No more typing reviews! Try our Samantha, our new voice AI agent.

Chainguard Containers vs Check Point CloudGuard CNAPP comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Chainguard Containers
Ranking in Container Security
21st
Average Rating
8.4
Reviews Sentiment
3.7
Number of Reviews
5
Ranking in other categories
Container Image Security (1st)
Check Point CloudGuard CNAPP
Ranking in Container Security
13th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
70
Ranking in other categories
Vulnerability Management (14th), Cloud and Data Center Security (8th), Cloud Workload Protection Platforms (CWPP) (8th), Cloud Security Posture Management (CSPM) (7th), Cloud-Native Application Protection Platforms (CNAPP) (7th), Data Security Posture Management (DSPM) (8th), Compliance Management (6th)
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of Chainguard Containers is 1.1%, up from 0.6% compared to the previous year. The mindshare of Check Point CloudGuard CNAPP is 2.7%, up from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.5%
Check Point CloudGuard CNAPP2.7%
Chainguard Containers1.1%
Other94.7%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
ParthasarathyT - PeerSpot reviewer
Senior Associate Infrastructure at Publicis Sapient
Secures container builds, has simplified compliance audits and reduced vulnerabilities dramatically
The benefit of Chainguard Containers is that it makes development simpler. It makes the development team confident there will not be any bugs or vulnerabilities in the image they are using. It is mainly needed for vulnerabilities, SLAs, security audits, and SOC 2, ISO, and PCI compliance. The image includes SBOM, signature, and provenance metadata, which makes audits much easier. The best features Chainguard Containers offers include a reduced image size. It removes the shell and the package manager, resulting in a significantly smaller image size compared with a normal image. We can deploy production workloads directly without worrying about security concerns. If we want a strong supply chain for security, we will be using it. Many users are already tired of scanning alerts, so this will be a great thing. Removing the shell and package manager has positively impacted my team's workflow and deployment speed by making it quite user-friendly, where the developer can touch it without any hesitation. Chainguard Containers are built and pushed from non-patched binaries, with the packages compiled directly from the source. No dependencies or pre-built distro packages like Debian or Alpine are required, so there are no hidden vulnerabilities. The developer gains full control over what goes inside, and the image size is smaller with fewer vulnerabilities, in fact, zero. It has built-in processes like SBOM, which is Software Bill of Material generated. The image is cryptographically signed, and provenance is tracked, leading to faster patching, minimal footprint, and best supply chain control. Chainguard Containers has positively impacted my organization by reducing constant CVE fixing, resolving security versus DevOps conflicts, and minimizing compliance headaches. After implementing secured-by-default containers, there is less effort on fixing vulnerabilities, faster delivery, and better compliance. The impact on security teams includes a lower risk of attack, less panic during audits, and significantly fewer security noises. A specific outcome we have noted since implementing Chainguard Containers is that for a client who uses more than 200 containers, they previously received vulnerability warnings for every deployment. Once we implemented Chainguard Containers, the vulnerability ratio drastically decreased, from 100 to 30. Nearly 70% of the vulnerability checks have passed. Chainguard Containers are CVE-resistant, which is significant as CVEs represent Common Vulnerabilities and Exposures.
reviewer2751468 - PeerSpot reviewer
Assistant Manager at a computer software company with 201-500 employees
Boosts security and compliance in multi-cloud environments while real-time threat detection enhances risk management
Check Point CloudGuard CNAPP flagged a misconfiguration in our AWS S3 bucket that had overly permissive access settings. That configuration could have exposed our sensitive data to the public internet. The platform not only identified the issue but also provided remediation that our team was able to apply immediately. This prevented a potential data exposure. Check Point CloudGuard CNAPP offers a unified, modular platform that combines CSPM, CWPP, CIEM, code security, and cloud detection and response. The agentless workload posture, real-time threat detection and response, multi-cloud coverage and visibility, compliance automation, and one-click remediations stand out as its best features. I find myself relying on the risk management engine and prioritization the most day-to-day. In any cloud environment, you are flooded with findings, misconfigurations, vulnerabilities, and compliance gaps. Without prioritization, it is overwhelming for our team to take care of the posture. CloudGuard's risk scoring helps us cut through incidents. This makes remediation faster and focused instead of wasting time checking every alert. We get to fix the issues that pose real business risks. Check Point CloudGuard CNAPP has positively impacted our organization at a significant level. We get greater visibility and control across all our cloud environments. Some biggest benefits we have seen are faster detection and remediation of misconfigurations, improved compliance posture, reduced risk exposure, operational efficiency, and cost savings. Overall, it has made our cloud environment more secure, compliant, and easier to manage while freeing up our teams to focus on projects instead of chasing alerts.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable."
"TotalCloud offers a comprehensive suite of features, including EDR, XDR, and TrueRisk, providing a centralized platform for managing vulnerabilities and security risks."
"Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture."
"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
"The most valuable feature of Qualys TotalCloud is the visibility it provides."
"Qualys TotalCloud provides unified vulnerability and threat assessment for IaaS and SaaS and a single prioritized view of risk, which helps reduce my workload by not having to combine multiple sources."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers."
"The best feature of Chainguard Containers is being distroless, and the main thing I liked about it is that they follow the SBOM process and the continuous rebuilds they were doing, and they were helping me to rapidly remediate the failures which were happening."
"Chainguard Containers has positively impacted my organization even during the proof of concept phase by improving our security posture."
"Specific outcomes and metrics show that before this, every month there would be 15 to 20 vulnerabilities, but after switching to Chainguard Containers, there are now only one or maybe two vulnerabilities."
"Chainguard Containers reduced our container CVEs by approximately 70% to 80%, reduced the time spent reviewing security scan findings by 40% to 50%, and has accelerated our vulnerability remediation cycles because the volume of vulnerabilities is significantly lower."
"Chainguard Containers has positively impacted my organization by reducing constant CVE fixing, resolving security versus DevOps conflicts, and minimizing compliance headaches."
"Chainguard Containers reduced our container CVEs by approximately 70% to 80%, reduced the time spent reviewing security scan findings by 40% to 50%, and has accelerated our vulnerability remediation cycles because the volume of vulnerabilities is significantly lower."
"I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end."
"The Compliance Engine is powerful."
"The most valuable feature is posture management, which gives you complete visibility of all your assets in the cloud and allows you to do governance and compliance."
"On Dome9, you can have reports on compliance, users created, and EAM access to the cloud infrastructure. For example, if some machine is exposed to the Internet, importing and exporting to the Internet when it shouldn't, we get immediate alerts if someone does this type of configuration by mistake. Dome9 is very important because AWS doesn't protect us for this. It is the client's responsibility to make sure that we don't export things to the Internet. This solution helps us ensure that we comply with our security measures."
"The identification of misconfigurations, maintenance of compliance in a centralized way, and visibility across all the multi-cloud tenants are the key functionalities."
"Cloud security posture management is the feature we've been using the longest."
"It has an analytics service that does research for us."
"The ability to drill down to individual hosts on an account and see which ones are affected is valuable."
 

