Try our new research platform with insights from 80,000+ expert users

JFrog Xray vs Qualys TotalCloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Vulnerability Management
6th
Ranking in Container Security
3rd
Average Rating
8.8
Reviews Sentiment
7.8
Number of Reviews
110
Ranking in other categories
Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (2nd)
JFrog Xray
Ranking in Vulnerability Management
25th
Ranking in Container Security
22nd
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
8
Ranking in other categories
Software Composition Analysis (SCA) (6th), Software Supply Chain Security (1st)
Qualys TotalCloud
Ranking in Vulnerability Management
13th
Ranking in Container Security
9th
Average Rating
8.8
Reviews Sentiment
7.7
Number of Reviews
29
Ranking in other categories
Cloud Workload Protection Platforms (CWPP) (10th), Cloud Security Posture Management (CSPM) (10th), SaaS Security Posture Management (SSPM) (2nd), Cloud-Native Application Protection Platforms (CNAPP) (9th)
 

Mindshare comparison

As of April 2025, in the Vulnerability Management category, the mindshare of SentinelOne Singularity Cloud Security is 1.7%, up from 0.5% compared to the previous year. The mindshare of JFrog Xray is 1.5%, up from 0.4% compared to the previous year. The mindshare of Qualys TotalCloud is 1.1%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Mokshi Pandita - PeerSpot reviewer
An intelligent solution that prioritizes which vulnerability to target first in your project
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Sushant Samantara - PeerSpot reviewer
Helps us minimize attack surfaces by identifying root accounts and encryption issues
TotalCloud provides written explanations to guide remediation and eliminate cyber risks. While all cloud platforms offer security features, it's challenging to consolidate them into a single dashboard. Qualys TotalCloud effectively addresses this by consolidating multiple cloud platforms and subscriptions onto one dashboard. This allows users to quickly identify and mitigate misconfigurations and risks, simplifying security management. Before implementing TotalCloud, our compliance rate was approximately 50 to 60 percent. However, after adopting the platform, it has increased to 80 to 90 percent. TotalCloud also helps us minimize attack surfaces by identifying root accounts and encryption issues, thereby enhancing our overall security by 40 percent. TotalCloud offers a unified platform for assessing vulnerabilities and threats across both IaaS and PaaS environments. This unified view has improved our cloud security posture management. We gain a single, prioritized view of risks through TotalCloud's TruRisk Insights feature. This feature considers not only the QDA score but also factors in cost and other relevant elements to provide a comprehensive risk assessment. From a potentially overwhelming list of findings, TruRisk Insights prioritizes the most critical risks, allowing us to focus our efforts and resources on addressing these high-priority tasks efficiently. A single, prioritized view of risk streamlines the risk assessment process by eliminating the need to consolidate multiple sources. This comprehensive view is instrumental in communicating with other business customers who may be unaware of potential risks or misconfigurations within their resources. By identifying and informing them of these issues, we can guide them towards compliance and ensure a more secure environment. TruRisk Insights provides valuable findings by identifying vulnerabilities and misconfigurations, displaying them on a dashboard, and offering deeper insights into the attack surface. It analyzes not only internet-facing devices but also those indirectly connected, providing a comprehensive understanding of potential risks. This is crucial because even devices not directly connected to the internet can be vulnerable if they have an attack surface. TruRisk Insights also offers mitigation strategies, making it a highly useful tool for managing security risks. With the VMDR feature enabled and the Qualys Agent installed on various assets, we can identify existing vulnerabilities. TruRisk Insights then calculates risk scores, prioritizes tasks, and presents the number of findings. This allows us to focus on mitigating high-priority vulnerabilities while deferring those with lower priority, ultimately reducing overall risk. TruRisk Insights provides device details, allowing for containerization of misconfigured devices. This process involves isolating problematic devices and rectifying misconfigurations, ultimately enhancing our security posture.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I would rate this solution a nine out of ten."
"Cloud Native Security is user-friendly. Everything in the Cloud Native Security tool is straightforward, including detections, integration, reporting, etc. They are constantly improving their UI by adding plugins and other features."
"The Offensive Security Engine, powered by impressive AI/ML capabilities, seamlessly integrates with cloud infrastructure to analyze data and provide optimal security solutions."
"Our previous product took a lot of man hours to manage. Once we got Singularity Cloud Workload Security, it freed up our time to work on other tasks."
"I would rate SentinelOne Singularity Cloud Security a ten out of ten."
"Overall, I would rate SentinelOne Singularity Cloud Security a ten out of ten."
"I recommend SentinelOne due to its high-security capabilities, which are essential to safeguard data and systems from potential threats."
"The most valuable feature is the easy-to-understand user interface, which allows even non-technical users to comprehend and resolve issues."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"The solution is stable and reliable."
"Qualys TotalCloud's most valuable feature is its agent versatility."
"The best feature would be the ability to create policies. It is easy to control and update policies as required."
"Qualys TotalCloud has improved our security posture."
"TotalCloud's best feature is the integration of cloud accounts. It helps with the risk and security posture management of our cloud infrastructure."
"Qualys TotalCloud's most valuable feature is its agent versatility."
"Its excellent graphical interface makes the scanning process simple."
"While automatic inventory detection upon connection is a helpful feature, a truly valuable capability would be assessing an environment's security posture against Azure and CIS best practices."
"With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API."
 

