We performed a comparison between Qualys VMDR and Snyk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Qualys VMDR is praised for its user-friendly interface, prioritization system, and customizable dashboard. It effectively addresses vulnerabilities and offers valuable scanning capabilities. Snyk users highlighted its developer-friendly approach, automatic pull requests, and software composition analysis features. Reviewers said Qualys VMDR could improve by offering more customization options and integrating more seamlessly with other systems. The interface could be clearer, and Qualys could enhance scanning capabilities for IoT and industrial control systems. Snyk should focus on improving compatibility, reporting, and automatic remediation.
Service and Support: Qualys VMDR's customer service is mostly considered accessible and responsive. However, some reviewers reported slow response times and expressed a desire for more skilled support personnel. Some Snyk customers found the solution's support to be dependable. Others say Snyk should overhaul how it categorizes and prioritizes support requests. Both products offer sufficient support, but Qualys VMDR appears to leave a more positive impression in terms of customer service.
Ease of Deployment: Qualys VMDR is considered uncomplicated and efficient, requiring only a short amount of time. A few users encountered challenges with integration and ensuring data privacy. Snyk users were somewhat divided about the product's setup difficulty. Some found it to be straightforward and fast, while others needed additional guidance. The time needed to implement Snyk could range from several days up to a couple of weeks.
Pricing: The cost of Qualys VMDR varies depending on the organization's business requirements. Some find it affordable, but others consider it costly compared to alternatives. Snyk's pricing is on the higher end of the spectrum, but it is regarded as reasonably priced for the features it offers.
ROI: Qualys VMDR is highly efficient in identifying vulnerabilities and reducing risks. Snyk offers a cost-effective solution for addressing bugs sooner in the development process, offsetting the high annual subscription fees.
Comparison Results: Our users prefer Qualys VMDR over Snyk for its robust features, such as continuous monitoring and a customizable dashboard. Users appreciate the great technical support and find the solution stable and reliable. Snyk needs improvement in terms of reporting and customer support. Also, Qualys VMDR's pricing is competitive, while Snyk's license is relatively expensive.
"What I like about Qualys VM is the dashboard presentation. It's very good."
"Qualys VM is very stable."
"I like Qualys because it is a very complete product, more so than Tenable."
"The solution shows us classic categories, including high, medium, and low risks. It also shows critical items, and that gives us the advantage of prioritizing things."
"I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned. I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first. I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report. The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile."
"The features that are most valuable are the identification, scan features, and the identification of vulnerabilities."
"They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability."
"Tech support is helpful."
"We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"It is easy for developers to use. The documentation is clear as well as the APIs are good and easily readable. It's a good solution overall."
"Snyk categorizes the level of vulnerability into high, medium, and low, which helps organizations prioritize which issues to tackle first."
"We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"Snyk is a good and scalable tool."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"Qualys Container Security can improve the interface. It could be easier to navigate and be enriched."
"Qualys VM's machine learning and artificial intelligence features could be improved."
"There seems to be a lack of easy onboarding into Qualys."
"I would like to see this solution simplified to work more easily in a multi-cloud environment."
"The reporting and the GUI need improvements."
"There needs to be better documentation."
"Endpoint stability and fault resolution could be improved."
"The customer support is very bad."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
"It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security."
"Compatibility with other products would be great."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
Qualys VMDR is ranked 11th in Container Security with 76 reviews while Snyk is ranked 5th in Container Security with 41 reviews. Qualys VMDR is rated 8.2, while Snyk is rated 8.2. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Veracode and GitHub Advanced Security. See our Qualys VMDR vs. Snyk report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.