We performed a comparison between Snyk and Tenable Security Center based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."Snyk categorizes the level of vulnerability into high, medium, and low, which helps organizations prioritize which issues to tackle first."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"Snyk helps me pinpoint security errors in my code."
"The most valuable features are their GitLab and JIRA integrations. The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"The solution is completely stable and operation is user-friendly."
"Initial setup was pretty straightforward."
"The tool's dashboard and reporting capabilities match our company's needs since we are able to modify the basic view to create a new dashboard, and it works out very well for our needs."
"This solution has a much lower rate of false positives compared to competing products."
"The scanning part, the agent part – that's the valuable aspect."
"The most valuable feature of this solution is the vulnerability assessment."
"It is a very good and user-friendly product."
"I think that this is a good solution for evaluating vulnerability in the network."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."
"I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks."
"One area where Snyk could improve is in providing developers with the line where the error occurs."
"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry. They have a pretty good knowledge base, but Veracode is on top because Veracode has been in this business for a pretty long time. They do have a pretty large database of all the findings, and the way that the correlation engine works is superb. Snyk is also pretty good, but it is not as good as Veracode in terms of maintaining a large space of all the historical data of vulnerabilities."
"The product should provide risk-based vulnerability management."
"The solution should provide better web application features and support."
"There's a lot of information being streamed out of the reports. What would be nice, and maybe we just haven't found it, would be more of an executive-type view. We still expect it to collect all this information, but we would like a feature that would allow us to show it to an executive or a director or someone like that and give them some type of high-level overview but not get into the nitty-gritty."
"It's good at creating information, it's good creating dashboards, it's good at creating reports, but if you want to take that reporting metadata and put it into another tool, that is a little bit lacking."
"The reporting side can be improved. The dashboards are nice, but exporting things out for reports for management was a little tough."
"Deploying Tenable.sc is highly complex because it's an on-prem solution, whereas Tenable.io is cloud-based, so you can go live as soon as you log in. Tenable.sc involves significant integration with other on-prem solutions, and the deployment takes about two to three weeks with the help of a system integrator"
"The GUI could be improved to have all concerns and priorities use the same GUI, allowing them to see all tickets, assign vulnerabilities, and assign variation failures to each member of their team."
"We are facing some challenges related to our channel."
Snyk is ranked 4th in Application Security Tools with 41 reviews while Tenable Security Center is ranked 1st in Risk-Based Vulnerability Management with 48 reviews. Snyk is rated 8.2, while Tenable Security Center is rated 8.2. The top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". On the other hand, the top reviewer of Tenable Security Center writes "A security solution for vulnerability assessment with automated scans". Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode, whereas Tenable Security Center is most compared with Tenable Vulnerability Management, Qualys VMDR, Rapid7 InsightVM, Tenable Nessus and Horizon3.ai.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.