Try our new research platform with insights from 80,000+ expert users

Trivy vs Wiz comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Container Security
3rd
Average Rating
8.8
Reviews Sentiment
7.8
Number of Reviews
109
Ranking in other categories
Vulnerability Management (6th), Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (2nd)
Trivy
Ranking in Container Security
16th
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
8
Ranking in other categories
No ranking in other categories
Wiz
Ranking in Container Security
2nd
Average Rating
9.0
Reviews Sentiment
7.6
Number of Reviews
20
Ranking in other categories
Vulnerability Management (1st), Cloud Workload Protection Platforms (CWPP) (1st), Cloud Security Posture Management (CSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (2nd), Data Security Posture Management (DSPM) (2nd), Compliance Management (1st), Cloud Detection and Response (CDR) (1st)
 

Mindshare comparison

As of April 2025, in the Container Security category, the mindshare of SentinelOne Singularity Cloud Security is 2.1%, up from 1.0% compared to the previous year. The mindshare of Trivy is 5.5%, up from 0.7% compared to the previous year. The mindshare of Wiz is 18.6%, up from 15.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Utsav Sharma - PeerSpot reviewer
Maintain operational efficiency by detecting misconfigurations and vulnerabilities
The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma. It also offers repository scanning in the source code domain, allowing pre-push code scans. The misconfiguration detection works well for CloudFormation, Docker files, and Terraform. Its compliance support, like NIST, ensures that configurations align with standards. Trivy helps me significantly detect misconfigurations missed by the ops engineers or in Terraform by the naked eye. It ensures that my deployments are free of misconfigurations and vulnerabilities.
Pietro Villivà - PeerSpot reviewer
Useful for security assessment and maintaining correct security posture
The tool keeps improving on a weekly basis. Wiz enters into a lot of partnerships with other technologies. I don't have any idea about the improvements needed in the tool at the moment. For me, Wiz is a very complete product, but it is not the perfect one. Other technologies are better for our customers' specific use cases. A possible way to grow the tool is by introducing new functionality or features. In the future, the tool can introduce an on-prem infrastructure or platform. Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment. The onboarding can be done in five minutes or five to ten minutes. Then, there is the configuration, and it depends on the type of the use case of the customer. There is a customer that has simple use cases for whom the onboarding can be done in four to eight hours a day. If there are some customers with a lot of use cases and a lot of different cloud providers, more time is needed. In general, we don't need more than five days to deploy the tool, even in the case of a very complex architecture and hybrid cloud environment. To deploy the tool, we need to have access to the account of the customer, and Wiz is a stuff that we need to make with the customer. We do the onboarding together. The customer creates the correct authorization in the cloud platform and gives us the key to connect to the platform, and then the platform connector starts and begins to collect information.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I recommend SentinelOne due to its high-security capabilities, which are essential to safeguard data and systems from potential threats."
"I would rate SentinelOne Singularity Cloud Security a nine out of ten."
"The compliance monitoring feature of SentinelOne Singularity Cloud Security gives us a report with a compliance score to ensure we meet certain regulatory standards."
"The offensive security where they do a fix is valuable. They go to a misconfiguration and provide detailed alerts on what could be there. They also provide a remediation feature where if we give the permission, they can also go and fix the issue."
"The cloud misconfiguration feature and Offensive Security Engine, as well as their alerting process, are valuable."
"Singularity Cloud's ability to create custom correlation searches and reduce noise is highly valuable."
"PingSafe's most valuable feature is its unified console."
"The multi-cloud support is valuable. They are expanding to different clouds. It is not restricted to only AWS. It allows us to have different clouds on one platform."
"It's customizable, allowing me to add any rules and format HTML templates as I wish."
"Trivy is easy to integrate with CI/CD and can be installed on desktops to scan images."
"I definitely recommend Trivy."
"Trivy's open source nature and wide functionality are incredibly valuable."
"Overall, I would rate Trivy a ten out of ten."
"I appreciate Trivy for being open-source and not requiring any payment."
"One of the great features of Trivy is that it helps me scan items such as AWS credentials and GCP service accounts."
"Trivy's open source nature and wide functionality are incredibly valuable."
"The solution is very user-friendly."
"Wiz offers greater visibility and more in-depth findings in terms of configuration, misconfiguration, and vulnerabilities."
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."
"The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address."
"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"Wiz saves time by validating a network misconfiguration by not only looking at the cloud asset configuration but also by testing if a port that is stated to be open is actually open."
 

