We performed a comparison between CoreOS Clair and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Palo Alto Networks, Wiz, Microsoft and others in Container Security."PingSafe's most valuable feature is its unified console."
"It used to guide me about an alert. There is something called an alert guide. I used to click on the alert guide, and I could read everything. I could read about the alert and how to resolve it. I used to love that feature."
"PingSafe released a new security graph tool that helps us identify the root issue. Other tools give you a pass/fail type of profile on all misconfigurations, and those will run into the thousands. PingSafe's graphing algorithm connects various components together and tries to identify what is severe and what is not. It can correlate various vulnerabilities and datasets to test them on the back end to pinpoint the real issue."
"PingSafe has a dashboard that can detect the criticality of a particular problem, whether it falls under critical, medium, or low vulnerability."
"My favorite feature is Storyline."
"It is fairly simple. Anybody can use it."
"PingSafe's graph explorer is a valuable tool that lets us visualize all connected services."
"It is advantageous in terms of time-saving and cost reduction."
"CoreOS Clair's best feature is detection accuracy."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"I am impressed with the product's security vulnerability detection. My peers in security are praising the tool for its accuracy to detect security vulnerabilities. The product is very easy to onboard. It doesn't require a lot of preparation or prerequisites. It's a bit of a plug-and-play as long as you're using a package manager or for example, you are using a GitHub repository. And that is an advantage for this tool because developers don't want to add more tools to what they're currently using."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."
"The most valuable feature of Snyk is the software composition analysis."
"Our customers find container scans most valuable. They are always talking about it."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"One of our use cases was setting up a firewall for our endpoints, specifically for our remote users... We were hoping to utilize SentinelOne's firewall capabilities, but there were limitations on how many URLs we could implement. Because of those limitations on the number of URLs, we weren't able to utilize that feature in the way we had hoped to."
"The Kubernetes scanning on the Oracle Cloud needs to be improved. It's on the roadmap. AWS has this capability, but it's unavailable for Oracle Cloud."
"Currently, we would have to export our vulnerability report to an .xlsx file, and review it in an Excel spreadsheet, and then we sort of compile a list from there. It would be cool if there was a way to actually toggle multiple applications for review and then see those file paths on multiple users rather than only one user at a time or only one application at a time."
"Sometimes the Storyline ID is a bit wacky."
"They can work on policies based on different compliance standards."
"If I had to pick a complaint, it would be the way the hosts are listed in the tool. You have different columns separated by endpoint name, Cloud Account, and Cloud Instances ID. I wish there was something where we could change the endpoint name and not use just the IP address. We would like to have custom names or our own names for the instances. If I had a complaint, that would be it, but so far, it meets all the needs that we have."
"Maybe container runtime security could be improved."
"One area for improvement could be the internal analysis process, specifically the guidance provided for remediation."
"An area for improvement is that CoreOS Clair doesn't provide information about the location of vulnerabilities it detects."
"The feature for automatic fixing of security breaches could be improved."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."
"I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
CoreOS Clair is ranked 26th in Container Security with 1 review while Snyk is ranked 5th in Container Security with 41 reviews. CoreOS Clair is rated 8.0, while Snyk is rated 8.2. The top reviewer of CoreOS Clair writes "Excellent detection accuracy". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". CoreOS Clair is most compared with JFrog Xray, Red Hat Advanced Cluster Security for Kubernetes, Prisma Cloud by Palo Alto Networks, Aqua Cloud Security Platform and Qualys VMDR, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.