No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Defender for Cloud vs Trivy comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 25, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Microsoft Defender for Cloud
Ranking in Container Security
4th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
89
Ranking in other categories
Vulnerability Management (5th), Container Management (6th), Cloud Workload Protection Platforms (CWPP) (1st), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (4th), Data Security Posture Management (DSPM) (4th), Microsoft Security Suite (7th), Compliance Management (4th), Cloud Detection and Response (CDR) (3rd)
Trivy
Ranking in Container Security
5th
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
12
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of Microsoft Defender for Cloud is 5.2%, down from 6.8% compared to the previous year. The mindshare of Trivy is 2.7%, down from 5.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Microsoft Defender for Cloud5.2%
Trivy2.7%
Qualys TotalCloud1.5%
Other90.6%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
RW
Head Of IT at Cirrus Response
Cloud security has cut investigation time and now reveals threats faster but needs simpler oversight
When deploying AI applications, my key security concerns with Microsoft Defender for Cloud are data loss, leakage of data, and guardrails around the actual AI, and I am hoping that this is going to help me put those guardrails in place and identify data exfiltration. Microsoft Defender for Cloud has not helped me manage and secure multi-cloud environments, as we are 100 percent Microsoft and have not really got it in any other environment at all. I am not yet using the unified AI-powered security feature offered by Microsoft Defender for Cloud, but that is coming. I am not yet using the integrated XDR feature of Microsoft Defender for Cloud, but that is coming. I am not yet utilizing the GenAI threat protection features of Microsoft Defender for Cloud. That is also coming and a lot of that will come from learning it here. I have enabled the agentless scanning in my cloud environment with Microsoft Defender for Cloud. Assessing the impact on my workload protection without needing to install agents with Microsoft Defender for Cloud makes it a lot easier, but it also identifies a lot more, which puts more load on me sometimes. I would advise another organization considering Microsoft Defender for Cloud that it is the most logical route to follow if their whole ecosystem is Microsoft. It is easy to implement and it is very self-explanatory when doing it, making sense to just follow the steps as it is too simple, really. I would rate this review a 7.5 out of 10.
Utsav Sharma - PeerSpot reviewer
Senior Security Consultant at Ernst & Young
Maintain operational efficiency by detecting misconfigurations and vulnerabilities
The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma. It also offers repository scanning in the source code domain, allowing pre-push code scans. The misconfiguration detection works well for CloudFormation, Docker files, and Terraform. Its compliance support, like NIST, ensures that configurations align with standards. Trivy helps me significantly detect misconfigurations missed by the ops engineers or in Terraform by the naked eye. It ensures that my deployments are free of misconfigurations and vulnerabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I would definitely recommend Qualys TotalCloud to other customers."
"Qualys TotalCloud has significantly reduced our workload in terms of managing risks, helping us to be more efficient and save substantial resources."
"I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."
"Qualys TotalCloud provides a single, prioritized view of risk, reducing the workload associated with consolidating multiple sources for risk prioritization."
"One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us."
"Its dashboards are brilliant. It provides in-depth insights."
"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"DSPM is the most valuable feature."
"No doubt it is useful as per the log analysis and threat protection analysis."
"The solution has improved our organization in terms of benchmarking, our Secure Score has improved a lot, and we're compliant with particular benchmarks."
"We can create alerts that trigger if there is any malicious activity happening in the workflow and these alerts can be retrieved using the query language."
"The most valuable feature is that it's intuitive. It's very intuitive."
"Microsoft Defender for Cloud has improved our security poster by at least 100 percent."
"Defender for Cloud provides a prioritized list of remediations for security issues, reducing risk and improving security operations."
"It's got a lot of great features."
"It is open-source."
"I definitely recommend Trivy."
"Trivy is most valuable for its ability to scan all repository files and dependencies."
"Trivy is particularly useful for checking if Docker images have critical vulnerabilities before they reach production."
"The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma."
"I appreciate Trivy for being open-source and not requiring any payment."
"Trivy's ability to scan files, images, GitHub repositories, Infrastructure as Code like Terraform, and Kubernetes is valuable."
"One of the great features of Trivy is that it helps me scan items such as AWS credentials and GCP service accounts."
 

