Try our new research platform with insights from 80,000+ expert users

JFrog Xray vs Orca Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Vulnerability Management
6th
Ranking in Container Security
3rd
Average Rating
8.6
Reviews Sentiment
8.1
Number of Reviews
92
Ranking in other categories
Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (3rd)
JFrog Xray
Ranking in Vulnerability Management
22nd
Ranking in Container Security
19th
Average Rating
8.2
Number of Reviews
7
Ranking in other categories
Software Composition Analysis (SCA) (6th), Software Supply Chain Security (3rd)
Orca Security
Ranking in Vulnerability Management
11th
Ranking in Container Security
14th
Average Rating
9.4
Number of Reviews
15
Ranking in other categories
Cloud Workload Protection Platforms (CWPP) (11th), Cloud Security Posture Management (CSPM) (9th), Cloud-Native Application Protection Platforms (CNAPP) (9th), Data Security Posture Management (DSPM) (6th), Cloud Detection and Response (CDR) (2nd)
 

Mindshare comparison

As of November 2024, in the Vulnerability Management category, the mindshare of SentinelOne Singularity Cloud Security is 1.1%, up from 0.3% compared to the previous year. The mindshare of JFrog Xray is 1.0%, up from 0.1% compared to the previous year. The mindshare of Orca Security is 5.0%, down from 5.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Andrew W - PeerSpot reviewer
Aug 29, 2024
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Mokshi Pandita - PeerSpot reviewer
Jun 1, 2023
An intelligent solution that prioritizes which vulnerability to target first in your project
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Cédric Thian-Meng - PeerSpot reviewer
Apr 3, 2024
It contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure
Orca Security has patented technologies. It's an agentless solution, so you don't need to install an agent. Instead, it contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure. The multi-cloud capability displays essential information and potential vulnerabilities with granular detail. For instance, it identifies paths that attackers might exploit to gain root or admin access to machines. It is comprehensive, covering a wide range of software needs. They also integrate with CI/CD pipelines, enabling developers to ensure security from the early stages of code deployment. This integration provides a 100% guarantee on security, safeguarding images, configurations, and other crucial information throughout the development process.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The management console is highly intuitive to comprehend and operate."
"PingSafe provides email alerts and ranks issues based on severity, such as high, critical, etc., that help us prioritize issues."
"The solution helped free other staff to work on other projects or other tasks. We basically just had to do a bunch of upfront configuring. With it, we do not have to spend as much time in the console."
"PingSafe's integration is smooth. They are highly customer-oriented, and the integration went well for us."
"The solution is a good alerting tool."
"The most valuable features of PingSafe are the asset inventory and issue indexing."
"The user interface is well-designed and easy to navigate."
"With PingSafe, it's easy to onboard new accounts."
"The solution is stable and reliable."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"Good reporting functionalities."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"Orca's SideScanning is the biggest feature. It's the 'wow' factor... With Orca's SideScanning, they just need permissions for your account and that makes it so simple."
"With its Cloud Security Posture Management capability, we have the ability to read across all of our cloud-based environments, which includes AWS and Azure. We have visibility into those environments. Seeing all vulnerabilities and configurations is really powerful for us, but ultimately, the ability to use the API to query across the fleet to understand what is the current state, what is the patch level, which ones are potentially exposed for a new CVE that just came out is even more valuable. It allows us to gather really specific intelligence through simple queries."
"The most valuable feature of Orca Security is the automated scanning tool, user-friendliness, and ease of use."
"Orca's platform provides an agentless data collection facility that collects information directly from the cloud using APIs, with zero impact on performance."
"The visibility Orca provides into my environment is at the highest level... When I dropped them into the environment, from the very get-go I had more insight into the risks in my environment than I had had during the entire two and a half years I had been here."
"The reporting and automated remediation capabilities are valuable to me. They're real game-changers."
"There are so many valuable features that I could list, but one that I appreciate is the PCI DSS compliance report."
"Orca provides X-ray vision into everything within the cloud properties, whereas normally, this would require multiple tools."
 

