We performed a comparison between Rapid7 InsightVM and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management."The assessment is most valuable."
"The solution scales well."
"InsightVM's best features are the vulnerability database and remediation steps."
"The most valuable feature is the site scanning, where we can provide a complete subnet and what it is we need to scan on those devices."
"The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature."
"The reports in Rapid7 InsightVM are useful when compared to competitors."
"I rate InsightVM eight out of 10 for ease of setup. It takes two or three engineers to deploy. The solution requires some maintenance. It's mainly cleaning up data."
"It's very scalable."
"The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"Snyk has given us really good results because it is fully automated. We don't have to scan projects every time to find vulnerabilities, as it already stores the dependencies that we are using. It monitors 24/7 to find out if there are any issues that have been reported out on the Internet."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"Our customers find container scans most valuable. They are always talking about it."
"The product's most valuable features are an open-source platform, remote functionality, and good pricing."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"The solution could improve by being more secure."
"The team needs to improve the speed and focus on the new bandwidth feed. Sometimes, it takes a while to scan, especially with new updates."
"The solution needs to improve its vulnerability design to include CVC results."
"Some of our customers want to be completely cloud based, and Rapid7 doesn't offer this as an option."
"There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version."
"It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment."
"Their customer support should be improved, and the effectiveness of scans also needs to be improved."
"One area I would like to improve in InsightVM is its integration with other solutions."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"Generating reports and visibility through reports are definitely things they can do better."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"Could include other types of security scanning and statistical analysis"
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"The tool needs improvement in license compliance. I would like to see the integration of better policy management in the product's future release. When it comes to the organization that I work for, there are a lot of business units since we are a group of companies. Each of these companies has its specific requirements and its own appetite for risk. This should be able to reflect in flexible policies. We need to be able to configure policies that can be adjusted later or overridden by the business unit that is using the product."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
Rapid7 InsightVM is ranked 4th in Risk-Based Vulnerability Management with 55 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Rapid7 InsightVM is rated 8.0, while Snyk is rated 8.2. The top reviewer of Rapid7 InsightVM writes "You can scan a network, and receive recommendations to address vulnerabilities with the click of a button". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Rapid7 InsightVM is most compared with Tenable Nessus, Qualys VMDR, Tenable Security Center, Microsoft Defender Vulnerability Management and Wiz, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.