Try our new research platform with insights from 80,000+ expert users

JFrog Xray vs Prisma Cloud by Palo Alto Networks comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 25, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Container Security
3rd
Average Rating
8.8
Reviews Sentiment
7.9
Number of Reviews
107
Ranking in other categories
Vulnerability Management (6th), Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (2nd)
JFrog Xray
Ranking in Container Security
22nd
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
8
Ranking in other categories
Vulnerability Management (25th), Software Composition Analysis (SCA) (6th), Software Supply Chain Security (1st)
Prisma Cloud by Palo Alto N...
Ranking in Container Security
1st
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
108
Ranking in other categories
Web Application Firewall (WAF) (6th), Cloud Security Posture Management (CSPM) (2nd), Cloud-Native Application Protection Platforms (CNAPP) (1st), Data Security Posture Management (DSPM) (1st)
 

Mindshare comparison

As of April 2025, in the Container Security category, the mindshare of SentinelOne Singularity Cloud Security is 2.1%, up from 1.0% compared to the previous year. The mindshare of JFrog Xray is 3.8%, up from 1.9% compared to the previous year. The mindshare of Prisma Cloud by Palo Alto Networks is 13.9%, down from 17.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Mokshi Pandita - PeerSpot reviewer
An intelligent solution that prioritizes which vulnerability to target first in your project
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Mohammad Qaw - PeerSpot reviewer
It gives you one console to see all of your assets, review their configurations, and build your processes
Most customers use Prisma Cloud for visibility and compliance. Prisma has so many features, but many organizations do not use them. They primarily use the visibility part to connect all their cloud accounts and hosts for visibility to see if they are missing any security controls or if they have any misconfigurations. You can connect it to cloud environments such as Azure, AWS, Oracle Cloud, Alibaba, etc., or to an on-prem data center. Prisma Cloud gives you so many options to automate processes related to your daily operations. When it comes to cybersecurity, you can automate things with their existing APIs. They also have out-of-the-box integrations with many solutions. I have not seen any limitations. Everything is customizable. You can do whatever you want, defining the reporting and custom use cases. They recently updated the UI, so it's much better than before.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The key strength of Singularity Cloud Security lies in its ability to pinpoint vulnerabilities in our cloud accounts and identify suspicious activity that warrants further investigation."
"The solution helped free other staff to work on other projects or other tasks. We basically just had to do a bunch of upfront configuring. With it, we do not have to spend as much time in the console."
"All the features we use are equal and get the job done."
"Its performance impact on the systems is low, which means there is a minimal impact on system performance compared to traditional antivirus solutions."
"I did a lot of research before signing up and doing the demo. They have a good reputation as far as catching threats early on."
"The offensive security where they do a fix is valuable. They go to a misconfiguration and provide detailed alerts on what could be there. They also provide a remediation feature where if we give the permission, they can also go and fix the issue."
"Singularity Cloud Security offers autonomous response capabilities, automatically remediating threats and restoring affected files without manual intervention."
"PingSafe's most valuable feature is its unified console."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"The solution is stable and reliable."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"Good reporting functionalities."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"The container and serverless security is most valuable. It is quite a new technology for this region. Even though containers have been there for a long time, the adoption of containers is very minimal in this region. When it comes to using Kubernetes containers in a complex architecture, there is a lack of security in the market. People aren't aware of the security controls or the process for governance. Container security provided by Prisma Cloud is quite good at filling that gap."
"The framework to configure controls is pretty good; it's pretty sophisticated. We can implement a fair amount of testing for a fair number of controls."
"One of the main reasons we like Prisma Cloud so much is that they also provide an API. You can't expect to give someone an account on Prisma Cloud, or on any tool for that matter, and say, "Go find your things and fix them." It doesn't work like that... We pull down the information from the API that Prisma Cloud provides, which is multi-cloud, multi-account—hundreds and hundreds of different types of alerts graded by severity—and then we can clearly identify that these alerts belong to these people, and they're the people who must remediate them."
"Due to the maturity of most companies, security posture management is the most valuable feature."
"Through Prisma Cloud, we can write Lambda functions, configure policies to check the security posture, and get reports. We can do a lot more."
"The most valuable features of Prisma Cloud are its cloud security posture management and cloud workload protection capabilities."
"We are provided with a single tool to protect all of our cloud resources and applications without having to manage and reconcile compliance reports."
"It provides insights into potential vulnerabilities in our code, helping us identify and rectify issues before they can be exploited."
 

