We performed a comparison between HCL AppScan and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The static scans are good, and the SaaS as well."
"We use it as a security testing application."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"The security and the dashboard are the most valuable features."
"There's extensive functionality with custom rules and a custom knowledge base."
"Technical support is helpful."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"What is valuable about Snyk is its simplicity."
"The most valuable feature of Snyk is the software composition analysis."
"Our customers find container scans most valuable. They are always talking about it."
"It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."
"Snyk categorizes the level of vulnerability into high, medium, and low, which helps organizations prioritize which issues to tackle first."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"The product's most valuable features are an open-source platform, remote functionality, and good pricing."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"It has crashed at times."
"One thing which I think can be improved is the CI/CD Integration"
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"Improvement can be done as per customer requirements."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"HCL AppScan needs to improve security."
"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."
"The solution's reporting and storage could be improved."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"Basically the licensing costs are a little bit expensive."
"It would be helpful if we get a recommendation while doing the scan about the necessary things we need to implement after identifying the vulnerabilities."
HCL AppScan is ranked 15th in Application Security Tools with 41 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. HCL AppScan is rated 7.8, while Snyk is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Mend.io, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode. See our HCL AppScan vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.