality, and good pricing."

"It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."

"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."

"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."

More Snyk pros

"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."

"It is fully automated."

"The solution's instant reports feature is the most effective for detecting threats."

"The initial setup is straightforward."

"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."

"Tenable.io Web Application Scanning is very easy to use."

"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."

"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities."

More Tenable.io Web Application Scanning pros

Cons

"I use Snyk alongside Sonar, and Snyk tends to generate a lot of false positives. Improving the overall report quality and reducing false positives would be beneficial. I don't need additional features; just improving the existing ones would be enough."

"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."

"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."

"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."

"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."

"The solution's integration with JFrog Artifactory could be improved."

"A feature we would like to see is the ability to archive and store historical data, without actually deleting it. It's a problem because it throws my numbers off. When I'm looking at the dashboard's current vulnerabilities, it's not accurate."

"Basically the licensing costs are a little bit expensive."

More Snyk cons

"Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive."

"Tenable.io Web Application Scanning could improve by offering faster fuzzing."

"Sometimes it lags with different cloud environments."

"I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."

"It isn't easy to manage vulnerabilities in Tenable."

"The reporting has a very limited customization capability."

"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."

"Tenable.io Web Application Scanning conducts a general scan, which wastes time. The scan needs to be specific."

More Tenable.io Web Application Scanning cons

Pricing and Cost Advice

"The product's price is okay."

"I would rate the pricing of Snyk at two. I'm currently using the free version, which the company offers before buying the full version. So, the price is affordable, especially for an enterprise."

"Snyk is an expensive solution."

"It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website."

"Snyk is a premium-priced product, so it's kind of expensive. The big con that I find frustrating is when a company charges extra for single sign-on (SSO) into their SaaS app. Snyk is one of the few that I'm willing to pay that add-on charge, but generally I disqualify products that charge an extra fee to do integrated authentication to our identity provider, like Okta or some other SSO. That is a big negative. We had to pay extra for that. That little annoyance aside, it is expensive. You get a lot out of it, but you're paying for that premium."

"The price is good. Snyk had a good price compared to the competition, who had higher pricing than them. Also, their licensing and billing are clear."

"It is pretty expensive. It is not a cheap product."

"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."

More Snyk pricing and cost advice

"The application is extremely affordable. There are no additional costs involved with licensing. We switched to Tenable.io Web Application Scanning from other solutions due to pricing."

"I rate the product's pricing a four out of ten."

"The pricing is okay."

"Tenable.io Web Application Scanning is expensive for small businesses."

"The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage."

"For Tenable.io Web Application Scanning, it comes to around 6,50,000 Indian rupees, plus taxes."

"It follows the same licensing scheme as Tenable.io and Tenable. sc."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

814,572 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

15%

Computer Software Company

15%

Manufacturing Company

Insurance Company

Computer Software Company

16%

Financial Services Firm

13%

Government

12%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

How does Snyk compare with SonarQube?

Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...

See all answers

What do you like most about Snyk?

The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.

See all answers

What needs improvement with Snyk?

I'm not responsible for the tool. As far as I know, there are no major concerns or features that we lack. We had some issues integrating into our pipeline, however, they were resolved.

See all answers

What do you like most about Tenable.io Web Application Scanning?

The most effective feature of the product is the ability to scan the entire environment.

See all answers

What needs improvement with Tenable.io Web Application Scanning?

We would like some additional features. Sometimes it lags with different cloud environments. Private clouds are becoming more common, and the integration lags with those compared to AWS, Azure, or ...

See all answers

What advice do you have for others considering Tenable.io Web Application Scanning?

Overall, I would rate it an eight out of ten. We deploy it for customers, and it's very easy to deploy. Some people are worried about the cost, but we try to sell it at a good rate, less than the o...

See all answers

Comparisons

GitHub Advanced Security vs Snyk

Compared 13% of the time

SonarQube Server (formerly SonarQube) vs Snyk

Compared 12% of the time

Black Duck vs Snyk

Compared 11% of the time

Wiz vs Snyk

Compared 6% of the time

Fortify Static Code Analyzer vs Snyk

Compared 6% of the time

More Snyk Competitors

Acunetix vs Tenable.io Web Application Scanning

Compared 27% of the time

PortSwigger Burp Suite Professional vs Tenable.io Web Application Scanning

Compared 12% of the time

Qualys Web Application Scanning vs Tenable.io Web Application Scanning

Compared 11% of the time

Fortify on Demand vs Tenable.io Web Application Scanning

Compared 10% of the time

SonarQube Server (formerly SonarQube) vs Tenable.io Web Application Scanning

Compared 8% of the time

More Tenable.io Web Application Scanning Competitors

Product Reports

Buyer's Guide

Snyk

October 2024

Download Snyk product report

Buyer's Guide

Application Security Tools

October 2024

Tenable.io Web Application Scanning report

Download Tenable.io Web Application Scanning product report

Learn More

Snyk

Tenable

Overview

Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.

Benefits of Snyk

Some of the benefits of using Snyk include:

Conserves resources: Snyk easily integrates with other security solutions and uses their security features to ensure that the work that users are doing is completely secure. These integrations allow them to protect themselves without pulling resources from their continued integration or continued delivery workflows. Resources can be conserved for areas of the greatest need.

Highly flexible: Snyk enables users to customize the system’s security automation features to meet their needs. Users can guarantee that the automation performs the functions that are most essential for their current project. Additionally, users are able to maintain platform governance consistency across their system.

Keeps users ahead of emerging threats. Snyk employs a database of threats that help it detect and keep track of potential issues. This database is constantly being updated to reflect the changes that take place in the realm of cybersecurity. It also uses machine learning. Users are prepared to deal with new issues as they arise.

Automatically scans projects for threats. Snyk’s command-line interface enables users to schedule the solution to run automatic scans of their projects. Time and manpower can be conserved for the areas of greatest need without sacrificing security.

Reviews from Real Users

Snyk is a security platform for developers that stands out among its competitors for a number of reasons. Two major ones are its ability to integrate with other security solutions and important insights that it can enable users to discover. Snyk enables users to combine its already existing security features with those of other solutions to create far more robust and flexible layers of security than what it can supply on its own. It gives users the ability to dig into the security issues that they may experience. Users are given a clear view of the root causes of these problems. This equips them to address the problem and prevent similar issues in the future.

Cameron G., a security software engineer at a tech company, writes, “The most valuable features are their GitLab and JIRA integrations.The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using. Snyk is something of a bridge that we use; we get our projects into it and then get the information out of it. Those two integrations are crucial for us to be able to do that pretty simply.”

Sean M., the chief information security officer of a technology vendor, writes, "From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."

Tenable.io Web Application Scanning safely, accurately and automatically scans your web applications, providing deep visibility into vulnerabilities and valuable context to prioritize remediation.

Sample Customers

StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief

IMDEX

Buyer's Guide

Snyk vs. Tenable.io Web Application Scanning

October 2024

Free Report: Snyk vs. Tenable.io Web Application Scanning

Find out what your peers are saying about Snyk vs. Tenable.io Web Application Scanning and other solutions. Updated: October 2024.

DOWNLOAD NOW

814,572 professionals have used our research since 2012.

See our Snyk vs. Tenable.io Web Application Scanning report.

See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.