Cons

"They can work on policies based on different compliance standards."
"If I had to pick a complaint, it would be the way the hosts are listed in the tool. You have different columns separated by endpoint name, Cloud Account, and Cloud Instances ID. I wish there was something where we could change the endpoint name and not use just the IP address. We would like to have custom names or our own names for the instances. If I had a complaint, that would be it, but so far, it meets all the needs that we have."
"The cost has the potential for improvement."
"The SentinelOne customer support needs improvement, as they are sometimes late in responding, which is critical in a production issue."
"The categorization of the results from the vulnerability assessment could be improved."
"In some cases, the rules are strictly enforced but do not align with real-world use cases."
"For vulnerabilities, they are showing CVE ID. The naming convention should be better so that it indicates the container where a vulnerability is present. Currently, they are only showing CVE ID, but the same CVE ID might be present in multiple containers. We would like to have the container name so that we can easily fix the issue."
"We recently adopted a new ticket management solution, so we've asked them to include a connector to integrate that tool with Cloud Native Security directly. We'd also like to see Cloud Native Security add a scan for personally identifying information. We're looking at other tools for this capability, but having that functionality built into Cloud Native Security would be nice. Monitoring PII data is critical to us as an organization."
"JFrog Xray's documentation and error logging could be improved."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."
"X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL."
"JFrog Xray does not have a dashboard."
"Lacks deeper reporting, the ability to compare things."
"Based on my experience, the customization—especially the interface and some of the product identification components—is not as customizable as it could be. But it makes up for that with the fact that we can access the API and then build our own systems to read the data and then process and parse it and hand it to our teams."
"The UI is good, however, they could improve the experience."
"One of the main backlogs in their development is in the area of integration. For example, we have ServiceNow in place for ticket management and Prisma Cloud is supposed to send closure emails for incidents. But from time to time, it fails to do so. We have several other mismatches between Prisma Cloud and ServiceNow."
"When it comes to protecting the full cloud-native stack, it has the right breadth. They're covering all the topics I would care about, like container, cloud configuration, and serverless. There's one gap. There could be a better set of features around identity management—native AWS—IAM roles, and service account management. The depth in each of those areas varies a little bit. While they may have the breadth, I think there's still work to do in flushing out each of those feature sets."
"Getting new guys trained on using the solution requires some thought. If someone is already trained on Palo Alto then he's able to adapt quickly. But, if someone is coming from another platform such as Fortinet, or maybe he's from the system side, that is where we need some help. We need to find out if there is an online track or training that they can go to."
"While Prisma provides a lot of visibility, it also creates a ton of work. Most customers that implement Prisma Cloud have thousands of alerts that are urgent."
"The alignment of Twistlock Defender agents with image repositories needs improvement. These deployed agents have no way of differentiating between on-premise and cloud-based image repositories. If I deploy a Defender agent to secure an on-premise Kubernetes cluster, that agent also tries to scan my ECR image repositories on AWS. So, we have limited options for aligning those Defenders with the repositories that we want them to scan. It is scanning everything rather than giving us the ability to be real granular in choosing which agents can scan which repositories."
"One of the requests is that Prisma Defender for the ECS solution is only supported for Linux. It does not support Windows."
 

