JFrog Xray vs Microsoft Defender for Cloud comparison

JFrog and Microsoft are both solutions in the Vulnerability Management category. JFrog is ranked #25 with an average rating of 8.0, while Microsoft is ranked #7 with an average rating of 8.1. JFrog holds a 1.5% mindshare in VM, compared to Microsoft’s 5.6% mindshare. Additionally, 100% of JFrog users are willing to recommend the solution, compared to 94% of Microsoft users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Apr 6, 2025

JFrog Xray and Microsoft Defender for Cloud compete in security and compliance with the latter having the upper hand due to expansive features and cloud support.

Features: JFrog Xray integrates seamlessly with DevOps, offering comprehensive artifact scanning and open-source management. Microsoft Defender for Cloud provides multi-cloud support, advanced threat protection, and extensive integrations, offering broad security coverage.

Room for Improvement: JFrog Xray could enhance ease of use, streamline initial configuration, and expand cloud capabilities. Microsoft Defender for Cloud could improve by simplifying multi-cloud integration processes, reducing alerts complexity, and enhancing user interface intuitiveness.

Ease of Deployment and Customer Service: JFrog Xray integrates well with DevOps tools, although initial setup can be complex. Microsoft Defender for Cloud benefits from being within the Microsoft ecosystem, offering a smooth deployment and substantial support resources.

Pricing and ROI: JFrog Xray's competitive pricing makes it cost-effective for open-source security users. Microsoft Defender for Cloud, while more costly, provides better ROI with extensive features and robust cloud capabilities, justifying the price through enhanced security measures.

To learn more, read our detailed JFrog Xray vs. Microsoft Defender for Cloud Report (Updated: April 2025).

Buyer's Guide

JFrog Xray vs. Microsoft Defender for Cloud

April 2025

Download the complete report

Helped 849,190 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

SentinelOne Singularity Clo...

Mindshare comparison

As of April 2025, in the Vulnerability Management category, the mindshare of SentinelOne Singularity Cloud Security is 1.7%, up from 0.5% compared to the previous year. The mindshare of JFrog Xray is 1.5%, up from 0.4% compared to the previous year. The mindshare of Microsoft Defender for Cloud is 5.6%, up from 4.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Vulnerability Management

Featured Reviews

Andrew W

VP - Information Technology at a financial services firm with 201-500 employees

Tells us about vulnerabilities as well as their impact and helps to focus on real issues

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

Read full review

Mokshi Pandita

DevOps Engineer at Rambøll Danmark A/S

An intelligent solution that prioritizes which vulnerability to target first in your project

We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.

Read full review

Vibhor Goel

Senior Cloud Platform Engineer at Deutsche Börse

A single tool for complete visibility and addressing security gaps

Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications. There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place. Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I would rate SentinelOne Singularity Cloud Security a nine out of ten."

"Visibility is the most important aspect."

"Cloud Native Security helps us discover vulnerabilities in a cloud environment like open ports that allow people to attack our environment. If someone unintentionally opens a port, we are exposed. Cloud Native Security alerts us so we can remediate the problem. We can also automate it so that Cloud Native Security will fix it."

"We use the infrastructure as code scanning, which is good."

"The best features we value in SentinelOne Singularity Cloud Security include compliance monitoring features, as we are a frequently audited company. They provide reports with compliance scores, showing how well we meet certain regulatory standards, such as HIPAA, and we can show our compliance as a percentage."

"The dashboard is intuitive in terms of design and functionality. Additionally, it gives me an email for all the findings that are open."

"The user-friendly dashboard offers both convenience and security by providing quick access to solutions and keeping us informed of potential threats."

"The most valuable feature of PingSafe is its integration with most of our technology stack, specifically all of our cloud platforms and ticketing software."

More SentinelOne Singularity Cloud Security pros

"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."

"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."

"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."

"JFrog Xray shows us a list of vulnerabilities that can impact our code."

"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."

"Good reporting functionalities."

"JFrog Xray's reporting feature has a lot of options in it, including scanning."

"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."

