No more typing reviews! Try our Samantha, our new voice AI agent.

Chainguard Containers vs Prisma Cloud by Palo Alto Networks comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Chainguard Containers
Ranking in Container Security
21st
Average Rating
8.2
Reviews Sentiment
3.7
Number of Reviews
4
Ranking in other categories
Container Image Security (1st)
Prisma Cloud by Palo Alto N...
Ranking in Container Security
2nd
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
114
Ranking in other categories
Web Application Firewall (WAF) (8th), Cloud Security Posture Management (CSPM) (2nd), Cloud-Native Application Protection Platforms (CNAPP) (2nd), Data Security Posture Management (DSPM) (2nd)
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of Chainguard Containers is 1.1%, up from 0.6% compared to the previous year. The mindshare of Prisma Cloud by Palo Alto Networks is 7.8%, down from 11.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Prisma Cloud by Palo Alto Networks7.8%
Qualys TotalCloud1.5%
Chainguard Containers1.1%
Other89.6%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
ParthasarathyT - PeerSpot reviewer
Senior Associate Infrastructure at Publicis Sapient
Secures container builds, has simplified compliance audits and reduced vulnerabilities dramatically
The benefit of Chainguard Containers is that it makes development simpler. It makes the development team confident there will not be any bugs or vulnerabilities in the image they are using. It is mainly needed for vulnerabilities, SLAs, security audits, and SOC 2, ISO, and PCI compliance. The image includes SBOM, signature, and provenance metadata, which makes audits much easier. The best features Chainguard Containers offers include a reduced image size. It removes the shell and the package manager, resulting in a significantly smaller image size compared with a normal image. We can deploy production workloads directly without worrying about security concerns. If we want a strong supply chain for security, we will be using it. Many users are already tired of scanning alerts, so this will be a great thing. Removing the shell and package manager has positively impacted my team's workflow and deployment speed by making it quite user-friendly, where the developer can touch it without any hesitation. Chainguard Containers are built and pushed from non-patched binaries, with the packages compiled directly from the source. No dependencies or pre-built distro packages like Debian or Alpine are required, so there are no hidden vulnerabilities. The developer gains full control over what goes inside, and the image size is smaller with fewer vulnerabilities, in fact, zero. It has built-in processes like SBOM, which is Software Bill of Material generated. The image is cryptographically signed, and provenance is tracked, leading to faster patching, minimal footprint, and best supply chain control. Chainguard Containers has positively impacted my organization by reducing constant CVE fixing, resolving security versus DevOps conflicts, and minimizing compliance headaches. After implementing secured-by-default containers, there is less effort on fixing vulnerabilities, faster delivery, and better compliance. The impact on security teams includes a lower risk of attack, less panic during audits, and significantly fewer security noises. A specific outcome we have noted since implementing Chainguard Containers is that for a client who uses more than 200 containers, they previously received vulnerability warnings for every deployment. Once we implemented Chainguard Containers, the vulnerability ratio drastically decreased, from 100 to 30. Nearly 70% of the vulnerability checks have passed. Chainguard Containers are CVE-resistant, which is significant as CVEs represent Common Vulnerabilities and Exposures.
reviewer2776578 - PeerSpot reviewer
Cyber Security Architect at a comms service provider with 10,001+ employees
Image scanning has supported consistent security practices during cloud deployment
On a scale of ten, we would say people are happy with Prisma Cloud by Palo Alto Networks for the part we use. People are okay with it. We probably would give an eight. We don't give ten because if we don't use the other parts of Prisma Cloud by Palo Alto Networks, it's because it was difficult to implement from an operational point of view. We could have deployed the runtime monitoring with Prisma Cloud by Palo Alto Networks, but within our organization at our company, it was very difficult to find who would be the owner for the alerts. People have other tools and in the end, we don't use the full capabilities of a product that we pay for. It's partially related to the difficulty to integrate Prisma Cloud by Palo Alto Networks runtime in our company's support process. We don't use the real-time monitoring part of Prisma Cloud by Palo Alto Networks. We don't know about the automated remediation feature of Prisma Cloud by Palo Alto Networks.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"TruRisk Insights is the most important innovation they've released this year."
"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
"If I had to say something positive about the product that brings me the biggest benefit, I would say it has accurate reports, gets new update CVEs, zero-day attack detection, and is easy to manage with its GUI."
"I would rate Qualys TotalCloud ten out of ten."
"The platform's unified view of the organization proves particularly valuable for leadership team meetings."
"In my opinion, this is the best tool."
"I found the initial setup user-friendly."
"I would definitely recommend Qualys TotalCloud to other users."
"Chainguard Containers has positively impacted my organization by reducing constant CVE fixing, resolving security versus DevOps conflicts, and minimizing compliance headaches."
"Chainguard Containers has positively impacted my organization even during the proof of concept phase by improving our security posture."
"Specific outcomes and metrics show that before this, every month there would be 15 to 20 vulnerabilities, but after switching to Chainguard Containers, there are now only one or maybe two vulnerabilities."
"The best feature of Chainguard Containers is being distroless, and the main thing I liked about it is that they follow the SBOM process and the continuous rebuilds they were doing, and they were helping me to rapidly remediate the failures which were happening."
"You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums."
"The initial setup is seamless."
"Comprehensive and valuable for providing security. It is scalable, its stability is impressive, and setting it up is straightforward."
"Prisma Cloud's most important feature is its auto-remediation."
"Prisma Cloud by Palo Alto Networks offers very good deep security assessment, and it uses a very good internal engine, which is the core Palo Alto processing and engines."
"Aporeto has accelerated our client's expansion to the cloud, securing their Linux workloads on any infrastructure with end-to-end encryption and providing a path for modernizing with a security layer that is future-proofed."
"Prisma has massively reduced our alert investigation times; it is 50 times quicker, turning an issue investigation from two hours into two minutes compared to a cloud-native solution."
"Syslog CLIs are the best feature."
 

