JFrog Xray vs Qualys VMDR comparison

JFrog and Qualys are both solutions in the Vulnerability Management category. JFrog is ranked #25 with an average rating of 8.0, while Qualys is ranked #3 with an average rating of 8.2. JFrog holds a 1.6% mindshare in VM, compared to Qualys’s 8.2% mindshare. Additionally, 100% of JFrog users are willing to recommend the solution, compared to 94% of Qualys users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 5, 2025

Qualys VMDR and JFrog Xray compete in cybersecurity, offering vulnerability management, detection, and response capabilities. While Qualys VMDR has strong security features and broad integrations, JFrog Xray appeals to DevOps environments with its advanced artifact analysis capabilities, making it attractive for specific use cases.

Features: Qualys VMDR provides vulnerability management, asset discovery, and comprehensive reporting. JFrog Xray excels with deep scanning of software dependencies, advanced artifact analysis, and its seamless integration with DevOps pipelines.

Ease of Deployment and Customer Service: Qualys VMDR offers straightforward deployment and reliable customer support with minimal setup time. JFrog Xray, while flexible for existing DevOps environments, may require more time to install and integrate fully but supports quality customer service.

Pricing and ROI: Qualys VMDR is competitively priced with a potentially quicker ROI due to its integration capabilities and lower initial setup costs. JFrog Xray's higher upfront costs could lead to substantial ROI by leveraging its specialized features and security enhancements over time.

To learn more, read our detailed JFrog Xray vs. Qualys VMDR Report (Updated: February 2025).

Buyer's Guide

JFrog Xray vs. Qualys VMDR

February 2025

Download the complete report

Helped 842,296 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

SentinelOne Singularity Clo...

Mindshare comparison

As of March 2025, in the Vulnerability Management category, the mindshare of SentinelOne Singularity Cloud Security is 1.7%, up from 0.6% compared to the previous year. The mindshare of JFrog Xray is 1.6%, up from 0.3% compared to the previous year. The mindshare of Qualys VMDR is 8.2%, down from 11.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Vulnerability Management

Featured Reviews

Andrew W

VP - Information Technology at a financial services firm with 201-500 employees

Tells us about vulnerabilities as well as their impact and helps to focus on real issues

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

Read full review

Mokshi Pandita

DevOps Engineer at Rambøll Danmark A/S

An intelligent solution that prioritizes which vulnerability to target first in your project

We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.

Read full review

Harold Jensen

Senior Cybersecurity Engineer at 3M Health Information Systems

Good visibility but expensive and needs better support

Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others. User account management: We often have to give users more rights than needed just to give them what they need. Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. QSL syntax same in all modules Responsiveness of some of the components: They time out, you get a blank screen, etc. Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable aspect of Singularity Cloud Security is its unified dashboard."

"PingSafe stands out for its user-friendly interface and intuitive software, making it easy to navigate and use."

"SentinelOne's behaviour analytics are valuable because they detect anomalies and malicious behaviour that signature-based solutions might miss."

"The visibility is the best part of the solution."

"The solution helped free other staff to work on other projects or other tasks. We basically just had to do a bunch of upfront configuring. With it, we do not have to spend as much time in the console."

"I would rate this solution a nine out of ten."

"I would rate SentinelOne Singularity Cloud Security a ten out of ten."

"Singularity Cloud Security's most valuable features are its ease of scalability and comprehensive security measures."

More SentinelOne Singularity Cloud Security pros

"The solution is stable and reliable."

"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."

"JFrog Xray shows us a list of vulnerabilities that can impact our code."

"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."

"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."

"Good reporting functionalities."

"JFrog Xray's reporting feature has a lot of options in it, including scanning."

"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."

More JFrog Xray pros

"It is a simple solution that makes scanning easy. You just give it a scheduled task, and it will do everything for you."

"The Vulnerability Management and Patch Management features are the most valuable features of this solution."

"The prioritization feature is great. I think it has all of the advanced features that we need."

"I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if tags aren't made."

"Provides great functionality."

"What I like about Qualys VM is the dashboard presentation. It's very good."

"The best features of Qualys VMDR are its patch management capabilities and the ability to mitigate vulnerabilities automatically."

"Vulnerability management is the most valuable one and it’s a must in every organization."

More Qualys VMDR pros

Cons

"While the future roadmap presented by SentinelOne appears promising, I hope the envisioned advancements are realistically achievable and that the gap between current offerings and long-term goals is not too significant."

"I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes."

"Bugs need to be disclosed quickly."

"The areas with room for improvement include the cost, which is higher compared to other security platforms. The dashboard can also be laggy."

"There is room for improvement in the current active licensing model for PingSafe."

