We performed a comparison between Snyk and Tenable Nessus based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"The solution has great features and is quite stable."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"The most valuable features are their GitLab and JIRA integrations. The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using."
"Ease of reviewing scores, identifying vulnerabilities, and getting information on them."
"Tenable Nessus is one of the best vulnerability assessment tools, that I know."
"My favorite part about Nessus is that you can customize the tool to scan exactly what you want. Microsoft releases new patches monthly on Patch Tuesday, and a lot of companies track that date. I set up Nessus for the day after Patch Tuesday to see which devices have already pushed those updates from Microsoft, so we can stay updated."
"Nessus' most valuable feature is vulnerability management because it helps to discover vulnerabilities proactively and integrates with patch management solutions so you can push patches."
"Tenable Nessus has a good performance, is very user-friendly, and is easy to use."
"Nessus is effortless to integrate."
"The plug-in text information is quite useful."
"Overall Zoom is a good solution."
"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."
"For the areas that they're new in, it's very early stages for them. For example, their expertise is in looking at third-party components and packages, which is their bread-and-butter and what they've been doing for ages, but for newer features such as static analysis I don't think they've got compatibility for all the languages and frameworks yet."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"The solution's reporting and storage could be improved."
"It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security."
"Basically the licensing costs are a little bit expensive."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
"I think the reporting templates could be improved with Tenable Nessus."
"There should be a possibility to install agents on scanned machines. Tenable IO provides the capability of using local agents to check local problems, but this feature is not there in Tenable Nessus Professional. It would be nice to have something similar in Tenable Nessus Professional. We should have the capability to use local agents installed on the machines to locally check a problem."
"One area that has room for improvement is the reporting. I'm preparing reports for Windows and Linux machines, etc. Currently, I'm collecting three or four reports and turning them into one report. I don't know if it is possible to combine all of them in one report, but that would be helpful."
"Online learning could be a bit better."
"Tenable Nessus application device assessment is one of the top tools. However, in the application security assessment, there are other tools that provide better, and more accurate findings."
"The interface is a little bit clunky, and the reporting is not marvelous. There should be better integration of reporting between instances. Currently, the instance stands alone, and it produces a report. Being able to amalgamate those reports with another instance will be useful."
"The problems I faced with Tenable Nessus were related to its dashboard's customization capabilities and its ability to provide data to third-party sources."
"We'd like to see the solution embrace more user-friendliness."
Snyk is ranked 4th in Application Security Tools with 41 reviews while Tenable Nessus is ranked 3rd in Vulnerability Management with 75 reviews. Snyk is rated 8.2, while Tenable Nessus is rated 8.4. The top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". On the other hand, the top reviewer of Tenable Nessus writes "Unlimited assets for one price and quick, agentless results". Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode, whereas Tenable Nessus is most compared with Qualys VMDR, Rapid7 InsightVM, Tenable Vulnerability Management, Tenable Security Center and Wiz.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.