Cons

"The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."
"It is already perfect, but they can bring some newer dashboards and customization options for the dashboard. It would be great to be able to include on-prem assets on the dashboard."
"Their support could be improved."
"Their customer support needs improvement."
"Although TotalCloud is a helpful tool, some of its advanced features are still under development."
"Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures."
"The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements."
"Areas that need improvement in every solution include the remediation part. The remediation steps should be simple enough for everyone to understand."
"There are many unknowns with AI applications. AI agents will operate while you're not present, whether you are sleeping or awake, and it's unclear whether there would be any exfiltration of data or how data is being managed."
"I would like to see more connectors and plugins with other platforms."
"The product's advanced analytics and reporting features could be improved."
"I would like to have the ability to customize executive reporting."
"It's very expensive in terms of the need to maintain it actively."
"The solution could extend its capabilities to other cloud providers."
"So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product."
"From a compliance standpoint, they can include some more metrics and some specific compliances such as GDPR."
"The reporting could be a little better. When integrating Trivy with CI, the interpretation of the reports could be improved."
"For malware detection, I need to use two tools: Trivy as my anomaly scanner and ClamAV. I am integrating these two tools into the CI pipeline. If both malware and anomaly detection could be managed by one tool, I would not need to depend on two tools. That would be my suggestion."
"Trivy generates many false positives, flagging non-existent vulnerabilities. Improvements could include better contextual analysis or granular filtering."
"Trivy can improve by providing an output in PDF format. Additionally, it takes longer to scan container images built with many layers."
"Trivy is not scalable; however, I have scanned very large projects with it. It is stable but not scalable according to my experience."
"Trivy's marketing and awareness need improvement."
"Trivy can improve by providing an output in PDF format."
"Having little experience can hinder the ability to connect it to a user-friendly UI effectively."
 

Pricing and Cost Advice

"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"The cost is high, but it meets our organizational needs."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud is expensive."
"Microsoft's licensing and pricing are sometimes complicated. If someone is new to Microsoft's licensing, they might have difficulty with it."
"There are improvements that have to be made to the licensing. Currently, for servers, it has to be done by grouping the servers on a single subscription... We don't have an option whereby, if all those resources are in one subscription, we can have each of the individual servers subject to different planning."
"The licensing is straightforward but can become expensive if you cover everything. You must balance the cost against the importance of what needs covering."
"Although I am outside of the discussion on budget and costing, I can say that the importance of security provided by this solution is of such importance that whatever the cost is, it is not a factor."
"This is a worldwide service and depending on the country, there will be different prices."
"Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters."
"I am not involved much with the pricing but the bundle offering is good."
"We only use the free tier, so we haven't faced any pricing, setup costs, or licensing challenges."
Information not available
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
903,182 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
12%
Computer Software Company
10%
Manufacturing Company
9%
Government
6%
Financial Services Firm
13%
Manufacturing Company
11%
Computer Software Company
10%
Comms Service Provider
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business31
Midsize Enterprise12
Large Enterprise49
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise9
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
How is Prisma Cloud vs Azure Security Center for security?
Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening acros...
What is your experience regarding pricing and costs for Microsoft Defender for Cloud?
My experience with pricing, setup costs, and licensing was that the license cost was the only consideration. Setup an...
What needs improvement with Microsoft Defender for Cloud?
To improve Microsoft Defender for Cloud, I think pricing-wise, the license price is a little bit higher from an inges...
What needs improvement with Trivy?
Trivy's marketing and awareness need improvement. Not everyone knows about it, which isn't ideal given its capabiliti...
What is your primary use case for Trivy?
I use Trivy ( /products/trivy-reviews ) to scan code for vulnerabilities before deployment. Our projects, which are d...
What advice do you have for others considering Trivy?
I recommend Trivy to others due to its powerful and useful features. However, I suggest increasing its marketing to r...
 

Also Known As

Qualys TotalCloud with FlexScan
Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
No data available
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
Information Not Available
Find out what your peers are saying about Microsoft Defender for Cloud vs. Trivy and other solutions. Updated: June 2026.
903,182 professionals have used our research since 2012.