No more typing reviews! Try our Samantha, our new voice AI agent.

Calico Cloud vs Invicti comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Calico Cloud
Ranking in Container Security
36th
Average Rating
7.8
Reviews Sentiment
7.6
Number of Reviews
4
Ranking in other categories
Cloud-Native Application Protection Platforms (CNAPP) (21st), AI Observability (30th)
Invicti
Ranking in Container Security
26th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Static Application Security Testing (SAST) (12th), Software Composition Analysis (SCA) (10th), API Security (10th), Dynamic Application Security Testing (DAST) (4th), Application Security Posture Management (ASPM) (8th)
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of Calico Cloud is 0.4%, up from 0.1% compared to the previous year. The mindshare of Invicti is 1.0%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.5%
Invicti1.0%
Calico Cloud0.4%
Other97.1%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Olakunle Obasoro - PeerSpot reviewer
DevOps Engineer at Exponential Craft
Security posture has become visible and container risks are managed proactively
Regarding improvements for Calico Cloud, there is a need to build agentic security systems. I believe Calico Cloud is progressing towards this, and I believe they can enhance their teaching methods to facilitate adoption. Documentation needs continuous improvement. It is good and easy to read, but it can get better. Having a searchable summary feature, such as a chatbot, could help users quickly resolve issues without having to read extensive documentation. At the moment, I do not believe there are more improvements needed, but as mentioned earlier, there should be a focus on better documentation, possibly by embedding chatbot features that could respond to user prompts effectively.
Valavan Sivgalingam - PeerSpot reviewer
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I would definitely recommend Qualys TotalCloud to other users."
"I like the web API security and IoT scanning features the most. The user-friendly design of TotalCloud's interface enables customers to navigate it and use its full potential easily"
"The best feature would be the ability to create policies. It is easy to control and update policies as required."
"The dashboards are particularly valuable as they offer a comprehensive view of the environment, highlighting any misconfigurations."
"Generally, Qualys is very good at detections, whether on cloud or on-prem, and the agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us."
"The best part I like is the on-demand scans."
"With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API."
"CSPM is currently the most used feature, and we are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs."
"Calico Cloud has had a positive impact on our organization by improving both our Kubernetes security posture and operational efficiency."
"Calico Cloud has positively impacted my organization, especially on the security front, as it helped us anticipate security threats."
"Calico Cloud has positively impacted my organization by improving the security of deployed applications while having greater control and visibility over communication between the different microservices."
"The impact of Calico Cloud is that we were able to achieve a more secure understanding of our security posture, access our containers knowing full well that all policies set were followed through, and see visually how everything was interconnected, which has impacted our business positively."
"The platform is stable."
"The solution generates reports automatically and quickly and it's a very user-friendly product."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"I would tell potential users that it's really one of the best products in the market for web application security or Dynamic Application Security Testing (DAST)."
"Scan, proxify the application, and then detailed report along with evidence and remediations to problems."
"Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment."
"I would definitely recommend to those who really want to know in-depth details of their applications/products regarding the security of their web system."
"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
 

Cons

"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."
"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."
"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."
"Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures."
"In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."
"Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released."
"Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems."
"Calico Cloud is a very good product with well-defined usage. I would appreciate seeing more improvement on real-time analysis capabilities."
"The integration process of Calico Cloud with existing systems has its challenges."
"I think Calico Cloud could be improved by being a bit cheaper."
"They may not have all the features that their competitor Cilium has, and they are doing a portion of what Cilium does and a portion of what Istio does."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"They need to improve their support in the documentation. Their support mechanism is missing. Their responsiveness, technical staff, and these types of things need to be improved, and comprehensive documentation is required. They should have good self-service portal enhancement"
"Netsparker doesn't provide the source code of the static application security testing."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"Speed: It spends about one hour on scanning; I would like it to be less than 30 minutes."
"Invicti's reporting capabilities need enhancement."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
 

Pricing and Cost Advice

"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"TotalCloud's price is about right where I would expect it to be."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
Information not available
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"We never had any issues with the licensing; the price was within our assigned limits."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"OWASP Zap is free and it has live updates, so that's a big plus."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"The price should be 20% lower"
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
No data available
Financial Services Firm
16%
Manufacturing Company
9%
Construction Company
7%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for Calico Cloud?
My experience with pricing, setup cost, and licensing for Calico Cloud was determined by management who evaluated the...
What needs improvement with Calico Cloud?
Regarding improvements for Calico Cloud, there is a need to build agentic security systems. I believe Calico Cloud is...
What is your primary use case for Calico Cloud?
I have been using Calico Cloud between 2022 to 2024. I worked on a project focused on security and vulnerability scan...
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150...
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-t...
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with r...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
Netsparker
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Samsung, The Walt Disney Company, T-Systems, ING Bank
Find out what your peers are saying about Calico Cloud vs. Invicti and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.