Cons

"Their customer support needs improvement."
"The cost of Qualys TotalCloud is high and could be more competitive."
"The support is not up to the mark and seems to be overburdened."
"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."
"With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks."
"We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage."
"Their support could be improved."
"The support process is inefficient due to the excessive number of replies required when submitting tickets."
"The accuracy and reliability of the output from Chainguard Containers are below average, but I still give it an average rating of 6.5 to 7 because of its capabilities and its functionality for a developer-friendly approach."
"The biggest challenge in Chainguard Containers is that they provide minimal images, which can make troubleshooting difficult because common debugging tools are also not included."
"The only limitation or challenge that stood out during my evaluation of Chainguard Containers was the fact that it is primarily based on Alpine, which can be tricky to use in native Kubernetes environments, as we use Tecton primarily, which is a CI/CD pipeline that runs on native Kubernetes."
"Sometimes there are backend errors which we come across again and again, and there is a resolution, but there are pending tickets for it. That sucks sometimes."
"I have some challenges customizing and personalizing some of the capabilities in the CSPM in terms of new policies and services. We have to reconfigure and rebuild the CSPM."
"Prisma Cloud lags behind in terms of security automation capabilities."
"The Palo Alto support needs to improve."
"Sometimes, on the Azure side, there are issues. Some errors aren't being found on Prisma Cloud."
"Prisma is the result of multiple Palo Alto acquisitions, like CWPP, Twistlock, and Aporeto. Though they are part of a single pane of glass, there is no correlation between the solutions."
"Based on my experience, the customization—especially the interface and some of the product identification components—is not as customizable as it could be. But it makes up for that with the fact that we can access the API and then build our own systems to read the data and then process and parse it and hand it to our teams."
"The training documentation provided for the two-hour boot camps is notoriously poor and disorganized."
"The UX part of Prisma's user interface could be simplified and the metrics tool should be highlighted more."
 

Pricing and Cost Advice

"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud is expensive."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
Information not available
"Prisma Cloud Enterprise is a costly solution. You need a license for all the components. At the same time, you have everything under one roof, so I think it's still justified."
"It is fairly priced. However, its price can be better so that small banks or small organizations can afford it and adopt it to secure their environment and data."
"The pricing for Prisma Cloud is high. Providing a pay-as-you-go model or pricing options tailored for medium and small enterprises could help attract more clients."
"It is an expensive tool. It is not cheap technology. It is a serious investment for any customer. Customers typically buy it together with services. In my experience, customers buying Prisma Cloud are prepared to pay for the implementation and the tool itself."
"The licensing cost is a bit high on the compute side."
"One thing we're very pleased about is how the licensing model for Prisma is based on work resources. You buy a certain amount of work resources and then, as they enable new capabilities within Prisma, it just takes those work resource units and applies them to new features. This enables us to test and use the new features without having to go back and ask for and procure a whole new product, which could require going through weeks, and maybe months, of a procurement process."
"Almost all the CSPM tools are pretty expensive."
"Our licensing fees are $18,000 USD per year."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
904,836 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
15%
Financial Services Firm
13%
Outsourcing Company
10%
Comms Service Provider
7%
Manufacturing Company
16%
Outsourcing Company
8%
Financial Services Firm
8%
Healthcare Company
7%
Financial Services Firm
13%
Computer Software Company
9%
Manufacturing Company
8%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business37
Midsize Enterprise21
Large Enterprise58
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for Chainguard Containers?
My experience with pricing, setup cost, and licensing is that while I work on implementation and do not manage billin...
What needs improvement with Chainguard Containers?
The only limitation or challenge that stood out during my evaluation of Chainguard Containers was the fact that it is...
What is your primary use case for Chainguard Containers?
Chainguard Containers was a tool brought into my enterprise as a proof of concept that we evaluated, but we have not ...
What is your primary use case for Prisma Cloud by Palo Alto Networks?
Prisma Cloud helps support DevSecOps methodologies, making those responsibilities easier to manage.
What Cloud-Native Application Protection Platform do you recommend?
We like Prisma Cloud by Palo Alto Networks, since it offers us incredible visibility into our entire cloud system. We...
What do you think of Aqua Security vs Prisma Cloud?
Aqua Security is easy to use and very manageable. Its main focus is on Kubernetes and Docker. Security is a very valu...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
Prisma Public Cloud, RedLock Cloud 360, RedLock, Twistlock, Aporeto
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Amgen, Genpact, Western Asset, Zipongo, Proofpoint, NerdWallet, Axfood, 21st Century Fox, Veeva Systems, Reinsurance Group of America
Find out what your peers are saying about Chainguard Containers vs. Prisma Cloud by Palo Alto Networks and other solutions. Updated: June 2026.
904,836 professionals have used our research since 2012.