Try our new research platform with insights from 80,000+ expert users

JFrog Xray vs Tenable Nessus comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024
 

Categories and Ranking

JFrog Xray
Ranking in Vulnerability Management
22nd
Average Rating
8.2
Number of Reviews
7
Ranking in other categories
Container Security (19th), Software Composition Analysis (SCA) (6th), Software Supply Chain Security (3rd)
Tenable Nessus
Ranking in Vulnerability Management
1st
Average Rating
8.4
Number of Reviews
78
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Vulnerability Management category, the mindshare of JFrog Xray is 1.0%, up from 0.1% compared to the previous year. The mindshare of Tenable Nessus is 13.2%, down from 16.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Mokshi Pandita - PeerSpot reviewer
Jun 1, 2023
An intelligent solution that prioritizes which vulnerability to target first in your project
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Matthew Weisler - PeerSpot reviewer
Feb 16, 2023
Unlimited assets for one price and quick, agentless results
I implement the solution as a vulnerability management tool for client use cases. It can be used for public factors because it sits right where you have tie in and bleeds over or in between other tools as another piece in the EDR puzzle. The solution identifies vulnerabilities, applies patches, and…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"The solution is stable and reliable."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"Good reporting functionalities."
"The most valuable feature of Tenable Nessus is vulnerability assessments. There are a lot of threats around the world and this solution is the first to come out with detection rules."
"The solution is great for scanning servers."
"Tenable Nessus streamlines the process of scanning for our organization."
"It gives you an unlimited IP scan."
"Its initial setup was simple and straightforward."
"Easy to set up vulnerability scanner with good stability and a responsive technical support team."
"I have experience with it on my attack stations, and it's pretty good to optimize. Personally, I think Nessus is quite a good product."
"Quick assessments, compliance scores, and results are provided without having to do agents."
 

Cons

"JFrog Xray does not have a dashboard."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"JFrog Xray's documentation and error logging could be improved."
"Lacks deeper reporting, the ability to compare things."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"I have found it is sometimes difficult to control the Zoom meeting sessions. For example, it is difficult to know who is talking and when trying to mute everyone but the speaker you end up muting everyone. When using multiple screens it is laborious to find the control buttons, such as to start a session. Additionally, when a recording is done I have found it difficult to find them, there should be an easier way to retrieve them."
"Remediation needs improvement."
"In terms of what could be improved, I would say its reporting portion."
"The accuracy of the vulnerability assessment is not up to par yet, as false alarms and false positives occur often."
"The reports are okay, but the interface is a bit difficult to navigate in some cases."
"The interface is a little bit clunky, and the reporting is not marvelous. There should be better integration of reporting between instances. Currently, the instance stands alone, and it produces a report. Being able to amalgamate those reports with another instance will be useful."
"Tenable Nessus could improve the reporting."
"The product must be more comprehensive."
 

Pricing and Cost Advice

Information not available
"Tenable Nessus needs to be licensed. We own a license for the security center and that license is charged by the number of IP addresses that you can scan. You're allowed to have as many scanners as you want and there's no license for the number of scanners. We have a bunch of Nessus scanners out there, and as long as we're comfortable with staying under that IP address limit, that's really all we have to be concerned about."
"The solution has free options."
"The newer tools are quite pricey. There is a case of some fine tuning that can be done in terms of licensing. The IP based licensing that is offered makes the tool very expensive. If they want the IT industry to adopt it, the price should be looked at."
"The product is free."
"The solution is worth the cost. It's a good investment."
"I think the price is fairly affordable. It provides a license that is fair."
"Nessus Manager is not an expensive product. It has its limitations, but the pricing reflects that. We have a yearly subscription."
"We pay approximately $2,500 on a yearly basis."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
24%
Manufacturing Company
15%
Computer Software Company
13%
Government
5%
Educational Organization
39%
Computer Software Company
10%
Government
7%
Financial Services Firm
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about JFrog Xray?
JFrog Xray shows us a list of vulnerabilities that can impact our code.
What needs improvement with JFrog Xray?
There is a tool called DefectDojo for reporting. Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefor...
What is your primary use case for JFrog Xray?
We use this solution to identify vulnerabilities in the dependency file. We have the Artifactory package which integrates with Xray-like plugins. We can automatically plug this tool into Xray to co...
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid...
What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of the program is such that if a company should desire to handle the installation t...
What do you like most about Tenable Nessus?
We have around 500 virtual machines. Therefore, we conduct monthly scans and open tickets for our developers to address identified vulnerabilities. These scans cover the servers, other network equi...
 

Comparisons

 

Also Known As

JFrog Security Essentials
No data available
 

Learn More

 

Overview

 

Sample Customers

google, amazon, cisco, netflix, oracle, vmware, facebook
Bitbrains, Tesla, Just Eat, Crosskey Banking Solutions, Covenant Health, Youngstown State University
Find out what your peers are saying about JFrog Xray vs. Tenable Nessus and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.