More JFrog Xray pros

"Defender for Cloud provides a prioritized list of remediations for security issues, reducing risk and improving security operations."

"The most valuable features of this solution are the remote workforce capabilities and the general experience of the remote workforce."

"Good compliance policies."

"When you have commissioned Defender, you have these things visible already on your dashboard. This gives the efficiency to the people to do their actual work rather than bothering about the email, sorting out the email, or looking at it through an ITSM solution, whey they have to look at the description and use cases. Efficiency increases with this optimized, ready-made solution since you don't need to invest in something externally. You can start using the dashboard and auditing capability provided from day one. Thus, you have fewer costs with a more optimized, easier-to-use solution, providing operational efficiency for your team."

"The solution is up-to-date with the latest updates and identified threats."

"It has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem."

"The most valuable features are ransomware protection and access controls. The solution has helped us secure some folders on our systems from unauthorized modifications."

"It isn't a highly complex solution. It's something that a lot of analysts can use. Defender gives you a broad overview of what's happening in your environment, and it's a great solution if you're a Microsoft shop."

More Microsoft Defender for Cloud pros

Cons

"The areas with room for improvement include the cost, which is higher compared to other security platforms. The dashboard can also be laggy."

"There can be a specific type of alert showing that a new type of risk has been identified."

"In addition to our telecom and Slack channels, it would be helpful to receive Cloud Native Security security notifications in Microsoft Teams."

"It does not bring much threat intel from the outside world. All it does is scan. If it can also correlate things, it will be better."

"They can add more widgets to its dashboard. A centralized dashboard with numerous metrics would improve user understanding."

"The application module focuses on the different codes and libraries that can be run on the machines. It is very important for Singularity EDR to detect what type of codes and what type of libraries can run in the machine. If they can implement a white list or a black list of codes or libraries that can be used in the machine, it would be very helpful. They can focus more on the application module."

"There is no break-glass account feature. They should implement this as soon as possible because we can't implement SSO without a break-glass feature."

"Currently, we would have to export our vulnerability report to an .xlsx file, and review it in an Excel spreadsheet, and then we sort of compile a list from there. It would be cool if there was a way to actually toggle multiple applications for review and then see those file paths on multiple users rather than only one user at a time or only one application at a time."

More SentinelOne Singularity Cloud Security cons

"JFrog Xray's documentation and error logging could be improved."

"The speed of JFrog Xray should improve. Other solutions have better performance."

"JFrog Xray does not have a dashboard."

"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."

"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."

"Lacks deeper reporting, the ability to compare things."

"Since we have been using the solution via APIs, there are some limitations in the APIs."

"X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL."

More JFrog Xray cons

"There needs to be improvement in the security recommendations, particularly in attack path mapping. Sometimes, it misleads users about the real exposure of external-facing assets."

"When you work with it, the only problem that we're struggling with is that we have 21 different subscriptions we're trying to apply security to. It's impossible to keep everything organized."

"Pricing could be improved. There are limited options based on pricing for the government."

"Microsoft Defender could be more centralized. For example, I still need to go to another console to do policy management."

"I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting."

"If a customer is already using Okta as an SSO in its entire environment, they will want to continue with it. But Security Center doesn't understand that and keeps making recommendations. It would help if it let us resolve a recommendation, even if it is not implemented."

"I would like to see more connectors and plugins with other platforms."

"Defender could provide more in-depth visibility into vulnerabilities and services. For instance, we wanted to scan Azure NetApp for sensitive data, but they didn't have that feature. It was only for storage accounts. I want Azure Defender features to cover all Azure resources rather than a few."

More Microsoft Defender for Cloud cons

Pricing and Cost Advice

"It was reasonable pricing for me."

"I understand that SentinelOne is a market leader, but the bill we received was astronomical."

"While SentinelOne Singularity Cloud Security offers robust protection, its high cost may be prohibitive for small and medium-sized businesses."

"It is cheap."

"I am not involved in the pricing, but it is cost-effective."

"Their pricing appears to be based simply on the number of accounts we have, which is common for cloud-based products."