Cons

"I request that SentinelOne investigate this false positive, as SentinelOne has a higher false positive rate than other XDR solutions."
"Cloud Native Security's reporting could be better. We are unable to see which images are impacted. Several thousand images have been deployed, so if we can see some application-specific information in the dashboard, we can directly send that report to the team that owns the application. We'd also like the option to download the report from the portal instead of waiting for the report to be sent to our email."
"The integration with Oracle has room for improvement."
"A beneficial improvement for PingSafe would be integration with Jira, allowing for a more streamlined ticketing system."
"The could improve their mean time to detect."
"It does not bring much threat intel from the outside world. All it does is scan. If it can also correlate things, it will be better."
"It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background."
"PingSafe can be improved by developing a comprehensive set of features that allow for automated workflows."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"JFrog Xray's documentation and error logging could be improved."
"JFrog Xray does not have a dashboard."
"Lacks deeper reporting, the ability to compare things."
"Another improvement would be that, in addition to focusing on endpoint compliance, they would focus on general compliance."
"There were a couple of times when Orca was down when I was trying to access it. I work strange hours because all of my team is in the UK right now. It was 2 a.m. on a Saturday and I was trying to log in but it wasn't working. But relative to my other security tools, Orca is definitely the most stable that I've seen."
"The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments... Ultimately, the ability to auto-remediate is something that I would like to see."
"I would like to see an option to do security checks on a code level. This is possible because they have access to all of the code running in the cloud provider, and combining their site-scanning solution with that would be a nice add-on."
"The presentation of the data in the dashboard is a little bit chaotic."
"They can expand a little bit in anti-malware detection. While we have pretty good confidence that it's going to detect some of the static malware, some of the detections are heuristics. There could be a growth in the library from where they're pulling their information, but we don't get a lot of those alerts based on the design of our products. In general, that might be an area that needs to be filled since they offer it as a service within it."
"I would like to see better customization options for security frameworks and better integration with reporting tools like Power BI or Grafana dashboards."
"In the future, I'd like to see Orca work better with third-party vendors. Specifically, being able to provide sanitized results from third parties."
 

Pricing and Cost Advice

"PingSafe is priced reasonably for our workload."
"The price depends on the extension of the solution that you want to buy. If you want to buy just EDR, the price is less. XDR is a little bit more expensive. There are going to be different add-ons for Singularity."
"PingSafe's primary advantage is its ability to consolidate multiple tools into a single user interface, but, beyond this convenience, it may not offer significant additional benefits to justify its price."
"It was reasonable pricing for me."
"Singularity Cloud Workload Security's licensing and price were cheaper than the other solutions we looked at."
"The pricing is fair. It is not inexpensive, and it is also not expensive. When managing a large organization, it is going to be costly, but it meets the business needs. In terms of what is out there on the market, it is fair and comparable to what I have seen, so I do not have any complaints about the cost"
"It is cheap."
"We have an enterprise license. It is affordable. I'm not sure, but I think we pay 150,000 rupees per month."
Information not available
"Overall, the pricing is reasonable and the discounts have been acceptable."
"The most expensive solution is Palo Alto. They claim to be very robust. The next most expensive is Wiz, followed by Orca and all the rest."
"While it's competitive with Palo Alto Prisma, I think Orca's list price is very high. I would advise Orca to lower it because, at that price, I might consider alternatives like Wiz, which also offers agentless services."
"It is the cost of the visibility that you get. When you really sit down and think about what do you need to do to secure an environment with a low impact on the business, and you take a look out into the world, I think this tool is well justified around cost."
"The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."
"The price is a bit expensive for smaller organizations."
"We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."
"Orca Security is cheaper compared to other solutions in the same space."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
814,763 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
16%
Manufacturing Company
10%
Insurance Company
5%
Financial Services Firm
24%
Manufacturing Company
15%
Computer Software Company
13%
Government
5%
Computer Software Company
17%
Financial Services Firm
13%
Manufacturing Company
9%
University
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
I am personally not taking care of the pricing part, but when we moved from CrowdStrike to Singularity Cloud Native S...
What needs improvement with PingSafe?
They can provide some kind of alert when a new type of risk is there. There can be a specific type of alert showing t...
What do you like most about JFrog Xray?
JFrog Xray shows us a list of vulnerabilities that can impact our code.
What needs improvement with JFrog Xray?
There is a tool called DefectDojo for reporting. Reporting is crucial, but it is lacking in the current tool. Every o...
What is your primary use case for JFrog Xray?
We use this solution to identify vulnerabilities in the dependency file. We have the Artifactory package which integr...
What do you like most about Orca Security?
It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just ...
What needs improvement with Orca Security?
The company is managed by industry veterans. It's a cloud-based product. They handle misconfigurations and analyse yo...
What is your primary use case for Orca Security?
We use the solution to show misconfiguration. Often, users lack knowledge about their assets' fingerprints and their ...
 

Also Known As

PingSafe
JFrog Security Essentials
No data available
 

Overview

 

Sample Customers

Information Not Available
google, amazon, cisco, netflix, oracle, vmware, facebook
BeyondTrust, Postman, Digital Turbine, Solarisbank, Lemonade, C6 Bank, Docebo, Vercel, and Vivino
Find out what your peers are saying about JFrog Xray vs. Orca Security and other solutions. Updated: October 2024.
814,763 professionals have used our research since 2012.