Pricing and Cost Advice

"I understand that SentinelOne is a market leader, but the bill we received was astronomical."
"The price depends on the extension of the solution that you want to buy. If you want to buy just EDR, the price is less. XDR is a little bit more expensive. There are going to be different add-ons for Singularity."
"The pricing is fair. It is not inexpensive, and it is also not expensive. When managing a large organization, it is going to be costly, but it meets the business needs. In terms of what is out there on the market, it is fair and comparable to what I have seen, so I do not have any complaints about the cost"
"Their pricing appears to be based simply on the number of accounts we have, which is common for cloud-based products."
"Its pricing was a little less than other providers."
"For pricing, it currently seems to be in line with market rates."
"SentinelOne is relatively cheap. If ten is the most expensive, I would rate it a seven."
"I am personally not taking care of the pricing part, but when we moved from CrowdStrike to PingSafe, there were some savings. The price of CrowdStrike was quite high. Compared to that, the price of PingSafe was low. PingSafe is charging based on the subscription model. If I want to add an AWS subscription, I need to pay more. It should not be based on subscription. It should be based on the number of servers that I am scanning."
Information not available
"We are encountering some resistance in the African market regarding the cost of Prisma Cloud."
"Its price is reasonable as compared to other products. The main challenge is explaining the licensing model to customers. It isn't a problem related to Palo Alto. Commonly, people don't understand cloud licensing or security licensing. When they have fixed virtual machines, they know what they are going to be charged, but when it comes to cloud automation, it is hard for them to get clarity in case of high workloads or when they have enabled auto-scaling, etc. It would be helpful if Palo Alto can educate people on their licensing programs."
"The product is very expensive, but the cost is a necessary evil; I don't know how we could have any kind of cloud presence without this type of monitoring. The pricing is calculated by module and resource usage. Ultimately, it saves us money in the amount of time we would spend uncovering what it uncovers, and we might not make the required discoveries without it anyway. Prisma offers incredible value, though I wish it were cheaper."
"Prisma Cloud licensing works on credits."
"Although the cost can be high, the value is worth the price tag."
"It is an expensive tool. It is not cheap technology. It is a serious investment for any customer. Customers typically buy it together with services. In my experience, customers buying Prisma Cloud are prepared to pay for the implementation and the tool itself."
"Prisma Cloud by Palo Alto Networks has helped the company save some money. Cost-wise, it's okay."
"The licensing cost is a bit high on the compute side."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
9%
Government
5%
Financial Services Firm
26%
Manufacturing Company
13%
Computer Software Company
12%
Government
5%
Educational Organization
17%
Financial Services Firm
13%
Computer Software Company
13%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
It is cost-effective compared to other solutions in the market.
What needs improvement with PingSafe?
In version 2, a lot of rules have been deployed for Kubernetes security and CDR, which makes a lot of issues of criti...
What do you like most about JFrog Xray?
JFrog Xray shows us a list of vulnerabilities that can impact our code.
What needs improvement with JFrog Xray?
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support ...
What is your primary use case for JFrog Xray?
Our primary use case for X-ray includes multiple activities such as security and vulnerability scanning. We already u...
What is your primary use case for Prisma Cloud by Palo Alto Networks ?
Prisma Cloud helps support DevSecOps methodologies, making those responsibilities easier to manage.
What Cloud-Native Application Protection Platform do you recommend?
We like Prisma Cloud by Palo Alto Networks, since it offers us incredible visibility into our entire cloud system. We...
What do you think of Aqua Security vs Prisma Cloud?
Aqua Security is easy to use and very manageable. Its main focus is on Kubernetes and Docker. Security is a very valu...
 

Also Known As

PingSafe
JFrog Security Essentials
Prisma Public Cloud, RedLock Cloud 360, RedLock, Twistlock, Aporeto
 

Overview

 

Sample Customers

Information Not Available
google, amazon, cisco, netflix, oracle, vmware, facebook
Amgen, Genpact, Western Asset, Zipongo, Proofpoint, NerdWallet, Axfood, 21st Century Fox, Veeva Systems, Reinsurance Group of America
Find out what your peers are saying about JFrog Xray vs. Prisma Cloud by Palo Alto Networks and other solutions. Updated: February 2025.
844,944 professionals have used our research since 2012.