Cons

"The Infrastructure as Code service available in PingSafe and the services available in AWS cloud security can be merged so that we can get the security data directly from AWS cloud in PingSafe. This way, all the data related to security will be in one single place. Currently, we have to check a couple of things on PingSafe, and we have to validate that same data on the AWS Cloud to be sure. If they can collaborate like that, it will be great."
"I'd like to see better onboarding documentation."
"When you find a vulnerability and resolve it, the same issue will not occur again. I want PingSafe to block the same vulnerability from appearing again. I want something like a playbook where the steps that we take to resolve an issue are repeated when that issue happens again."
"I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes."
"There should be more documentation about the product."
"The Singularity Cloud Security console is experiencing delays in clearing resolved issues, which can take over an hour to be removed from the display."
"While the future roadmap presented by SentinelOne appears promising, I hope the envisioned advancements are realistically achievable and that the gap between current offerings and long-term goals is not too significant."
"While SentinelOne offers robust security features, its higher cost may present a challenge for budget-conscious organizations."
"JFrog Xray's documentation and error logging could be improved."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"JFrog Xray does not have a dashboard."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."
"Lacks deeper reporting, the ability to compare things."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures."
"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."
"I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations."
"There is room for improvement in the support."
"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested."
"The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources."
 

Pricing and Cost Advice

"PingSafe is priced reasonably for our workload."
"SentinelOne offers excellent pricing and licensing options."
"PingSafe is affordable."
"PingSafe is less expensive than other options."
"PingSafe is cost-effective for the amount of infrastructure we have. It's reasonable for what they offer compared to our previous solution. It's at least 25 percent to 30 percent less."
"Their pricing appears to be based simply on the number of accounts we have, which is common for cloud-based products."
"For pricing, it currently seems to be in line with market rates."
"PingSafe's pricing is good because it provides us with a solution."
Information not available
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"TotalCloud's price is about right where I would expect it to be."
"Qualys TotalCloud is expensive."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"The cost is high, but it meets our organizational needs."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud offers cost-effective licensing flexibility."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
848,989 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
9%
Government
5%
Financial Services Firm
26%
Computer Software Company
12%
Manufacturing Company
12%
Government
5%
Computer Software Company
19%
Financial Services Firm
16%
Government
13%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
It is cost-effective compared to other solutions in the market.
What needs improvement with PingSafe?
The documentation could be better. Besides improving the documentation, obtaining a professional or partner specializ...
What do you like most about JFrog Xray?
JFrog Xray shows us a list of vulnerabilities that can impact our code.
What needs improvement with JFrog Xray?
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support ...
What is your primary use case for JFrog Xray?
Our primary use case for X-ray includes multiple activities such as security and vulnerability scanning. We already u...
What is your experience regarding pricing and costs for Qualys TotalCloud?
It is not cheap. For smaller businesses, people running businesses with a small number of users cannot afford Qualys,...
What needs improvement with Qualys TotalCloud?
While I am still learning TotalCloud, which has the latest features introduced, I attended a Qualys event this year. ...
What is your primary use case for Qualys TotalCloud?
Sometimes I lack the details of misconfigured devices, such as cloud servers and cloud machines, which are hosted in ...
 

Also Known As

PingSafe
JFrog Security Essentials
Qualys TotalCloud with FlexScan
 

Overview

 

Sample Customers

Information Not Available
google, amazon, cisco, netflix, oracle, vmware, facebook
Information Not Available
Find out what your peers are saying about JFrog Xray vs. Qualys TotalCloud and other solutions. Updated: April 2025.
848,989 professionals have used our research since 2012.