We performed a comparison between Rapid7 InsightVM and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management."The most valuable feature for us is the different types of reporting it provides."
"I like Rapid7's scan optimization options."
"The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature."
"This solution's most useful feature is that it is entirely a single-page application."
"The assessment is most valuable."
"Rapid7 have a good distribution network with good support and market presence."
"Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective."
"The feature that I have found most valuable is its dashboards."
"The most valuable feature of Snyk is the SBOM."
"We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful."
"The solution's vulnerability database, in terms of comprehensiveness and accuracy, is very high-level. As far as I know, it's the best among their competitors."
"I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario."
"It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"The solution has great features and is quite stable."
"Rapid7 InsightVM could be easier to use for those who are using it for the first time."
"Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM."
"InsightVM is getting a little stale and is in danger of falling behind its competitors."
"Patch management is the only missing feature I can think of. Rapid7 detects vulnerabilities, but it should also help you manage patches."
"In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time. Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch."
"It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment."
"The reporting is very bad when you compare it with other vulnerability assessment tools."
"The solution could improve by being more secure."
"For the areas that they're new in, it's very early stages for them. For example, their expertise is in looking at third-party components and packages, which is their bread-and-butter and what they've been doing for ages, but for newer features such as static analysis I don't think they've got compatibility for all the languages and frameworks yet."
"We use Bamboo for CI.CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult."
"It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security."
"It would be great if they can include dynamic, interactive, and run-time scanning features. Checkmarx and Veracode provide dynamic, interactive, and run-time scanning, but Snyk doesn't do that. That's the reason there is more inclination towards Veracode, Checkmarx, or AppScan. These are a few tools available in the market that do all four types of scanning: static, dynamic, interactive, and run-time."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"The solution's reporting and storage could be improved."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"The product is very expensive."
Rapid7 InsightVM is ranked 4th in Risk-Based Vulnerability Management with 55 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Rapid7 InsightVM is rated 8.0, while Snyk is rated 8.2. The top reviewer of Rapid7 InsightVM writes "You can scan a network, and receive recommendations to address vulnerabilities with the click of a button". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Rapid7 InsightVM is most compared with Tenable Nessus, Qualys VMDR, Tenable Security Center, Microsoft Defender Vulnerability Management and Rapid7 InsightIDR, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.