We performed a comparison between Rapid7 Metasploit and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, SentinelOne and others in Vulnerability Management."It is scalable. It's in line with our needs."
"I use Rapid7 Metasploit for payload generation and Post-Exploitation."
"It allows us to concentrate solely on identified vulnerabilities without the hassle of additional setup."
"The tool's most useful feature for penetration testing is its automation capabilities. With the professional edition, you can upload the results from Nessus in the Rapid7 Metasploit solution portal."
"The most valuable features of the solution are the scripts, the modules, and the tools that the Rapid7 Metasploit framework has."
"Technical support has been helpful and responsive."
"Rapid7 Metasploit is a useful product."
"Stability-wise, I rate the solution a nine out of ten...Scalability-wise, I rate the solution a nine out of ten."
"A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools."
"Snyk categorizes the level of vulnerability into high, medium, and low, which helps organizations prioritize which issues to tackle first."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario."
"We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful."
"Snyk helps me pinpoint security errors in my code."
"The product's most valuable features are an open-source platform, remote functionality, and good pricing."
"Rapid7 Metasploit could be made easier for new users to learn."
"There are numerous outdated exploits in their database that should be updated."
"It is necessary to add some training materials and a tutorial for beginners."
"The initial setup was a bit "tweaky" for the open-source version."
"The solution is not very scalable, it does not provide any automation to be able to scale it."
"The solution is not user-friendly and has room for improvement."
"Better automation capabilities would be an improvement."
"I would like to see more capabilities, more functions, and more features. More types of attack vectors."
"We use Bamboo for CI.CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult."
"It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security."
"Basically the licensing costs are a little bit expensive."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"Generating reports and visibility through reports are definitely things they can do better."
Rapid7 Metasploit is ranked 13th in Vulnerability Management with 18 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Rapid7 Metasploit is rated 7.6, while Snyk is rated 8.2. The top reviewer of Rapid7 Metasploit writes "Helps find vulnerabilities in a system to determine whether the system needs to be upgraded". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Rapid7 Metasploit is most compared with Tenable Nessus, Pentera, Acunetix, Rapid7 InsightVM and Nucleus, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.