"We found it to be fine for us. Its price was competitive. It was something we were happy with. We are not a Fortune 500 company, so I do not know how pricing scales at the top end, but for our cloud environment, it works very well."

"As a partner, we receive a discount on the licenses."

More SentinelOne Singularity Cloud Security pricing and cost advice

Information not available

"There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan."

"Pricing depends on your workload size, but it is very cheap. If you're talking about virtual machines, it is $5 or something for each machine, which is minimal. If you go for some agent-based solution for every virtual machine, then you need to pay the same thing or more than that. For an on-premises solution like this, we were paying around $30 to $50 based on size. With Defender, Microsoft doesn't bother about the size. You pay based on the number of machines. So, if you have 10 virtual machines, and 10 virtual machines are being monitored, you are paying based on that rather than the size of the virtual machine. Thus, you are paying for the number of units rather than paying for the size of your units."

"I am not involved much with the pricing but the bundle offering is good."

"Defender's basic version is free, which is good. Many of our teams are evaluating the paid version against third-party products."

"The licensing is straightforward but can become expensive if you cover everything. You must balance the cost against the importance of what needs covering."

"I rate Microsoft Defender a three out of ten for affordability. The price could be a little lower."

"They have a free version, but the license for this one isn't too high. It's free to start with, and you're charged for using it beyond 30 days. Some other pieces of Defender are charged based on usage, so you will be charged more for a high volume of transactions. I believe Defender for Cloud is a daily charge based on Azure's App Service Pricing."

"The licensing cost per server is $15 per month."

More Microsoft Defender for Cloud pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

849,190 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

16%

Manufacturing Company

Government

Financial Services Firm

26%

Computer Software Company

12%

Manufacturing Company

12%

Government

Computer Software Company

14%

Financial Services Firm

13%

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about PingSafe?

The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...

See all answers

What is your experience regarding pricing and costs for PingSafe?

It is cost-effective compared to other solutions in the market.

See all answers

What needs improvement with PingSafe?

SentinelOne Singularity Cloud Security is an excellent CSPM tool, but its CWPP features need improvement, and there i...

See all answers

What do you like most about JFrog Xray?

JFrog Xray shows us a list of vulnerabilities that can impact our code.

See all answers

What needs improvement with JFrog Xray?

X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support ...

See all answers

What is your primary use case for JFrog Xray?

Our primary use case for X-ray includes multiple activities such as security and vulnerability scanning. We already u...

See all answers

How is Prisma Cloud vs Azure Security Center for security?

Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening acros...

See all answers

What do you like most about Microsoft Defender for Cloud?

The entire Defender Suite is tightly coupled, integrated, and collaborative.

See all answers

What is your experience regarding pricing and costs for Microsoft Defender for Cloud?

Initially, the cost was reasonable, but additional services from Microsoft sometimes incur extra expenses that seem h...

