JFrog Xray Reviews

Name: JFrog Xray
Brand: JFrog
Rating: 3.9 (10 reviews)

Vendor: JFrog

3.9 out of 5

10 reviews
90% willing to recommend

What is JFrog Xray?

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

Get the JFrog Xray Buyer's Guide and find out what your peers are saying about JFrog Xray, Wiz, Microsoft Defender for Cloud and more!

JFrog Xray is the #2 ranked solution in top Software Supply Chain Security solutions, #6 ranked solution in top Software Composition Analysis (SCA) solutions, #18 ranked solution in Container Security Solutions, and #32 ranked solution in top Vulnerability Management solutions. PeerSpot users give JFrog Xray an average rating of 7.8 out of 10. JFrog Xray is most commonly compared to Wiz: JFrog Xray vs Wiz. JFrog Xray is popular among the large enterprise segment, accounting for 76% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 25% of all views.

Helped 867,370 peers since 2012

Featured JFrog Xray reviews

Anand Nanwana

DevOps Engineer at Syvora

For JFrog Xray, the Artifactory and package repositories are valuable features. There are many benefits from JFrog Xray. For example, with other registries such as ECR, we can use the images only in the AWS cloud. With JFrog, we can use this registry from any cloud or work locally as well. JFrog can support multiple packages, such as NuGet package, pip, and other technologies. It can be used for Terraform as well. The credential management is very easy in JFrog. For instance, when using GitHub action as a CI/CD tool, I just need to create a token and set up JFrog CLI there and give access to the repository. With multiple repositories, I can generate a token for a specific repository, add that token in the GitHub secret, fetch from the CI/CD, run the command JFrog CLI, and authenticate through the token. Then we can push the images into JFrog.

Read full review

Mokshi Pandita

DevOps Engineer at Rambøll Danmark A/S

We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.

Read full review

Sai Pradeep Koneti

DevOps Engineer Intern at University of Nebraska at Omaha

When we were trying to get it up and working initially, I found it a bit hard to go through JFrog Xray's documentation and get my error solved. I was facing some issues because we hadn't got a specific license for the tool, but I was able to access it. As a regular user, I regularly saw an error message saying that the license feature was unavailable for my subscription. After a couple of days, I realized I was missing a license. I had to go back to the JFrog Xray team, who provided me with the new license, and then I could complete the setup.

Read full review

JFrog Xray mindshare

Product category:

As of September 2025, the mindshare of JFrog Xray in the Vulnerability Management category stands at 1.5%, up from 0.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Vulnerability Management Market Share Distribution
Product	Market Share (%)
JFrog Xray	1.5%
Wiz	10.8%
Tenable Nessus	8.0%
Other	79.7%

Vulnerability Management

PeerResearch reports based on JFrog Xray reviews

Type	Title	Date
Category	Vulnerability Management	Sep 15, 2025	Download
Product	Reviews, tips, and advice from real users	Sep 15, 2025	Download
Comparison	JFrog Xray vs Tenable Nessus	Sep 15, 2025	Download
Comparison	JFrog Xray vs Qualys VMDR	Sep 15, 2025	Download
Comparison	JFrog Xray vs Wiz	Sep 15, 2025	Download

Title	Rating	Mindshare	Recommending
Wiz	4.5	10.8%	95%	23 interviews Add to research
Microsoft Defender for Cloud	4.0	5.3%	94%	79 interviews Add to research

Valuable Features

JFrog Xray excels with reporting functionalities, policy management, and vulnerability blocking. Its integration with Artifactory simplifies onboarding. Users appreciate the scanning capabilities, displaying internal dependencies, and prioritization of vulnerabilities. The ability to manage credentials across multiple clouds and support for various technologies is highly valued. Its license compliance features and tight integration with Artifactory enhance its usefulness, proving reliable, scalable, and easy to set up.

"With JFrog, we can use this registry from any cloud or work locally as well, and it can support multiple packages such as NuGet, pip, and other technologies including Terraform, making credential management very easy."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."

Room for Improvement

JFrog Xray needs improvements in reporting features and user interface, which are considered basic. The documentation is limited, causing challenges. API limitations and slow site performance affect automation negatively. Users desire a robust dashboard, better vulnerability management, and support for more databases besides PostgreSQL. Existing project limitations are problematic. There's a call for enhanced error logging and improved troubleshooting sessions. Issues with long tags and the absence of a shift-left approach in integration are highlighted.

"The UI of JFrog Xray could be improved. There is a dialogue box in the Xray section that doesn't always work properly."
"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."
"X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL."

ROI

Users report significant time savings and enhanced security posture due to JFrog Xray's automated scanning and efficient vulnerability detection, which has bolstered their software development pipeline. It has improved team's confidence in deploying secure applications and has expedited release cycles. By integrating seamlessly with existing tools, JFrog Xray has streamlined processes for identifying and addressing risks, providing a noticeable improvement in their software management workflows.

Pricing

Users say the price of JFrog Security Essentials is fair and comparable to similar products. JFrog is one of the lower-cost options.

Popular Use Cases

JFrog Xray is predominantly utilized for vulnerability scanning in open-source components and container images. Users also employ it for artifact storage, license checks, and automating vulnerability analysis in dependency files. It helps configure repository access, manage image architectures, and produce security reports. Xray assists in distinguishing image architectures, aiding efficient deployment, especially in environments like Kubernetes. By integrating with tools, it enhances security activities such as machine learning model curation in finance.

