Try our new research platform with insights from 80,000+ expert users

JFrog Xray vs Microsoft Defender for Cloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Vulnerability Management
6th
Ranking in Container Security
3rd
Average Rating
8.8
Reviews Sentiment
7.8
Number of Reviews
110
Ranking in other categories
Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (2nd)
JFrog Xray
Ranking in Vulnerability Management
25th
Ranking in Container Security
22nd
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
8
Ranking in other categories
Software Composition Analysis (SCA) (6th), Software Supply Chain Security (1st)
Microsoft Defender for Cloud
Ranking in Vulnerability Management
7th
Ranking in Container Security
4th
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
76
Ranking in other categories
Container Management (9th), Cloud Workload Protection Platforms (CWPP) (2nd), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (4th), Data Security Posture Management (DSPM) (3rd), Microsoft Security Suite (4th), Compliance Management (3rd)
 

Mindshare comparison

As of April 2025, in the Vulnerability Management category, the mindshare of SentinelOne Singularity Cloud Security is 1.7%, up from 0.5% compared to the previous year. The mindshare of JFrog Xray is 1.5%, up from 0.4% compared to the previous year. The mindshare of Microsoft Defender for Cloud is 5.6%, up from 4.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Mokshi Pandita - PeerSpot reviewer
An intelligent solution that prioritizes which vulnerability to target first in your project
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Vibhor Goel - PeerSpot reviewer
A single tool for complete visibility and addressing security gaps
Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications. There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place. Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is advantageous in terms of time-saving and cost reduction."
"It saves us time based on savings on manual activities."
"Singularity Cloud Security's most valuable features are its ease of scalability and comprehensive security measures."
"PingSafe stands out for its user-friendly interface and intuitive software, making it easy to navigate and use."
"The most valuable feature is the easy-to-understand user interface, which allows even non-technical users to comprehend and resolve issues."
"Its performance impact on the systems is low, which means there is a minimal impact on system performance compared to traditional antivirus solutions."
"It is scalable, stable, and can detect any threat on a machine. It uses artificial intelligence and can lock down any virus."
"Singularity Cloud Security's most valuable features are its ease of scalability and comprehensive security measures."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"The solution is stable and reliable."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"Good reporting functionalities."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"It offers virus management and addresses threats such as viruses, worms, spyware, and other critical security concerns."
"The most valuable feature for me is the variety of APIs available."
"We can create alerts that trigger if there is any malicious activity happening in the workflow and these alerts can be retrieved using the query language."
"The solution's coordinated detection and response across devices and identities is impressive because it is complete."
"The most valuable feature is the regulatory compliance aspect, where we utilize predefined initiatives like NIST."
"The solution is quite good and addresses many security gaps."
"It is very intuitive when it comes to policy administration, alerts and notifications, and ease of setting up roles at different hierarchies. It has also been good in terms of the network technology maps. It provides a good overview, but it also depends on the complexity of your network."
"I would rate Microsoft Defender for Cloud a ten."
 

