Try our new research platform with insights from 80,000+ expert users

Aqua Cloud Security Platform vs JFrog Xray comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Container Security
2nd
Average Rating
8.8
Reviews Sentiment
7.9
Number of Reviews
107
Ranking in other categories
Vulnerability Management (6th), Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (3rd)
Aqua Cloud Security Platform
Ranking in Container Security
18th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
16
Ranking in other categories
Cloud and Data Center Security (12th), Cloud Workload Protection Platforms (CWPP) (15th), Cloud-Native Application Protection Platforms (CNAPP) (14th), Software Supply Chain Security (2nd), DevSecOps (9th)
JFrog Xray
Ranking in Container Security
19th
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
8
Ranking in other categories
Vulnerability Management (25th), Software Composition Analysis (SCA) (6th), Software Supply Chain Security (3rd)
 

Mindshare comparison

As of March 2025, in the Container Security category, the mindshare of SentinelOne Singularity Cloud Security is 2.1%, up from 1.1% compared to the previous year. The mindshare of Aqua Cloud Security Platform is 4.3%, down from 7.4% compared to the previous year. The mindshare of JFrog Xray is 4.8%, up from 2.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Burak AKCAGUN - PeerSpot reviewer
A robust and cost-effective solution, excelling in scalability, on-premises support, and responsive technical support, making it well-suited for enterprises navigating stringent regulatory environment
The most crucial aspect is runtime protection, specifically image scanning before preproduction and deployment. Customers find it invaluable to have the ability to check for vulnerabilities in an image before deployment, similar to a sandbox environment. This feature ensures that customers can identify any potential issues with the image, such as misconfigurations or vulnerabilities, before integrating it into their workloads and infrastructure. In their source pipeline, companies can identify issues before deploying changes. This is crucial because customers prefer resolving any problems or misconfigurations before the deployment process. Software change security, including GSPM Cloud, is a key feature customers seek in their infrastructure.
Mokshi Pandita - PeerSpot reviewer
An intelligent solution that prioritizes which vulnerability to target first in your project
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Support has been very helpful and provides regular feedback and help whenever needed. They've been very useful."
"It is fairly simple. Anybody can use it."
"It is advantageous in terms of time-saving and cost reduction."
"It gives me the information I need."
"The solution helped free other staff to work on other projects or other tasks. We basically just had to do a bunch of upfront configuring. With it, we do not have to spend as much time in the console."
"Cloud Native Security helps us discover vulnerabilities in a cloud environment like open ports that allow people to attack our environment. If someone unintentionally opens a port, we are exposed. Cloud Native Security alerts us so we can remediate the problem. We can also automate it so that Cloud Native Security will fix it."
"I would rate SentinelOne Singularity Cloud Security a ten out of ten."
"PingSafe has a dashboard that can detect the criticality of a particular problem, whether it falls under critical, medium, or low vulnerability."
"Valuable features include the ability to connect it to our Docker Hub where our images are stored, good integration with Slack, and the connection to the CV, to easily see which CVs are on each image."
"The most valuable features are that it's easy to use and manage."
"The container security element of this product has been very valuable to our organization."
"Aqua Security helps us to check the vulnerability of image assurance and check for malware."
"The most valuable feature of Aqua Security is the scanner."
"The CSPM product is great at securing our cloud accounts and I really like the runtime protection for containers and functions too."
"The DTA, which stands for Dynamic Threat Analysis, allows me to analyze Docker images in a sandbox environment before deployment, helping me anticipate risks."
"We use Aqua Security for the container security features."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"The solution is stable and reliable."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"Good reporting functionalities."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
 

