JFrog Xray Reviews

Name: JFrog Xray
Brand: JFrog
Rating: 4.0 (8 reviews)

Vendor: JFrog

4.0 out of 5

8 reviews
100% willing to recommend

121 followers

Post review

What is JFrog Xray?

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

Get the JFrog Xray Buyer's Guide and find out what your peers are saying about JFrog Xray, Wiz, Microsoft Defender for Cloud and more!

JFrog Xray is the #3 ranked solution in top Software Supply Chain Security solutions, #6 ranked solution in top Software Composition Analysis (SCA) solutions, #20 ranked solution in Container Security Solutions, and #24 ranked solution in top Vulnerability Management solutions. PeerSpot users give JFrog Xray an average rating of 8.0 out of 10. JFrog Xray is most commonly compared to Wiz: JFrog Xray vs Wiz. JFrog Xray is popular among the large enterprise segment, accounting for 78% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 25% of all views.

Helped 831,265 peers since 2012

Featured reviews

Mokshi Pandita

DevOps Engineer at Rambøll Danmark A/S

We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.

Read full review

Sai Pradeep Koneti

DevOps Engineer Intern at University of Nebraska at Omaha

When we were trying to get it up and working initially, I found it a bit hard to go through JFrog Xray's documentation and get my error solved. I was facing some issues because we hadn't got a specific license for the tool, but I was able to access it. As a regular user, I regularly saw an error message saying that the license feature was unavailable for my subscription. After a couple of days, I realized I was missing a license. I had to go back to the JFrog Xray team, who provided me with the new license, and then I could complete the setup.

Read full review

Narendra-Singh

SR IT administrator at Cardinal Integrated Technologies Inc

The speed of JFrog Xray should improve. Other solutions have better performance. JFrog Xray could improve by offering enhancements in the area of vulnerability management. It includes a more user-friendly interface that presents a detailed list of dependencies, including transitory dependencies. This empowers both developers and management to gain a deeper insight into the software's internal workings.

Read full review

JFrog Xray mindshare

Product category:

As of January 2025, the mindshare of JFrog Xray in the Vulnerability Management category stands at 1.2%, up from 0.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Vulnerability Management

PeerAnalyst reports

Type	Title	Date
Category	Vulnerability Management	Jan 21, 2025	Download
Product	Reviews, tips, and advice from real users	Jan 21, 2025	Download
Comparison	JFrog Xray vs Tenable Nessus	Jan 21, 2025	Download
Comparison	JFrog Xray vs Qualys VMDR	Jan 21, 2025	Download
Comparison	JFrog Xray vs Wiz	Jan 21, 2025	Download

Title	Rating	Mindshare	Recommending
Wiz	4.5	11.1%	100%	20 interviews Add to research
Microsoft Defender for Cloud	4.0	5.3%	94%	74 interviews Add to research

Valuable Features

JFrog Xray provides valuable features such as effective reporting and watch policies, excellent scanning and prioritization of vulnerabilities, comprehensive internal dependency displays, integration with Artifactory, and intelligent security alerts. Users appreciate that it enhances project onboarding, ensures clean artifacts, offers deep scanning capabilities, and maintains license compliance. Its scalability, stability, user-friendly setup, and reasonable pricing are also highlighted.

"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."

Room for Improvement

JFrog Xray needs enhanced reporting capabilities with detailed comparison categories. The user interface requires a more comprehensive dashboard and improved user experience. Performance issues, especially slow site speed, hamper automation. API limitations are noted. Vulnerability management features and dependency insights could be better. The limitation on project creation is restrictive. Documentation and error logging need expansion. Dashboards are missing, as is the shift left approach. PostgreSQL is the only database supported, and more troubleshooting support is needed.

"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."
"X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."

ROI

Users report significant time savings and enhanced security posture due to JFrog Xray's automated scanning and efficient vulnerability detection, which has bolstered their software development pipeline. It has improved team's confidence in deploying secure applications and has expedited release cycles. By integrating seamlessly with existing tools, JFrog Xray has streamlined processes for identifying and addressing risks, providing a noticeable improvement in their software management workflows.

Pricing

Users say the price of JFrog Security Essentials is fair and comparable to similar products. JFrog is one of the lower-cost options.

Popular Use Cases

Users primarily utilize JFrog Xray for vulnerability scanning and artifact management, frequently integrating with JFrog Artifactory. They emphasize detecting vulnerabilities in open-source components, images, and containers. Xray aids in securing artifacts, running regular reports, and managing dependency files. Companies leverage it for scanning new builds in pipelines, with some exploring its use for machine learning models in finance. The tool is also used for checking licenses.

Service and Support

Customers report mixed experiences with JFrog Xray's service. Some do not engage with technical assistance, while others find the support helpful and responsive. Many appreciate swift responses and detailed clarifications. Account managers play a vital role by providing demos when needed. Ratings for their assistance vary, indicating some customers have better experiences than others.

Deployment

Teams experience varying ease with JFrog Xray's initial setup. Some find deployment straightforward with clear API documentation, especially if Artifactory is pre-installed. Others encounter challenges, notably with licensing, but competent support often resolves these. While initial setup can extend over weeks, the ongoing maintenance requires minimal full-time attention. Errors related to missing licenses occur, impacting regular users until resolved, yet some teams face no difficulties waiting primarily on vendor actions or specific database dependencies.

Scalability

JFrog Xray demonstrates good scalability with varying assessments in performance. Automating configuration aspects proves scalable, but users highlight limitations with PostgreSQL, supporting only certain artifacts. Organizations plan to expand usage, indicating confidence in scalability. Existing users range from fewer than 100 to around 900, indicating it can support different sizes. Many applications are deployed, and onboarding of further projects is planned, showcasing potential for growth. Users highly rate its scalability, often scoring it around eight out of ten.

Stability

Users generally find JFrog Xray to be stable, with most ratings ranging from seven to ten out of ten. The majority emphasize its reliability and performance, noting the absence of bugs or glitches. However, some mention issues with the default PostgreSQL, expressing interest in enterprise support. JFrog Xray's stability is seen as comparable to others like Nexus.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our JFrog Xray Buyer's Guide for additional reliable information.