Cons

"When you find a vulnerability and resolve it, the same issue will not occur again. I want PingSafe to block the same vulnerability from appearing again. I want something like a playbook where the steps that we take to resolve an issue are repeated when that issue happens again."
"With Cloud Native Security, we can't selectively enable or disable alerts based on our specific use case."
"They can work on policies based on different compliance standards."
"A beneficial improvement for PingSafe would be integration with Jira, allowing for a more streamlined ticketing system."
"I request that SentinelOne investigate this false positive, as SentinelOne has a higher false positive rate than other XDR solutions."
"PingSafe can improve by eliminating 100 percent of the false positives."
"For vulnerabilities, they are showing CVE ID. The naming convention should be better so that it indicates the container where a vulnerability is present. Currently, they are only showing CVE ID, but the same CVE ID might be present in multiple containers. We would like to have the container name so that we can easily fix the issue."
"The application module focuses on the different codes and libraries that can be run on the machines. It is very important for Singularity EDR to detect what type of codes and what type of libraries can run in the machine. If they can implement a white list or a black list of codes or libraries that can be used in the machine, it would be very helpful. They can focus more on the application module."
"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"JFrog Xray's documentation and error logging could be improved."
"Lacks deeper reporting, the ability to compare things."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"JFrog Xray does not have a dashboard."
"X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters. It could be cheaper."
"Azure Security Center takes a long time to update, compared to the on-premises version of Microsoft Defender."
"The range of workloads is broad, but we'd love to add more workloads and make it a single security solution that covers all those workloads."
"With the new Copilot functionality available everywhere, it is challenging to pinpoint areas for improvement. If I put in a lot of thought, I might identify things, but right now, nothing significant pops into my mind, but there is always room for more transparency, especially in pricing."
"The solution's portal is very easy to use, but there's one key component that is missing when it comes to managing policies. For example, if I've onboarded my server and I need to specify antivirus policies, there's no option to do that on the portal. I will have to go to Intune to deploy them. That is one main aspect that is missing and it's worrisome."
"Sometimes, it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or certain kinds of products. That's not an issue directly with the product, though."
"There are challenges with the licensing policies, which are quite complicated."
"The pricing could be improved, as it is somewhat high for smaller companies."
 

Pricing and Cost Advice

"Singularity Cloud Security by SentinelOne is cost-efficient."
"SentinelOne is quite costly compared to other security platforms."
"The price depends on the extension of the solution that you want to buy. If you want to buy just EDR, the price is less. XDR is a little bit more expensive. There are going to be different add-ons for Singularity."
"Singularity Cloud Workload Security's licensing and price were cheaper than the other solutions we looked at."
"It is cost-effective compared to other solutions in the market."
"SentinelOne offers excellent pricing and licensing options."
"PingSafe is less expensive than other options."
"PingSafe is fairly priced."
Information not available
"Pricing is difficult because each license has its own metrics and cost."
"We are using the free version of the Azure Security Center."
"Although I am outside of the discussion on budget and costing, I can say that the importance of security provided by this solution is of such importance that whatever the cost is, it is not a factor."
"I'm not privy to that information, but I know it's probably close to a million dollars a year."
"The price of the solution is good for the features we receive and there is an additional cost for Microsoft premier support. However, some of my potential customers have found it to be expensive and have gone on to choose another solution."
"The tool is pretty expensive."
"Currently, Microsoft offers only one plan at the enterprise level which is $15 per machine."
"It is bundled with our enterprise subscription, which makes it easy to go for it. It is available by default, and there is no extra cost for using the standard features."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
848,989 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
9%
Government
5%
Financial Services Firm
26%
Computer Software Company
12%
Manufacturing Company
12%
Government
5%
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
It is cost-effective compared to other solutions in the market.
What needs improvement with PingSafe?
The documentation could be better. Besides improving the documentation, obtaining a professional or partner specializ...
What do you like most about JFrog Xray?
JFrog Xray shows us a list of vulnerabilities that can impact our code.
What needs improvement with JFrog Xray?
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support ...
What is your primary use case for JFrog Xray?
Our primary use case for X-ray includes multiple activities such as security and vulnerability scanning. We already u...
How is Prisma Cloud vs Azure Security Center for security?
Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening acros...
What do you like most about Microsoft Defender for Cloud?
The entire Defender Suite is tightly coupled, integrated, and collaborative.
What is your experience regarding pricing and costs for Microsoft Defender for Cloud?
Initially, the cost was reasonable, but additional services from Microsoft sometimes incur extra expenses that seem h...
 

Also Known As

PingSafe
JFrog Security Essentials
Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
google, amazon, cisco, netflix, oracle, vmware, facebook
Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
Find out what your peers are saying about JFrog Xray vs. Microsoft Defender for Cloud and other solutions. Updated: April 2025.
848,989 professionals have used our research since 2012.