Try our new research platform with insights from 80,000+ expert users

JFrog Xray vs Qualys TotalCloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Vulnerability Management
6th
Ranking in Container Security
3rd
Average Rating
8.6
Reviews Sentiment
8.1
Number of Reviews
92
Ranking in other categories
Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (3rd)
JFrog Xray
Ranking in Vulnerability Management
22nd
Ranking in Container Security
19th
Average Rating
8.2
Number of Reviews
7
Ranking in other categories
Software Composition Analysis (SCA) (6th), Software Supply Chain Security (3rd)
Qualys TotalCloud
Ranking in Vulnerability Management
30th
Ranking in Container Security
25th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
3
Ranking in other categories
Cloud Workload Protection Platforms (CWPP) (20th), Cloud Security Posture Management (CSPM) (22nd), SaaS Security Posture Management (SSPM) (5th), Cloud-Native Application Protection Platforms (CNAPP) (17th)
 

Featured Reviews

Andrew W - PeerSpot reviewer
Aug 29, 2024
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Mokshi Pandita - PeerSpot reviewer
Jun 1, 2023
An intelligent solution that prioritizes which vulnerability to target first in your project
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Brad Mathis - PeerSpot reviewer
Jun 10, 2024
Offers easy-to-follow instructions, enhanced posture management, and improved visibility
TotalCloud offers written explanations to guide us through fixing security vulnerabilities and reducing cyber risks. For instance, if we click on a finding like "ensure public access level is set to private for block containers" a CIS Microsoft Azure Foundations benchmark, TotalCloud will not only tell us which specific container is failing but also provide remediation steps. These steps include a clear, step-by-step guide to fix the issue directly from the Azure console or command line, making it easy to address security risks. After deploying TotalCloud and configuring the connectors for Azure, we quickly gained visibility into our cloud security posture. While the initial setup gathers data, the overall process is swift and delivers immediate insights. TotalCloud offers a unified way to assess vulnerabilities and threats across both Asset-as-a-service and software-as-a-service applications. While an additional module, Software Detection Response, is required for the same level of detail in SaaS assessments, it integrates seamlessly with TotalCloud and gathers information through the Azure connector. Similarly, the SDR component is used for Microsoft 365 environments, consolidating all threat data into a single report. It has significantly enhanced our posture management insight and awareness. It provides a valuable third-party perspective, highlighting potential security issues we might have missed with Microsoft's built-in settings. This independent view offers a more objective assessment, similar to having a security expert unaffiliated with Microsoft or any specific platform. TotalCloud summarizes our cloud security risks in a single view, prioritizing the most important ones. It allows us to generate reports based on severity levels (critical, high, medium) and offers pre-built dashboards like the Azure one, which highlights the most critical control failures along with the number of affected resources. This way, we can focus on addressing the most urgent issues first. We can use TruRisk in TotalCloud to view a risk score for our virtual machines. This score indicates the overall security posture of the machine, along with details on identified vulnerabilities confirmed and potential. While the TruRisk score is a valuable integration, I haven't had the chance to fully explore its functionalities in our environment yet.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The user-friendliness is the most valuable feature."
"Cloud Native Security is a tool that has good monitoring features."
"The key strength of Singularity Cloud Security lies in its ability to pinpoint vulnerabilities in our cloud accounts and identify suspicious activity that warrants further investigation."
"Cloud Native Security's best feature is its ability to identify hard-coded secrets during pull request reviews."
"The most valuable aspects of PingSafe are its alerting system and the remediation guidance it provides."
"Cloud Native Security helps us discover vulnerabilities in a cloud environment like open ports that allow people to attack our environment. If someone unintentionally opens a port, we are exposed. Cloud Native Security alerts us so we can remediate the problem. We can also automate it so that Cloud Native Security will fix it."
"PingSafe has a dashboard that can detect the criticality of a particular problem, whether it falls under critical, medium, or low vulnerability."
"As a frequently audited company, we value PingSafe's compliance monitoring features. They give us a report with a compliance score for how well we meet certain regulatory standards, like HIPAA. We can show our compliance as a percentage. It's also a way to show that we are serious about security."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"Good reporting functionalities."
"The solution is stable and reliable."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"While automatic inventory detection upon connection is a helpful feature, a truly valuable capability would be assessing an environment's security posture against Azure and CIS best practices."
"Its excellent graphical interface makes the scanning process simple."
"The most valuable feature is extensibility."
 