See all answers

Comparisons

Wiz vs SentinelOne Singularity Cloud Security

Compared 24% of the time

Prisma Cloud by Palo Alto Networks vs SentinelOne Singularity Cloud Security

Compared 20% of the time

AWS GuardDuty vs SentinelOne Singularity Cloud Security

Compared 8% of the time

Orca Security vs SentinelOne Singularity Cloud Security

Compared 5% of the time

Check Point CloudGuard CNAPP vs SentinelOne Singularity Cloud Security

Compared 5% of the time

More SentinelOne Singularity Cloud Security Competitors

Black Duck vs JFrog Xray

Compared 16% of the time

Trivy vs JFrog Xray

Compared 14% of the time

Veracode vs JFrog Xray

Compared 7% of the time

Prisma Cloud by Palo Alto Networks vs JFrog Xray

Compared 6% of the time

GitHub Dependabot vs JFrog Xray

Compared 5% of the time

More JFrog Xray Competitors

AWS GuardDuty vs Microsoft Defender for Cloud

Compared 20% of the time

Wiz vs Microsoft Defender for Cloud

Compared 13% of the time

Prisma Cloud by Palo Alto Networks vs Microsoft Defender for Cloud

Compared 11% of the time

Microsoft Defender XDR vs Microsoft Defender for Cloud

Compared 4% of the time

Orca Security vs Microsoft Defender for Cloud

Compared 3% of the time

More Microsoft Defender for Cloud Competitors

Product Reports

Buyer's Guide

SentinelOne Singularity Cloud Security

March 2025

SentinelOne Singularity Cloud Security report

Download SentinelOne Singularity Cloud Security product report

Buyer's Guide

JFrog Xray

April 2025

Download JFrog Xray product report

Buyer's Guide

Microsoft Defender for Cloud

April 2025

Download Microsoft Defender for Cloud product report

Also Known As

PingSafe

JFrog Security Essentials

Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender

Interactive Demo

Demo not available

SentinelOne

Demo not available

JFrog

Microsoft

Overview

SentinelOne Singularity Cloud Security protects cloud workloads, offering advanced threat detection and automated response. It integrates seamlessly with cloud environments and secures containerized applications and virtual machines against vulnerabilities.

SentinelOne Singularity Cloud Security is renowned for its efficiency in mitigating threats in real-time. The platform integrates effortlessly with existing cloud environments, ensuring robust cloud security management with minimal manual intervention. Securing containerized applications and virtual machines, it excels in threat intelligence and endpoint protection. However, improvements are needed in performance during high workload periods, and more integrations with third-party tools and better documentation would be beneficial. Users often find the installation process complex, support response times slow, and the dashboard's navigation unintuitive.

What are the key features of SentinelOne Singularity Cloud Security?

Real-time Threat Detection: Identifies and mitigates threats as they occur.
Automated Response: Automatically responds to threats to minimize impact.
Ease of Deployment: Simple setup process with scalable options.
Machine Learning Insights: AI-driven insights enhance threat prevention.
Seamless Integration: Integrates with cloud environments for unified security management.

What are the primary benefits or ROI to expect from SentinelOne Singularity Cloud Security?

Enhanced Threat Mitigation: Improved security against real-time threats.
Reduced Manual Intervention: Automated processes save time and resources.
Scalability: Easily adapts to growing security requirements.
Centralized Management: Manage security across platforms from a single console.
Advanced Threat Intelligence: Provides in-depth analysis and protection.

In specific industries, SentinelOne Singularity Cloud Security is implemented to safeguard critical data and infrastructure. Organizations in finance, healthcare, and technology depend on its real-time threat detection and automated response to protect sensitive information. Its ability to secure containerized applications and virtual machines is particularly valuable in dynamic environments where rapid scaling is necessary.

SentinelOne

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

If you are a team player and you care and you play to WIN, we have just the job you're looking for.

As we say at JFrog: "Once You Leap Forward You Won't Go Back!"

JFrog

Microsoft Defender for Cloud is a comprehensive security solution that provides advanced threat protection for cloud workloads. It offers real-time visibility into the security posture of cloud environments, enabling organizations to quickly identify and respond to potential threats. With its advanced machine learning capabilities, Microsoft Defender for Cloud can detect and block sophisticated attacks, including zero-day exploits and fileless malware.

The solution also provides automated remediation capabilities, allowing security teams to quickly and easily respond to security incidents. With Microsoft Defender for Cloud, organizations can ensure the security and compliance of their cloud workloads, while reducing the burden on their security teams.

Microsoft

Sample Customers

Information Not Available

google, amazon, cisco, netflix, oracle, vmware, facebook

Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.

Buyer's Guide

JFrog Xray vs. Microsoft Defender for Cloud

April 2025

Free Report: JFrog Xray vs. Microsoft Defender for Cloud

Find out what your peers are saying about JFrog Xray vs. Microsoft Defender for Cloud and other solutions. Updated: April 2025.

DOWNLOAD NOW

849,190 professionals have used our research since 2012.

See our JFrog Xray vs. Microsoft Defender for Cloud report.

See our list of best Vulnerability Management vendors and best Container Security vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.