Try our new research platform with insights from 80,000+ expert users

JFrog Xray vs Snyk comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Container Security
3rd
Average Rating
8.6
Reviews Sentiment
8.0
Number of Reviews
102
Ranking in other categories
Vulnerability Management (6th), Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (3rd)
JFrog Xray
Ranking in Container Security
20th
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
8
Ranking in other categories
Vulnerability Management (24th), Software Composition Analysis (SCA) (6th), Software Supply Chain Security (3rd)
Snyk
Ranking in Container Security
7th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
44
Ranking in other categories
Application Security Tools (4th), Software Composition Analysis (SCA) (3rd), Software Development Analytics (2nd), DevSecOps (1st)
 

Mindshare comparison

As of December 2024, in the Container Security category, the mindshare of SentinelOne Singularity Cloud Security is 2.1%, up from 0.8% compared to the previous year. The mindshare of JFrog Xray is 3.0%, up from 1.9% compared to the previous year. The mindshare of Snyk is 5.9%, down from 8.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Mokshi Pandita - PeerSpot reviewer
An intelligent solution that prioritizes which vulnerability to target first in your project
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Jayashree Acharyya - PeerSpot reviewer
Used for image scanning and identifying vulnerabilities, but its integration with other services could be improved
The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not. We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline. Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance. The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub. Overall, I rate the solution a seven out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is fairly simple. Anybody can use it."
"The cloud misconfiguration is the most valuable feature."
"Atlas security graph is pretty cool. It maps out relationships between components on AWS, like load balancers and servers. This helps visualize potential attack paths and even suggests attack paths a malicious actor might take."
"It saves time, makes your environment more secure, and improves compliance. PingSafe helps with audits, ensuring that you are following best practices for cloud security. You don't need to be an expert to use it and improve your security."
"When creating cloud infrastructure, Cloud Native Security evaluates the cloud security parameters and how they will impact the organization's risk. It lets us know whether our security parameter conforms to international industry standards. It alerts us about anything that increases our risk, so we can address those vulnerabilities and prevent attacks."
"Cloud Security has provided a single view to observe all workloads, prioritization for handling cloud assets, and reduced noise by distinguishing false positives effectively."
"We liked the search bar in PingSafe. It is a global search. We were able to get some insights from there."
"PingSafe offers an intuitive user interface that lets us navigate quickly and easily."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"Good reporting functionalities."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"The solution is stable and reliable."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"What is valuable about Snyk is its simplicity."
"Snyk has given us really good results because it is fully automated. We don't have to scan projects every time to find vulnerabilities, as it already stores the dependencies that we are using. It monitors 24/7 to find out if there are any issues that have been reported out on the Internet."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"The most valuable feature of Snyk is the software composition analysis."
"The product's most valuable features are an open-source platform, remote functionality, and good pricing."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
 

Cons

"There can be a specific type of alert showing that a new type of risk has been identified."
"While PingSafe offers real-time response, there is room for improvement in alert accuracy."
"The recommended actions aren't always specific, so it might suggest recommendations that don't apply to the particular infrastructure code I'm reviewing."
"For SentinelOne, improvements could be made in managing Internet dependency as cloud-based operations can pose challenges in environments with limited connectivity."
"While it is good, I think the solution's console could be improved."
"We had a glitch in PingSafe where it fed us false positives in the past."
"It took us a while to configure the software to work well in this type of environment, as the support documents were not always clear."
"While SentinelOne Singularity Cloud Security offers robust protection, its cost could be a barrier for some users."
"Lacks deeper reporting, the ability to compare things."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"JFrog Xray's documentation and error logging could be improved."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL."
"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"JFrog Xray does not have a dashboard."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"The solution's integration with JFrog Artifactory could be improved."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."
"Generating reports and visibility through reports are definitely things they can do better."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
 

Pricing and Cost Advice

"SentinelOne offers excellent pricing and licensing options."
"As a partner, we receive a discount on the licenses."
"Its pricing is constant. It has been constant over the previous year, so I am happy with it. However, price distribution can be better explained. That is the only area I am worried about. Otherwise, the pricing is very reasonable."
"Singularity Cloud Workload Security's pricing is good."
"Its pricing is okay. It is in line with what other providers were providing. It is not cheap. It is not expensive."
"The pricing for PingSafe in India was more reasonable than other competitors."
"I am not involved in the pricing, but it is cost-effective."
"While I'm slightly out of touch with pricing, I know SentinelOne is much cheaper than other products."
Information not available
"The pricing is reasonable."
"We are using the open-source version for the scans."
"I would rate the pricing of Snyk at two. I'm currently using the free version, which the company offers before buying the full version. So, the price is affordable, especially for an enterprise."
"It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website."
"Presently, my company uses an open-source version of the solution. The solution's pricing can be considered quite reasonable owing to the features they offer."
"Despite Snyk's coverage, scalability, reliability, and stability, it is available at a very competitive price."
"You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it."
"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing a three. It is a cheap solution."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
824,168 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
15%
Manufacturing Company
9%
Government
5%
Financial Services Firm
25%
Manufacturing Company
14%
Computer Software Company
12%
Government
5%
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
The pricing is somewhat high compared to other market tools. This cost can be particularly prohibitive for small busi...
What needs improvement with PingSafe?
To enhance the notification system's efficiency, resolved issues should be promptly removed from the portal. Currentl...
What do you like most about JFrog Xray?
JFrog Xray shows us a list of vulnerabilities that can impact our code.
What needs improvement with JFrog Xray?
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support ...
What is your primary use case for JFrog Xray?
Our primary use case for X-ray includes multiple activities such as security and vulnerability scanning. We already u...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to...
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilit...
What needs improvement with Snyk?
Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR. It lacks the abi...
 

Also Known As

PingSafe
JFrog Security Essentials
No data available
 

Overview

 

Sample Customers

Information Not Available
google, amazon, cisco, netflix, oracle, vmware, facebook
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about JFrog Xray vs. Snyk and other solutions. Updated: December 2024.
824,168 professionals have used our research since 2012.