We performed a comparison between Snyk and Tenable Nessus based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The most valuable feature of Snyk is the software composition analysis."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"Snyk is a good and scalable tool."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"We're loving some of the Kubernetes integration as well. That's really quite cool. It's still in the early days of our use of it, but it looks really exciting. In the Kubernetes world, it's very good at reporting on the areas around the configuration of your platform, rather than the things that you've pulled in. There's some good advice there that allows you to prioritize whether something is important or just worrying. That's very helpful."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"We have done code scanning for a long period because as a company, we do DevOps as part of our development life cycle."
"Among the most valuable features are scanning for vulnerabilities and the reporting. The reporting templates are okay. I like that I can see all the hosts with different vulnerabilities."
"The product's most valuable features are vulnerability and asset management. It can define the rules and validate the configuration."
"Overall Zoom is a good solution."
"The trial version is very good for testing whether it will suit your needs."
"The initial setup is very straightforward."
"A valuable feature of the solution is that it is easy to understand."
"Nessus' most valuable feature is vulnerability management because it helps to discover vulnerabilities proactively and integrates with patch management solutions so you can push patches."
"The solution's reporting and storage could be improved."
"The tool's initial use is complex."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"The product is very expensive."
"The feature for automatic fixing of security breaches could be improved."
"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."
"EQA's and dashboards should be addressed in the next release."
"They should improve the I/O reporting and the customized spreadsheet export feature."
"I have found it is sometimes difficult to control the Zoom meeting sessions. For example, it is difficult to know who is talking and when trying to mute everyone but the speaker you end up muting everyone. When using multiple screens it is laborious to find the control buttons, such as to start a session. Additionally, when a recording is done I have found it difficult to find them, there should be an easier way to retrieve them."
"The tool needs to upgrade asset tracking."
"Tenable Nessus could improve reporting and information sharing. It would be helpful if we could share the reports and have a little bit better flexibility in the reporting of the data."
"Scans aren't done properly and some devices aren't pinged."
"It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear."
"From my point of view the solution basically is not for the big enterprise."
Snyk is ranked 4th in Application Security Tools with 41 reviews while Tenable Nessus is ranked 3rd in Vulnerability Management with 75 reviews. Snyk is rated 8.2, while Tenable Nessus is rated 8.4. The top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". On the other hand, the top reviewer of Tenable Nessus writes "Unlimited assets for one price and quick, agentless results". Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Veracode and GitHub Advanced Security, whereas Tenable Nessus is most compared with Qualys VMDR, Rapid7 InsightVM, Tenable Security Center, Tenable Vulnerability Management and Wiz.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.