Cons

"I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes."
"Crafting customized policies can be tricky."
"We've found a lot of false positives."
"SentinelOne Singularity Cloud Security has limited legacy system support and may not fully support older operating systems or legacy environments."
"While SentinelOne offers robust security features, its higher cost may present a challenge for budget-conscious organizations."
"The application module focuses on the different codes and libraries that can be run on the machines. It is very important for Singularity EDR to detect what type of codes and what type of libraries can run in the machine. If they can implement a white list or a black list of codes or libraries that can be used in the machine, it would be very helpful. They can focus more on the application module."
"In addition to our telecom and Slack channels, it would be helpful to receive Cloud Native Security security notifications in Microsoft Teams."
"There's an array of upcoming versions with numerous features to be incorporated into the roadmap. Customers particularly appreciate the service's emphasis on intensive security, especially the secret scanning aspect. During the proof of concept (POC) phase, the system is required to gather logs from the customer's environment. This process entails obtaining specific permissions, especially in terms of gateway access. While most permissions for POC are manageable, the need for various permissions may need improvement, especially in the context of security."
"We would like to see an improvement in the overview visibility that this solution offers."
"Sometimes I got stressed with the UI."
"In the next release, Aqua Security should add the ability to automatically send reports to customers."
"They want to release improvements to their product to work with other servers because now there are more focused on the Kubernetes environment. They need to improve the normal servers. I would like to have more options."
"The solution could improve user-friendliness."
"Aqua Security could provide more open documentation so that their learning resources can be more easily accessed and searched through online. Right now, a lot of the documentation is closed and not available to the public."
"Aqua Security lacks a lot in reporting."
"The integrations on CICD could be improved. If Aqua had more plugins or container images to integrate and automate more easily on CICD, it would be better."
"Lacks deeper reporting, the ability to compare things."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."
"X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL."
"JFrog Xray's documentation and error logging could be improved."
 

Pricing and Cost Advice

"The price depends on the extension of the solution that you want to buy. If you want to buy just EDR, the price is less. XDR is a little bit more expensive. There are going to be different add-ons for Singularity."
"PingSafe's primary advantage is its ability to consolidate multiple tools into a single user interface, but, beyond this convenience, it may not offer significant additional benefits to justify its price."
"PingSafe is fairly priced."
"It is cost-effective compared to other solutions in the market."
"The licensing is easy to understand and implement, with some flexibility to accommodate dynamic environments."
"I understand that SentinelOne is a market leader, but the bill we received was astronomical."
"I am personally not taking care of the pricing part, but when we moved from CrowdStrike to PingSafe, there were some savings. The price of CrowdStrike was quite high. Compared to that, the price of PingSafe was low. PingSafe is charging based on the subscription model. If I want to add an AWS subscription, I need to pay more. It should not be based on subscription. It should be based on the number of servers that I am scanning."
"SentinelOne provided competitive pricing compared to other vendors, and we are satisfied with the deal."
"They were reasonable with their pricing. They were pretty down-to-earth about the way they pitched their product and the way they tried to close the deal. They were one of the rare companies that approached the whole valuation in a way that made sense for our company, for our needs, and for their own requirements as well... They will accommodate your needs if they are able to understand them and they're stated clearly."
"It comes at a reasonable cost."
"Aqua Security is not cheap, and it's not very expensive, such as Splunk, they are in the middle."
"Dealing with licensing costs isn't my responsibility, but I know that the licenses don't depend on the number of users, but instead are priced according to your workload."
"The pricing of this solution could be improved."
Information not available
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
842,690 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
9%
Government
5%
Financial Services Firm
24%
Computer Software Company
13%
Manufacturing Company
11%
Government
8%
Financial Services Firm
26%
Manufacturing Company
13%
Computer Software Company
12%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
It is cost-effective compared to other solutions in the market.
What needs improvement with PingSafe?
In version 2, a lot of rules have been deployed for Kubernetes security and CDR, which makes a lot of issues of criti...
What do you think of Aqua Security vs Prisma Cloud?
Aqua Security is easy to use and very manageable. Its main focus is on Kubernetes and Docker. Security is a very valu...
What do you like most about Aqua Security?
Customers find it invaluable to have the ability to check for vulnerabilities in an image before deployment, similar ...
What is your experience regarding pricing and costs for Aqua Security?
It comes at a reasonable cost. When compared to Prisma Cloud, it is more budget-friendly.
What do you like most about JFrog Xray?
JFrog Xray shows us a list of vulnerabilities that can impact our code.
What needs improvement with JFrog Xray?
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support ...
What is your primary use case for JFrog Xray?
Our primary use case for X-ray includes multiple activities such as security and vulnerability scanning. We already u...
 

Also Known As

PingSafe
Aqua Security Platform, CloudSploit, Argon
JFrog Security Essentials
 

Overview

 

Sample Customers

Information Not Available
HPE Salesforce Telstra Ellie Mae Cathay Pacific HomeAway
google, amazon, cisco, netflix, oracle, vmware, facebook
Find out what your peers are saying about Aqua Cloud Security Platform vs. JFrog Xray and other solutions. Updated: February 2025.
842,690 professionals have used our research since 2012.