We performed a comparison between Qualys VMDR and Snyk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Qualys VMDR is praised for its user-friendly interface, prioritization system, and customizable dashboard. It effectively addresses vulnerabilities and offers valuable scanning capabilities. Snyk users highlighted its developer-friendly approach, automatic pull requests, and software composition analysis features. Reviewers said Qualys VMDR could improve by offering more customization options and integrating more seamlessly with other systems. The interface could be clearer, and Qualys could enhance scanning capabilities for IoT and industrial control systems. Snyk should focus on improving compatibility, reporting, and automatic remediation.
Service and Support: Qualys VMDR's customer service is mostly considered accessible and responsive. However, some reviewers reported slow response times and expressed a desire for more skilled support personnel. Some Snyk customers found the solution's support to be dependable. Others say Snyk should overhaul how it categorizes and prioritizes support requests. Both products offer sufficient support, but Qualys VMDR appears to leave a more positive impression in terms of customer service.
Ease of Deployment: Qualys VMDR is considered uncomplicated and efficient, requiring only a short amount of time. A few users encountered challenges with integration and ensuring data privacy. Snyk users were somewhat divided about the product's setup difficulty. Some found it to be straightforward and fast, while others needed additional guidance. The time needed to implement Snyk could range from several days up to a couple of weeks.
Pricing: The cost of Qualys VMDR varies depending on the organization's business requirements. Some find it affordable, but others consider it costly compared to alternatives. Snyk's pricing is on the higher end of the spectrum, but it is regarded as reasonably priced for the features it offers.
ROI: Qualys VMDR is highly efficient in identifying vulnerabilities and reducing risks. Snyk offers a cost-effective solution for addressing bugs sooner in the development process, offsetting the high annual subscription fees.
Comparison Results: Our users prefer Qualys VMDR over Snyk for its robust features, such as continuous monitoring and a customizable dashboard. Users appreciate the great technical support and find the solution stable and reliable. Snyk needs improvement in terms of reporting and customer support. Also, Qualys VMDR's pricing is competitive, while Snyk's license is relatively expensive.
"The management console is highly intuitive to comprehend and operate."
"PingSafe can integrate all your cloud accounts and resources you create in the AWS account, We have set it up to scan the AWS transfer services, EC2, security groups, and GitHub."
"The solution helped free other staff to work on other projects or other tasks. We basically just had to do a bunch of upfront configuring. With it, we do not have to spend as much time in the console."
"There's real-time threat detection. It can show threats and find issues based on their severity and helps us with real-time monitoring."
"The most valuable feature is the ability to gain deep visibility into the workloads inside containers."
"PingSafe's integration is smooth. They are highly customer-oriented, and the integration went well for us."
"Cloud Native Security offers attack path analysis."
"The mean time to detect has been reduced."
"Qualys VM has allowed us to know the vulnerabilities we need to prioritize based on the threat levels and the possible impact if there's an intrusion."
"Monitors workstations and servers for vulnerabilities and creates reports."
"Qualys VM's most valuable feature is automatic detection."
"They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability."
"The initial setup is straightforward."
"It's really beneficial for scanning and interacting with the agent."
"The initial setup was good. We didn't have any problems with it."
"The process of defining and discovering scans is organized efficiently."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"It's very easy for developers to use. Onboarding was an easy process for all of the developers within the company. After a quick, half-an-hour to an hour session, they were fully using it on their own. It's very straightforward. Usability is definitely a 10 out of 10."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"The product's most valuable features are an open-source platform, remote functionality, and good pricing."
"We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"The solution has great features and is quite stable."
"Currently, we would have to export our vulnerability report to an .xlsx file, and review it in an Excel spreadsheet, and then we sort of compile a list from there. It would be cool if there was a way to actually toggle multiple applications for review and then see those file paths on multiple users rather than only one user at a time or only one application at a time."
"I want PingSafe to integrate additional third-party resources. For example, PingSafe is compatible with Azure and AWS, but Azure AD isn't integrated with AWS. If PingSafe had that ability, it would enrich the data because how users interact with our AWS environment is crucial. All the identity-related features require improvement."
"There is room for improvement in the current active licensing model for PingSafe."
"PingSafe takes four to five hours to detect and highlight an issue, and that time should be reduced."
"I would like PingSafe to add real-time detection of vulnerabilities and cloud misconfigurations."
"We'd like to have better notifications. We'd like them to happen faster."
"I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes."
"The categorization of the results from the vulnerability assessment could be improved."
"I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities."
"They have integrated with other third parties, but it is still not viable."
"Sometimes the scanning can get overwhelmed and start to drag when a lot of users are trying to scan at once."
"Qualys should improve their customer experience. They need to improve the tech support experience and the turnaround time."
"Qualys does have an on-prem solution, but it is very expensive."
"The reporting needs improvement. It should generate much more stuff like field reports."
"It's not very user-friendly at times and requires in-depth understanding. So, a layman or someone new to Qualys won't be able to easily understand it. You need education to use the solution."
"The tool needs to improve the adding assets and report generation features. I would like to see the policy scan of offline appliances in the product's future releases."
"There is always more work to do around managing the volume of information when you've got thousands of vulnerabilities. Trying to get those down to zero is virtually impossible, either through ignoring them all or through fixing them. That filtering or information management is always going to be something that can be improved."
"The solution's integration with JFrog Artifactory could be improved."
"It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"One area where Snyk could improve is in providing developers with the line where the error occurs."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
Qualys VMDR is ranked 11th in Container Security with 77 reviews while Snyk is ranked 5th in Container Security with 41 reviews. Qualys VMDR is rated 8.2, while Snyk is rated 8.2. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode. See our Qualys VMDR vs. Snyk report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.