We performed a comparison between JFrog Xray and Wiz based on real PeerSpot user reviews.
Find out in this report how the two Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The mean time to detect has been reduced."
"With PingSafe, it's easy to onboard new accounts."
"Cloud Native Security is a tool that has good monitoring features."
"Cloud Native Security offers a valuable tool called an offensive search engine."
"PingSafe offers an intuitive user interface that lets us navigate quickly and easily."
"Our previous product took a lot of man hours to manage. Once we got Singularity Cloud Workload Security, it freed up our time to work on other tasks."
"We liked the search bar in PingSafe. It is a global search. We were able to get some insights from there."
"PingSafe can integrate all your cloud accounts and resources you create in the AWS account, We have set it up to scan the AWS transfer services, EC2, security groups, and GitHub."
"The solution is stable and reliable."
"Good reporting functionalities."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."
"The security baseline and vulnerability assessments is the valuable feature."
"The first thing that stood out was the ease of installation and the quick value we got out of the solution."
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address."
"They need more experienced support personnel."
"The could improve their mean time to detect."
"After closing an alert in Cloud Native Security, it still shows as unresolved."
"I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes."
"I would like PingSafe's detections to be openly available online instead of only accessible through their portal. Other tools have detections that are openly available without going through the tool."
"The categorization of the results from the vulnerability assessment could be improved."
"If I had to pick a complaint, it would be the way the hosts are listed in the tool. You have different columns separated by endpoint name, Cloud Account, and Cloud Instances ID. I wish there was something where we could change the endpoint name and not use just the IP address. We would like to have custom names or our own names for the instances. If I had a complaint, that would be it, but so far, it meets all the needs that we have."
"There should be more documentation about the product."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"JFrog Xray's documentation and error logging could be improved."
"JFrog Xray does not have a dashboard."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"Lacks deeper reporting, the ability to compare things."
"We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade... We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately."
"The solution's container security could be improved."
"We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."
"Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform."
"The only thing that needs to be improved is the number of scans per day."
"The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that."
"One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging."
"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
JFrog Xray is ranked 17th in Vulnerability Management with 7 reviews while Wiz is ranked 4th in Vulnerability Management with 11 reviews. JFrog Xray is rated 8.2, while Wiz is rated 9.2. The top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". On the other hand, the top reviewer of Wiz writes "Multiple features help us prioritize remediation, and agentless implementation reduces overhead". JFrog Xray is most compared with Black Duck, Snyk, Mend.io, Veracode and FOSSA, whereas Wiz is most compared with Prisma Cloud by Palo Alto Networks, Orca Security, Microsoft Defender for Cloud, AWS Security Hub and Lacework. See our JFrog Xray vs. Wiz report.
See our list of best Vulnerability Management vendors and best Container Security vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.