Try our new research platform with insights from 80,000+ expert users

JFrog Xray vs Wiz comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Vulnerability Management
6th
Ranking in Container Security
3rd
Average Rating
8.6
Reviews Sentiment
8.1
Number of Reviews
92
Ranking in other categories
Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (3rd)
JFrog Xray
Ranking in Vulnerability Management
22nd
Ranking in Container Security
19th
Average Rating
8.2
Number of Reviews
7
Ranking in other categories
Software Composition Analysis (SCA) (6th), Software Supply Chain Security (3rd)
Wiz
Ranking in Vulnerability Management
3rd
Ranking in Container Security
2nd
Average Rating
9.0
Number of Reviews
19
Ranking in other categories
Cloud Workload Protection Platforms (CWPP) (2nd), Cloud Security Posture Management (CSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (2nd), Data Security Posture Management (DSPM) (2nd), Compliance Management (1st)
 

Mindshare comparison

As of November 2024, in the Vulnerability Management category, the mindshare of SentinelOne Singularity Cloud Security is 1.1%, up from 0.3% compared to the previous year. The mindshare of JFrog Xray is 1.0%, up from 0.1% compared to the previous year. The mindshare of Wiz is 10.4%, up from 7.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Andrew W - PeerSpot reviewer
Aug 29, 2024
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Mokshi Pandita - PeerSpot reviewer
Jun 1, 2023
An intelligent solution that prioritizes which vulnerability to target first in your project
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Wellington Franham - PeerSpot reviewer
Sep 30, 2024
Enhanced security profiling and predictive analysis in diverse industries
We are a partner and develop Wiz opportunities here in Brazil and Latin America. We already have some customers using Wiz as a DSPM platform. We use it in various industries, like retail, where it is used for security profiling and predictive analysis to identify risks. There is also a global…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"PingSafe offers three key features: vulnerability management notifications, cloud configuration assistance, and security scanning."
"The most valuable features of PingSafe are cloud misconfiguration, Kubernetes, and IaC scanning."
"Support has been very helpful and provides regular feedback and help whenever needed. They've been very useful."
"Cloud Native Security has helped us with our risk posture and securing our agenda. It has been tremendous in terms of supporting growth."
"Singularity Cloud's ability to create custom correlation searches and reduce noise is highly valuable."
"The multi-cloud support is valuable. They are expanding to different clouds. It is not restricted to only AWS. It allows us to have different clouds on one platform."
"The remediation process is good."
"The user interface is well-designed and easy to navigate."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"The solution is stable and reliable."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"Good reporting functionalities."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"The security baseline and vulnerability assessments is the valuable feature."
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"The solution is very user-friendly."
"The most valuable feature of Wiz is that it keeps information up to date without needing to perform scans or schedule maintenance windows. It provides a fresh snapshot of our vulnerability metrics."
"Wiz offers greater visibility and more in-depth findings in terms of configuration, misconfiguration, and vulnerabilities."
"Wiz saves time by validating a network misconfiguration by not only looking at the cloud asset configuration but also by testing if a port that is stated to be open is actually open."
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."
 

Cons

"Once all components, including the cloud piece and container runtime piece, integrate further and incorporate an AI layer for better comprehension, it will greatly enhance the utility of Singularity Cloud Security."
"PingSafe can improve by eliminating 100 percent of the false positives."
"We repeatedly get alerts on the tool dashboard that we've already solved on our end, but they still appear. That is somewhat irritating."
"We are getting reports only in a predefined form. I would like to have customized reports so that I can see how many issues are open or closed today or in two weeks."
"The alerting system of the product is an area that I look at and sometimes get confused about. I feel the alerting feature needs improvement."
"I request that SentinelOne investigate this false positive, as SentinelOne has a higher false positive rate than other XDR solutions."
"In addition to our telecom and Slack channels, it would be helpful to receive Cloud Native Security security notifications in Microsoft Teams."
"The reporting works well, but sometimes the severity classifications are inaccurate. Sometimes, it flags an issue as high-impact, but it should be a lower severity."
"JFrog Xray's documentation and error logging could be improved."
"Lacks deeper reporting, the ability to compare things."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"JFrog Xray does not have a dashboard."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."
"Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment."
"The reporting should be improved because until a few months ago, the reports were only in CSV format, which made it difficult to clean up. Wiz tried to improve the reporting process, but it's not as valuable as Tenable."
"One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging."
"They could improve the product's visibility in the internal network topology."
"Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform."
"We noticed some capabilities that were lacking, specifically ignoring some false-positive Issue findings. The good news - with the latest update, this has been resolved."
"As the tool is a good fit for small and medium-sized businesses, the solution should focus on making the product suitable for large-scale businesses."
 

Pricing and Cost Advice

"PingSafe falls somewhere in the middle price range, neither particularly cheap nor expensive."
"PingSafe is fairly priced."
"The cost for PingSafe is average when compared to other CSPM tools."
"The tool is cost-effective."
"Its pricing is constant. It has been constant over the previous year, so I am happy with it. However, price distribution can be better explained. That is the only area I am worried about. Otherwise, the pricing is very reasonable."
"Singularity Cloud Security by SentinelOne is cost-efficient."
"SentinelOne provided competitive pricing compared to other vendors, and we are satisfied with the deal."
"It is not that expensive. There are some tools that are double the cost of PingSafe. It is good on the pricing side."
Information not available
"The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing."
"The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time."
"I wish the pricing was more transparent."
"The cost of the other solutions is comparable to Wiz."
"The pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select."
"Based on the features and capabilities, the product pricing seems reasonable."
"Wiz is a moderately priced solution, where it is neither cheap nor costly."
"Regarding pricing, it’s more than $100k because we have a very big infrastructure. Our environment supports around three thousand people, and we offer business-to-client financial services to around one million clients, so we rely heavily on Wiz."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
16%
Manufacturing Company
10%
Insurance Company
5%
Financial Services Firm
24%
Manufacturing Company
15%
Computer Software Company
13%
Government
5%
Computer Software Company
15%
Financial Services Firm
15%
Manufacturing Company
9%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
I am personally not taking care of the pricing part, but when we moved from CrowdStrike to Singularity Cloud Native S...
What needs improvement with PingSafe?
They can provide some kind of alert when a new type of risk is there. There can be a specific type of alert showing t...
What do you like most about JFrog Xray?
JFrog Xray shows us a list of vulnerabilities that can impact our code.
What needs improvement with JFrog Xray?
There is a tool called DefectDojo for reporting. Reporting is crucial, but it is lacking in the current tool. Every o...
What is your primary use case for JFrog Xray?
We use this solution to identify vulnerabilities in the dependency file. We have the Artifactory package which integr...
How would you compare Wiz vs Lacework?
Wiz and Lacework sucks... Buy Orca.
What do you like most about Wiz?
With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment.
What is your experience regarding pricing and costs for Wiz?
The cost depends on workload, features, and modules, and it is not inexpensive. Other technologies, like Orca, a comp...
 

Also Known As

PingSafe
JFrog Security Essentials
No data available
 

Overview

 

Sample Customers

Information Not Available
google, amazon, cisco, netflix, oracle, vmware, facebook
Wiz is the fastest growing software company ever - $100M ARR in 18 months: Wiz becomes the fastest-growing software company ever | Wiz Blog  Discover why companies, including Salesforce, Morgan Stanley, Fox, and Bridgewater choose Wiz as their cloud security partner. Read their success stories here: Customers | Wiz
Find out what your peers are saying about JFrog Xray vs. Wiz and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.