Cons

"A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux."
"We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments."
"In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."
"Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."
"I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."
"In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory."
"Sometimes there are backend errors which we come across again and again, and there is a resolution, but there are pending tickets for it. That sucks sometimes."
"The accuracy and reliability of the output from Chainguard Containers are below average, but I still give it an average rating of 6.5 to 7 because of its capabilities and its functionality for a developer-friendly approach."
"The only limitation or challenge that stood out during my evaluation of Chainguard Containers was the fact that it is primarily based on Alpine, which can be tricky to use in native Kubernetes environments, as we use Tecton primarily, which is a CI/CD pipeline that runs on native Kubernetes."
"The biggest challenge in Chainguard Containers is that they provide minimal images, which can make troubleshooting difficult because common debugging tools are also not included."
"The reporting has a lot of opportunities to continuously improve so that we can continue to show value."
"I would like to see some AI on the back-end, just to assist with doing analysis and making recommendations."
"One area that Check Point CloudGuard CNAPP could use improvement is the navigation when switching between modules."
"The impact analysis that they perform can be improved. It is currently lacking. It should be more detailed."
"I'd like to see improvements with the configuration."
"The rules are not well-tuned, and many of them generate false positives or nonsensical results."
"There are opportunities for improvement that can be addressed through a roadmap."
"In Dome9, there should be a policy validation option where we can validate the policy before we push it into production."
 

Pricing and Cost Advice

"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"TotalCloud's price is about right where I would expect it to be."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
Information not available
"The license fee is high."
"The licensing part still needs some work. The issue that I have is that we do not use all the services in the cloud, but sometimes, CloudGuard identifies them as an asset."
"I suggest that you pay attention to the product pricing because while there are no tricks, and the licensing model is transparent, the final numbers may surprise you."
"CloudGuard is fairly priced."
"From a pricing perspective, they are pretty expensive."
"It is difficult to contextualize the pricing because we are used to Indian pricing and licensing."
"The pricing is tremendous and super cheap. It is shockingly cheap for what you get out of it. I am happy with that. I hope that doesn't get reported back and they increase the prices. I love the pricing and the licensing makes sense. It is just assets: The more stuff that you have, the more you pay."
"The license for CloudGuard Posture Management is about $80 a year, and it's based on your cloud footprint, not the number of users. So you could have a million users, and it doesn't matter."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Manufacturing Company
16%
Financial Services Firm
8%
Computer Software Company
7%
Healthcare Company
7%
Construction Company
11%
Financial Services Firm
10%
Manufacturing Company
8%
Outsourcing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business58
Midsize Enterprise13
Large Enterprise58
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for Chainguard Containers?
My experience with pricing, setup cost, and licensing is that while I work on implementation and do not manage billin...
What needs improvement with Chainguard Containers?
The only limitation or challenge that stood out during my evaluation of Chainguard Containers was the fact that it is...
What is your primary use case for Chainguard Containers?
Chainguard Containers was a tool brought into my enterprise as a proof of concept that we evaluated, but we have not ...
What is your experience regarding pricing and costs for CloudGuard Workload Protection?
My experience with pricing, setup cost, and licensing has been reasonable for the value it delivers. The initial setu...
What needs improvement with CloudGuard for Cloud Intelligence?
One area that Check Point CloudGuard CNAPP could use improvement is the navigation when switching between modules. A ...
What is your primary use case for CloudGuard for Cloud Intelligence?
My main use case for Check Point CloudGuard CNAPP is strengthening cloud security posture, monitoring configurations,...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
Check Point CloudGuard Posture Management, Dome9, Check Point CloudGuard Workload Protection, Check Point CloudGuard Intelligence
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Symantec, Citrix, Car and Driver, Virgin, Cloud Technology Partners
Find out what your peers are saying about Chainguard Containers vs. Check Point CloudGuard CNAPP and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.