We performed a comparison between Snyk and Tenable Nessus based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."Snyk is a developer-friendly product."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."
"I am impressed with the product's security vulnerability detection. My peers in security are praising the tool for its accuracy to detect security vulnerabilities. The product is very easy to onboard. It doesn't require a lot of preparation or prerequisites. It's a bit of a plug-and-play as long as you're using a package manager or for example, you are using a GitHub repository. And that is an advantage for this tool because developers don't want to add more tools to what they're currently using."
"Static code analysis is one of the best features of the solution."
"A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"Our customers find container scans most valuable. They are always talking about it."
"The most valuable features of Tenable Nessus are the scanning option. Advanced scanning is highly useful. The offline config audits and application assessments are useful."
"Tenable Nessus is an absolutely stable and fantastic product."
"Tenable integrates well with other solutions such as SIEM and batch management."
"I like this solution because it is complete. It can scan and check many types of vulnerabilities. It can also check for compliance."
"It is a mature tool."
"Tenable Nessus has a good performance, is very user-friendly, and is easy to use."
"The reports are pretty nice and easy to understand."
"Once you get past the initial implementation, the solution is very stable."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"Basically the licensing costs are a little bit expensive."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
"The feature for automatic fixing of security breaches could be improved."
"It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security."
"Remediation needs improvement."
"There should be a possibility to install agents on scanned machines. Tenable IO provides the capability of using local agents to check local problems, but this feature is not there in Tenable Nessus Professional. It would be nice to have something similar in Tenable Nessus Professional. We should have the capability to use local agents installed on the machines to locally check a problem."
"Multiple steps to create an actionable plan will be a great addition to Nessus."
"Tenable Nessus could improve the price."
"The price and scalability of the solution could improve."
"I would like to have a management option after the network scanning."
"One significant drawback we encounter is the tool's tendency to flag patched packages incorrectly. For instance, if a package is patched by Debian maintainers but not updated to a major or minor version, Nessus may still flag it as vulnerable based on its database. This discrepancy leads to false alarms and requires our developers, system admins, and DevOps teams to address them."
"I think the reporting templates could be improved with Tenable Nessus."
Snyk is ranked 4th in Application Security Tools with 41 reviews while Tenable Nessus is ranked 3rd in Vulnerability Management with 75 reviews. Snyk is rated 8.2, while Tenable Nessus is rated 8.4. The top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". On the other hand, the top reviewer of Tenable Nessus writes "Unlimited assets for one price and quick, agentless results". Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode, whereas Tenable Nessus is most compared with Qualys VMDR, Rapid7 InsightVM, Tenable Vulnerability Management, Tenable Security Center and Wiz.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.