Cons

"There is a bit of a learning curve for new users."
"The cloud-based operations might pose challenges in areas with limited or unavailable internet connectivity."
"I would like additional integrations."
"In addition to our telecom and Slack channels, it would be helpful to receive Cloud Native Security security notifications in Microsoft Teams."
"The Kubernetes scanning on the Oracle Cloud needs to be improved. It's on the roadmap. AWS has this capability, but it's unavailable for Oracle Cloud."
"There's an array of upcoming versions with numerous features to be incorporated into the roadmap. Customers particularly appreciate the service's emphasis on intensive security, especially the secret scanning aspect. During the proof of concept (POC) phase, the system is required to gather logs from the customer's environment. This process entails obtaining specific permissions, especially in terms of gateway access. While most permissions for POC are manageable, the need for various permissions may need improvement, especially in the context of security."
"PingSafe can be improved by developing a comprehensive set of features that allow for automated workflows."
"While it is good, I think the solution's console could be improved."
"The reporting could be a little better. When integrating Trivy with CI, the interpretation of the reports could be improved."
"The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting."
"The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting."
"In our CI/CD pipelines, Trivy lacks built-in functionality for report analysis."
"Trivy generates many false positives, flagging non-existent vulnerabilities."
"For malware detection, I need to use two tools: Trivy as my anomaly scanner and ClamAV. I am integrating these two tools into the CI pipeline. If both malware and anomaly detection could be managed by one tool, I would not need to depend on two tools."
"One drawback I have observed with Trivy is the difficulty in building or integrating a UI, particularly for an operator in the NetSuite example."
"Having little experience can hinder the ability to connect it to a user-friendly UI effectively."
"The remediation workflow within the Wiz could be improved."
"We noticed some capabilities that were lacking, specifically ignoring some false-positive Issue findings. The good news - with the latest update, this has been resolved."
"In Brazil, the cost is a significant issue due to the currency exchange rate."
"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."
"We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."
"The reporting should be improved because until a few months ago, the reports were only in CSV format, which made it difficult to clean up. Wiz tried to improve the reporting process, but it's not as valuable as Tenable."
"Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment."
 

Pricing and Cost Advice

"I would rate the cost a seven out of ten with ten being the most costly."
"The pricing is fair. It is not inexpensive, and it is also not expensive. When managing a large organization, it is going to be costly, but it meets the business needs. In terms of what is out there on the market, it is fair and comparable to what I have seen, so I do not have any complaints about the cost"
"PingSafe's primary advantage is its ability to consolidate multiple tools into a single user interface, but, beyond this convenience, it may not offer significant additional benefits to justify its price."
"Its pricing is constant. It has been constant over the previous year, so I am happy with it. However, price distribution can be better explained. That is the only area I am worried about. Otherwise, the pricing is very reasonable."
"The pricing for PingSafe in India was more reasonable than other competitors."
"It's not expensive. The product is in its initial growth stages and appears more competitive compared to others. It comes in different variants, and I believe the enterprise version costs around $55 per user per year. I would rate it a five, somewhere fairly moderate."
"The pricing is somewhat high compared to other market tools."
"It is cost-effective compared to other solutions in the market."
Information not available
"Regarding pricing, it’s more than $100k because we have a very big infrastructure. Our environment supports around three thousand people, and we offer business-to-client financial services to around one million clients, so we rely heavily on Wiz."
"The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing."
"I wish the pricing was more transparent."
"Wiz is a moderately priced solution, where it is neither cheap nor costly."
"The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time."
"The cost of the other solutions is comparable to Wiz."
"If one is cheap and ten is expensive, I rate the tool's price as a five out of ten."
"The pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
9%
Government
5%
Computer Software Company
15%
Financial Services Firm
14%
Manufacturing Company
11%
Government
8%
Financial Services Firm
15%
Computer Software Company
15%
Manufacturing Company
10%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
It is cost-effective compared to other solutions in the market.
What needs improvement with PingSafe?
The documentation could be better. Besides improving the documentation, obtaining a professional or partner specializ...
What needs improvement with Trivy?
One drawback I have observed with Trivy is the difficulty in building or integrating a UI, particularly for an operat...
What is your primary use case for Trivy?
The main use case for Trivy is to scan Docker images or packages for CVEs, specifically for vulnerabilities. I use th...
What advice do you have for others considering Trivy?
I rate Trivy an eight out of ten. This rating reflects its open-source nature, comprehensive scanning capabilities, a...
What do you like most about Wiz?
With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment.
What is your experience regarding pricing and costs for Wiz?
This feedback is not based on much experience yet, as we have only conducted POV or POC.
What needs improvement with Wiz?
I have not measured certain abilities on a scale yet. The ultimate value depends on the requirements of your organiza...
 

Also Known As

PingSafe
No data available
No data available
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Wiz is the fastest growing software company ever - $100M ARR in 18 months: Wiz becomes the fastest-growing software company ever | Wiz Blog  Discover why companies, including Salesforce, Morgan Stanley, Fox, and Bridgewater choose Wiz as their cloud security partner. Read their success stories here: Customers | Wiz
Find out what your peers are saying about Trivy vs. Wiz and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.