"PingSafe takes four to five hours to detect and highlight an issue, and that time should be reduced."

"We use PingSafe and also SentinelOne. If PingSafe integrated some of the endpoint security features of SentinelOne, it would be the perfect one-stop solution for everything. We wouldn't need to switch between the products. At my organization, I am responsible for endpoint security and vulnerability management. Integrating both functions into one application would be ideal because I could see all the alerts, heat maps, and reports in one console."

"A beneficial improvement for PingSafe would be integration with Jira, allowing for a more streamlined ticketing system."

More SentinelOne Singularity Cloud Security cons

"JFrog Xray's documentation and error logging could be improved."

"X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL."

"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."

"Since we have been using the solution via APIs, there are some limitations in the APIs."

"JFrog Xray does not have a dashboard."

"Lacks deeper reporting, the ability to compare things."

"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."

"The speed of JFrog Xray should improve. Other solutions have better performance."

More JFrog Xray cons

"The reporting section needs improvement as running reports can take several hours."

"I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities."

"The reporting and dashboards could improve in Qualys VM. However, they have improved since the previous versions."

"From the application security perspective, Qualys has a way to go."

"The response time of technical support takes a while."

"We face issues while scanning multiple assets."

"The response time of technical support takes a while."

"I do not like that all of the data is stored on the cloud."

More Qualys VMDR cons

Pricing and Cost Advice

"It's a fair price for what you get. We are happy with the price as it stands."

"We found it to be fine for us. Its price was competitive. It was something we were happy with. We are not a Fortune 500 company, so I do not know how pricing scales at the top end, but for our cloud environment, it works very well."

"Its pricing was a little less than other providers."

"We have an enterprise license. It is affordable. I'm not sure, but I think we pay 150,000 rupees per month."

"PingSafe is affordable."

"I am personally not taking care of the pricing part, but when we moved from CrowdStrike to PingSafe, there were some savings. The price of CrowdStrike was quite high. Compared to that, the price of PingSafe was low. PingSafe is charging based on the subscription model. If I want to add an AWS subscription, I need to pay more. It should not be based on subscription. It should be based on the number of servers that I am scanning."

"The licensing is easy to understand and implement, with some flexibility to accommodate dynamic environments."

"It is not that expensive. There are some tools that are double the cost of PingSafe. It is good on the pricing side."

More SentinelOne Singularity Cloud Security pricing and cost advice

Information not available

"Qualys is a pay-as-you-go model, so there's flexibility to the pricing."

"An annual license for a single scanner costs around $3,000."

"There is a license for the use of this solution. We pay annually instead of monthly to receive a better discount on the price."

"Usually every implementation is different and the quote is in function of number of assets."

"The pricing and licensing for Qualys could be improved."

"There are no additional fees in addition to the standard licensing fees."

"When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."

"We have an annual contract for Qualys VMDR. I believe it's for either two years or five years."

More Qualys VMDR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

842,296 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

15%

Manufacturing Company

Government

Financial Services Firm

26%

Manufacturing Company

13%

Computer Software Company

12%

Government

Educational Organization

36%

Financial Services Firm

11%

Computer Software Company

10%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about PingSafe?

The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...

See all answers

What is your experience regarding pricing and costs for PingSafe?

It is cost-effective compared to other solutions in the market.

See all answers

What needs improvement with PingSafe?

In version 2, a lot of rules have been deployed for Kubernetes security and CDR, which makes a lot of issues of criti...

See all answers

What do you like most about JFrog Xray?

JFrog Xray shows us a list of vulnerabilities that can impact our code.

See all answers

What needs improvement with JFrog Xray?

X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support ...

See all answers

What is your primary use case for JFrog Xray?

Our primary use case for X-ray includes multiple activities such as security and vulnerability scanning. We already u...

See all answers

What do you like most about Qualys VMDR?

I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagg...

See all answers

What is your experience regarding pricing and costs for Qualys VMDR?

Qualys offers better pricing and is feature-packed compared to other tools.

See all answers

What needs improvement with Qualys VMDR?

They can tweak their UI since the new version seems a bit jumbled up, and the old UI was more user-friendly.

