We performed a comparison between Qualys VMDR and Snyk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Qualys VMDR is praised for its user-friendly interface, prioritization system, and customizable dashboard. It effectively addresses vulnerabilities and offers valuable scanning capabilities. Snyk users highlighted its developer-friendly approach, automatic pull requests, and software composition analysis features. Reviewers said Qualys VMDR could improve by offering more customization options and integrating more seamlessly with other systems. The interface could be clearer, and Qualys could enhance scanning capabilities for IoT and industrial control systems. Snyk should focus on improving compatibility, reporting, and automatic remediation.
Service and Support: Qualys VMDR's customer service is mostly considered accessible and responsive. However, some reviewers reported slow response times and expressed a desire for more skilled support personnel. Some Snyk customers found the solution's support to be dependable. Others say Snyk should overhaul how it categorizes and prioritizes support requests. Both products offer sufficient support, but Qualys VMDR appears to leave a more positive impression in terms of customer service.
Ease of Deployment: Qualys VMDR is considered uncomplicated and efficient, requiring only a short amount of time. A few users encountered challenges with integration and ensuring data privacy. Snyk users were somewhat divided about the product's setup difficulty. Some found it to be straightforward and fast, while others needed additional guidance. The time needed to implement Snyk could range from several days up to a couple of weeks.
Pricing: The cost of Qualys VMDR varies depending on the organization's business requirements. Some find it affordable, but others consider it costly compared to alternatives. Snyk's pricing is on the higher end of the spectrum, but it is regarded as reasonably priced for the features it offers.
ROI: Qualys VMDR is highly efficient in identifying vulnerabilities and reducing risks. Snyk offers a cost-effective solution for addressing bugs sooner in the development process, offsetting the high annual subscription fees.
Comparison Results: Our users prefer Qualys VMDR over Snyk for its robust features, such as continuous monitoring and a customizable dashboard. Users appreciate the great technical support and find the solution stable and reliable. Snyk needs improvement in terms of reporting and customer support. Also, Qualys VMDR's pricing is competitive, while Snyk's license is relatively expensive.
"It is very easy to use and there are lots of options. We can usually easily go through it and all of the things we want to configure, and we can configure everything to our specifications very easily."
"The most valuable feature is the connection of threat intelligence information with identified vulnerabilities, which means you can prioritize vulnerabilities according to actual attacks."
"The most valuable features are vulnerability scanning, policy compliance scanning, and tablet for web application scanning."
"Qualys VM is very stable."
"Provides great functionality."
"Qualys VM had a recent upgrade and the newer version is supporting the cloud."
"The reporting is fine."
"The vulnerability management feature is what I used the most. It is a good SaaS product. It is easy to use. It has a nice UI where you can see all the assets and vulnerabilities."
"I find SCA to be valuable. It can read your libraries, your license and bring the best way to resolve your problem in the best scenario."
"The code scans on the source code itself were valuable."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"Snyk is a developer-friendly product."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."
"Qualys VM's scanner doesn't pick up every vulnerability, so we have to use multiple scanners to cover that gap."
"Qualys Container Security can improve the interface. It could be easier to navigate and be enriched."
"Qualys could improve the inbuilt dashboards."
"I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities."
"Finding things in management can be quite difficult."
"Qualys could be improved in its overall performance compared to other vulnerability management or scanning tools."
"The disadvantage of working with Qualys is that the graphical interface is quite outdated."
"Improve the API speed."
"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."
"It would be great if they can include dynamic, interactive, and run-time scanning features. Checkmarx and Veracode provide dynamic, interactive, and run-time scanning, but Snyk doesn't do that. That's the reason there is more inclination towards Veracode, Checkmarx, or AppScan. These are a few tools available in the market that do all four types of scanning: static, dynamic, interactive, and run-time."
"Snyk's API and UI features could work better in terms of speed."
Qualys VMDR is ranked 11th in Container Security with 77 reviews while Snyk is ranked 5th in Container Security with 41 reviews. Qualys VMDR is rated 8.2, while Snyk is rated 8.2. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Veracode and GitHub Advanced Security. See our Qualys VMDR vs. Snyk report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