Cons

"While PingSafe offers real-time response, there is room for improvement in alert accuracy."
"We repeatedly get alerts on the tool dashboard that we've already solved on our end, but they still appear. That is somewhat irritating."
"While the future roadmap presented by SentinelOne appears promising, I hope the envisioned advancements are realistically achievable and that the gap between current offerings and long-term goals is not too significant."
"Currently, we would have to export our vulnerability report to an .xlsx file, and review it in an Excel spreadsheet, and then we sort of compile a list from there. It would be cool if there was a way to actually toggle multiple applications for review and then see those file paths on multiple users rather than only one user at a time or only one application at a time."
"They can work on policies based on different compliance standards."
"Once all components, including the cloud piece and container runtime piece, integrate further and incorporate an AI layer for better comprehension, it will greatly enhance the utility of Singularity Cloud Security."
"We use PingSafe and also SentinelOne. If PingSafe integrated some of the endpoint security features of SentinelOne, it would be the perfect one-stop solution for everything. We wouldn't need to switch between the products. At my organization, I am responsible for endpoint security and vulnerability management. Integrating both functions into one application would be ideal because I could see all the alerts, heat maps, and reports in one console."
"One of the issues with the product stems from the fact that it clubs different resources under one ticket."
"JFrog Xray does not have a dashboard."
"JFrog Xray's documentation and error logging could be improved."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"Lacks deeper reporting, the ability to compare things."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."
 

Pricing and Cost Advice

"PingSafe is priced reasonably for our workload."
"The cost for PingSafe is average when compared to other CSPM tools."
"SentinelOne offers excellent pricing and licensing options."
"Its pricing is okay. It is in line with what other providers were providing. It is not cheap. It is not expensive."
"It is cheap."
"It's a fair price for what you get. We are happy with the price as it stands."
"PingSafe falls within the typical price range for cloud security platforms."
"The price depends on the extension of the solution that you want to buy. If you want to buy just EDR, the price is less. XDR is a little bit more expensive. There are going to be different add-ons for Singularity."
Information not available
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"TotalCloud's price is about right where I would expect it to be."
"Qualys TotalCloud is expensive."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
814,763 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
16%
Manufacturing Company
10%
Insurance Company
5%
Financial Services Firm
24%
Manufacturing Company
15%
Computer Software Company
13%
Government
5%
Computer Software Company
22%
Financial Services Firm
12%
Government
12%
Manufacturing Company
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
I am personally not taking care of the pricing part, but when we moved from CrowdStrike to Singularity Cloud Native S...
What needs improvement with PingSafe?
They can provide some kind of alert when a new type of risk is there. There can be a specific type of alert showing t...
What do you like most about JFrog Xray?
JFrog Xray shows us a list of vulnerabilities that can impact our code.
What needs improvement with JFrog Xray?
There is a tool called DefectDojo for reporting. Reporting is crucial, but it is lacking in the current tool. Every o...
What is your primary use case for JFrog Xray?
We use this solution to identify vulnerabilities in the dependency file. We have the Artifactory package which integr...
What needs improvement with Qualys TotalCloud?
Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionalit...
What is your primary use case for Qualys TotalCloud?
We utilize Qualys TotalCloud to conduct DNS, IP, and WOS scans and identify system vulnerabilities.
 

Also Known As

PingSafe
JFrog Security Essentials
Qualys TotalCloud with FlexScan
 

Overview

 

Sample Customers

Information Not Available
google, amazon, cisco, netflix, oracle, vmware, facebook
Information Not Available
Find out what your peers are saying about JFrog Xray vs. Qualys TotalCloud and other solutions. Updated: October 2024.
814,763 professionals have used our research since 2012.