See all answers

Comparisons

Wiz vs SentinelOne Singularity Cloud Security

Compared 24% of the time

Prisma Cloud by Palo Alto Networks vs SentinelOne Singularity Cloud Security

Compared 21% of the time

AWS GuardDuty vs SentinelOne Singularity Cloud Security

Compared 8% of the time

Microsoft Defender for Cloud vs SentinelOne Singularity Cloud Security

Compared 7% of the time

ProcessUnity vs SentinelOne Singularity Cloud Security

Compared 2% of the time

More SentinelOne Singularity Cloud Security Competitors

Black Duck vs JFrog Xray

Compared 17% of the time

Trivy vs JFrog Xray

Compared 14% of the time

Veracode vs JFrog Xray

Compared 7% of the time

Prisma Cloud by Palo Alto Networks vs JFrog Xray

Compared 5% of the time

Mend.io vs JFrog Xray

Compared 5% of the time

More JFrog Xray Competitors

Tenable Nessus vs Qualys VMDR

Compared 16% of the time

Rapid7 InsightVM vs Qualys VMDR

Compared 9% of the time

Microsoft Defender Vulnerability Management vs Qualys VMDR

Compared 9% of the time

Tenable Security Center vs Qualys VMDR

Compared 6% of the time

Wiz vs Qualys VMDR

Compared 6% of the time

More Qualys VMDR Competitors

Product Reports

Buyer's Guide

SentinelOne Singularity Cloud Security

March 2025

SentinelOne Singularity Cloud Security report

Download SentinelOne Singularity Cloud Security product report

Buyer's Guide

JFrog Xray

March 2025

Download JFrog Xray product report

Buyer's Guide

Qualys VMDR

March 2025

Download Qualys VMDR product report

Also Known As

PingSafe

JFrog Security Essentials

Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security

Overview

SentinelOne Singularity Cloud Security protects cloud workloads, offering advanced threat detection and automated response. It integrates seamlessly with cloud environments and secures containerized applications and virtual machines against vulnerabilities.

SentinelOne Singularity Cloud Security is renowned for its efficiency in mitigating threats in real-time. The platform integrates effortlessly with existing cloud environments, ensuring robust cloud security management with minimal manual intervention. Securing containerized applications and virtual machines, it excels in threat intelligence and endpoint protection. However, improvements are needed in performance during high workload periods, and more integrations with third-party tools and better documentation would be beneficial. Users often find the installation process complex, support response times slow, and the dashboard's navigation unintuitive.

What are the key features of SentinelOne Singularity Cloud Security?

Real-time Threat Detection: Identifies and mitigates threats as they occur.
Automated Response: Automatically responds to threats to minimize impact.
Ease of Deployment: Simple setup process with scalable options.
Machine Learning Insights: AI-driven insights enhance threat prevention.
Seamless Integration: Integrates with cloud environments for unified security management.

What are the primary benefits or ROI to expect from SentinelOne Singularity Cloud Security?

Enhanced Threat Mitigation: Improved security against real-time threats.
Reduced Manual Intervention: Automated processes save time and resources.
Scalability: Easily adapts to growing security requirements.
Centralized Management: Manage security across platforms from a single console.
Advanced Threat Intelligence: Provides in-depth analysis and protection.

In specific industries, SentinelOne Singularity Cloud Security is implemented to safeguard critical data and infrastructure. Organizations in finance, healthcare, and technology depend on its real-time threat detection and automated response to protect sensitive information. Its ability to secure containerized applications and virtual machines is particularly valuable in dynamic environments where rapid scaling is necessary.

SentinelOne

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

If you are a team player and you care and you play to WIN, we have just the job you're looking for.

As we say at JFrog: "Once You Leap Forward You Won't Go Back!"

JFrog

Vulnerability Management, Detection, and Response (VMDR) is a cornerstone product of the Qualys TruRisk Platform and a global leader in the enterprise-grade vulnerability management (VM) vendor space. With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure their actual risk exposure over time.

Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB), Qualys Patch Management, Custom Assessment and Remediation (CAR), Qualys TotalCloud and other Qualys and non-Qualys solutions to facilitate vulnerability detection and remediation across the entire enterprise.

With VMDR, users are empowered with actionable risk insights that translate vulnerabilities and exploits into optimized remediation actions based on business impact. Qualys customers can now aggregate and orchestrate data from the Qualys Threat Library, 25+ threat intelligence feeds, and third-party security and IT solutions, empowering organizations to measure, communicate, and eliminate risk across on-premises, hybrid, and cloud environments.

Qualys

Sample Customers

Information Not Available

google, amazon, cisco, netflix, oracle, vmware, facebook

Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx

Buyer's Guide

JFrog Xray vs. Qualys VMDR

February 2025

Free Report: JFrog Xray vs. Qualys VMDR

Find out what your peers are saying about JFrog Xray vs. Qualys VMDR and other solutions. Updated: February 2025.

DOWNLOAD NOW

842,296 professionals have used our research since 2012.

See our JFrog Xray vs. Qualys VMDR report.

See our list of best Vulnerability Management vendors and best Container Security vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.