Service and Support

JFrog Xray's technical support is described as helpful and responsive, with fast engagement reported by some users. While some users have not utilized technical support or interacted directly with the support team, account managers are contacted for clarifications and demos. JFrog Xray support receives positive remarks, rated a seven by one user. Some rely on their administrative team for handling customer service interactions.

Deployment

Many found JFrog Xray's initial setup straightforward with clear API docs and good documentation. Some encountered difficulties with licensing and documentation clarity. Teams appreciated external consultants when solving issues and noted that setup was simpler with pre-existing Artifactory. Licensing delays were mentioned, but minimal maintenance needed. Setup experiences varied, influenced by professional expertise and existing infrastructure.

Scalability

JFrog Xray is considered scalable by users, with positive feedback on automated configuration for policies and data. Performance scalability has mixed opinions. Organizations with user counts ranging from less than 100 to approximately 900 have rated scalability between seven to eight out of ten. While plans for expansion exist, some limitations are mentioned, particularly related to PostgreSQL support. Despite this, JFrog Xray meets current needs without drawbacks reported.

Stability

JFrog Xray is often described as reliable and stable. Users typically give it ratings ranging from seven to ten out of ten, praising its performance without bugs or glitches. However, some express concerns about the PostgreSQL component's stability and are considering enterprise support. In comparison with similar options, it ranks well. Regarding security, it is highly regarded, with no issues reported.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our JFrog Xray Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	1
Midsize Enterprise	2
Large Enterprise	4

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	214
Midsize Enterprise	160
Large Enterprise	1177

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

25%

Manufacturing Company

12%

Computer Software Company

11%

Government

Healthcare Company

University

Insurance Company

Retailer

Energy/Utilities Company

Aerospace/Defense Firm

Comms Service Provider

Educational Organization

Real Estate/Law Firm

Consumer Goods Company

Media Company

Outsourcing Company

Transportation Company

Wholesaler/Distributor

Pharma/Biotech Company

Performing Arts

Logistics Company

Non Profit

Construction Company

Recreational Facilities/Services Company

Hospitality Company

Legal Firm

Compare JFrog Xray with alternative products

Learn more about JFrog Xray

If you are a team player and you care and you play to WIN, we have just the job you're looking for.

As we say at JFrog: "Once You Leap Forward You Won't Go Back!"

JFrog Xray was previously known as JFrog Security Essentials.

JFrog Xray customers

google, amazon, cisco, netflix, oracle, vmware, facebook

Related questions

How inadvisable is it to use a single vulnerability analysis tool?

What are the benefits of continuous scanning for vulnerability management?

When evaluating Vulnerability Management, what aspect do you think is the most important to look for?

What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?

What are the main KPIs that need to be implemented to have better posture in vulnerability projects?

Which is the best vulnerability scanner tool?

What are your recommended automated penetration testing tools?

How do you use the MITRE ATT&CK framework for improving enterprise security?

Can you recommend API for Tenable Connector into ServiceNow

What penetration testing tool (or tools) do you recommend for SMB/SME?

JFrog Xray Reviews Summary
Author info	Rating	Review Summary
DevOps Engineer at Syvora	3.5	I use JFrog Xray to manage and secure packages and images across repositories. It's scalable, supports various technologies, and integrates well with CI/CD. While the UI needs improvement, overall, it reliably meets my deployment and security needs.
Development Senior at a financial services firm with 5,001-10,000 employees	3.5	We use JFrog Xray for security and vulnerability scanning, valuing its integration with Artifactory and curation capabilities. Improvement is needed in database support and troubleshooting. We're evaluating its potential to replace Black Duck for operational efficiency.
Deployment Coordinator at a government with 10,001+ employees	4.0	We use JFrog Xray to identify vulnerabilities in dependency files through its integration with Artifactory. It provides essential security by scanning artifacts for vulnerabilities. However, the tool needs improved reporting capabilities for more specific data points in reports.
DevSecOps Engineer at a tech services company with 501-1,000 employees	3.0	I've used JFrog Xray for three years and appreciate its deep scanning and policy-based security, but the UI, documentation, and CI/CD integration need improvement. It's effective overall, though setup was challenging, and support has been solid.
DevOps Engineer at Rambøll Danmark A/S	4.0	We primarily use JFrog Xray for container scanning, appreciating its integration with Artifactory for easy project onboarding. While Xray efficiently prioritizes vulnerabilities, it lacks a dashboard and a shift-left approach, and we face a project limitation despite being premium customers.
DevOps Engineer Intern at University of Nebraska at Omaha	4.0	I use JFrog Xray to run daily and monthly vulnerability reports for Artifactory. Its scanning capabilities are comprehensive, even detecting vulnerabilities in docker files, although its documentation and error logging need improvement. We switched from SonarQube and Checkmarx to JFrog's add-on.
Senior Manager at a comms service provider with 5,001-10,000 employees	4.0	We primarily use JFrog Xray for vulnerability scanning of open-source components, finding it reliable and easy to set up with clear reporting. Despite some API limitations, we switched from Sonatype for better synergy with existing JFrog solutions.
SR IT administrator at Cardinal Integrated Technologies Inc	4.5	I use JFrog Xray to identify vulnerabilities, finding its internal dependencies hierarchy display very valuable. However, I feel its speed lags behind competitors like Nexus, and improvements in vulnerability management and user interface are needed.

JFrog Xray Reviews

What is JFrog Xray?

Featured JFrog Xray reviews

JFrog Xray mindshare

PeerResearch reports based on JFrog Xray reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare JFrog Xray with alternative products

Learn more about JFrog Xray

JFrog Xray customers

Related questions

Product Categories

Popular Comparisons