No more typing reviews! Try our Samantha, our new voice AI agent.

Cycode vs Qualys CyberSecurity Asset Management comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cycode
Ranking in Software Supply Chain Security
10th
Average Rating
8.0
Reviews Sentiment
7.3
Number of Reviews
2
Ranking in other categories
Static Application Security Testing (SAST) (22nd), Software Composition Analysis (SCA) (17th), Application Security Posture Management (ASPM) (9th)
Qualys CyberSecurity Asset ...
Ranking in Software Supply Chain Security
2nd
Average Rating
9.0
Reviews Sentiment
7.0
Number of Reviews
35
Ranking in other categories
Vulnerability Management (6th), Patch Management (4th), Cyber Asset Attack Surface Management (CAASM) (3rd), Attack Surface Management (ASM) (3rd)
 

Mindshare comparison

As of July 2026, in the Software Supply Chain Security category, the mindshare of Cycode is 3.1%, down from 4.8% compared to the previous year. The mindshare of Qualys CyberSecurity Asset Management is 3.4%, up from 1.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Supply Chain Security Mindshare Distribution
ProductMindshare (%)
Qualys CyberSecurity Asset Management3.4%
Cycode3.1%
Other93.5%
Software Supply Chain Security
 

Featured Reviews

reviewer2014131 - PeerSpot reviewer
DevSecOps Security Engineer at a manufacturing company with 10,001+ employees
Secret scanning has strengthened our code security and now needs better container integration
Regarding container scanning, Cycode can be improved as it does not have a CLI. As a DevSecOps professional, having a CLI is a must-have for any tool to integrate it into systems. Although Cycode does have a CLI, specifically for the container scanning module, a CLI does not exist. This is why all the modules that Cycode offers cannot be fully leveraged. A CLI for the container scanning module is believed to be on Cycode's roadmap, but it is not available today. As a big enterprise dealing with many assets, Cycode being faster would be beneficial. With many assets on-boarded on Cycode, the tool sometimes becomes slow. Making Cycode faster would definitely help. Other than that, things are good.
Nicki Møller - PeerSpot reviewer
Information Security Engineer at a manufacturing company with 5,001-10,000 employees
Enables automation and quick access to necessary information
One of the significant challenges Qualys is discovery, which I know Microsoft excels at. I can't recall how well Qualys performs this function; it seems I might be missing some details. However, if there's one key aspect to focus on, it's discovery—the ability to identify assets that you are not aware of, even when you can see they are present. Understanding what those assets are is crucial. With Qualys CyberSecurity Asset Management, it was very difficult to extract detections from the system. The features within Qualys are limited to what they have developed. Sometimes a complete overview is needed to push to a Power BI dashboard, Splunk, ServiceNow, or other platforms. The export process is incredibly challenging. We needed a developer to write a hundred-line Python script that would loop over certain assets due to export limitations. Qualys CyberSecurity Asset Management could improve its integration capabilities. While it generates substantial data, correlating it with other data sources can be challenging. The export process is difficult, and pre-built integrations with other tools could be enhanced for better process implementation.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cycode excels in secret scanning and is brilliant at finding and identifying secrets within code."
"Cycode has positively impacted the organization by saving time in the pipeline and providing one platform for secret scanning, SAST, and Infrastructure as Code facilities."
"I appreciate the feature that simplifies cloud security posture, offering insights into vulnerabilities, and reducing the complexity of managing the security program."
"We have had zero attacks since we enabled all the features in Qualys CSAM."
"When you implement a dynamic tag using a query, you do not need to manually tag all the servers. It categorizes all the servers that come under that query. The tagging part is automatically done within a few minutes. It reduces the effort."
"Authorized and unauthorized software visibility is the best feature for me."
"The best feature is asset discovery through their cloud agent or IP-based scanning."
"Qualys CyberSecurity Asset Management offers valuable features such as continuous vendor support, rapid response times, dedicated vendor partnerships, and advanced technical capabilities for risk identification."
"I would rate Qualys CSAM a ten out of ten."
"I use it primarily with tagging, asset counts, and groups that we can put them in, and we also use it to tell if a device has been merged and seen in Qualys CyberSecurity Asset Management, so that's beneficial for us too."
 

Cons

"Regarding container scanning, Cycode can be improved as it does not have a CLI."
"Currently, Cycode does not have good container security, and while it is a full solution, companies desiring a single platform must seek additional tools to scan container images."
"In my opinion, the area that needs improvement is the role-based access control (RBAC). The access privilege management needs to be more robust and streamlined to enhance user access management. Additionally, improvements to the user interface could be beneficial."
"Sometimes both updates and software types appear together on one list, making it hard to differentiate."
"The scanning function could be improved."
"Currently, whenever the agent is running, it consumes over ten percent of my CPU, indicating that CPU consumption is another area Qualys needs to address."
"The deployment is somewhat complicated and could be made more user-friendly for most users. It is currently not user-friendly for all users. It is good but can be improved. It is a new product, and they are working on it."
"Some areas that would be helpful are more comprehensive tagging and the ability to set up better dynamic rules."
"They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that."
"We've received very poor guidance from them, especially after learning several things we need to fix during the Qualys conference."
 

Pricing and Cost Advice

Information not available
"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."
"The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution."
"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."
"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."
"Qualys is competitively priced for its features. Its pricing is suitable for large organizations with more than 4,000 assets, but for smaller organizations with few assets, such as banks, the costs might be high. They should come up with packages that are suitable for small organizations."
"The cost for Qualys CyberSecurity Asset Management is high."
"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."
"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."
report
Use our free recommendation engine to learn which Software Supply Chain Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
23%
Financial Services Firm
14%
University
7%
Computer Software Company
7%
Financial Services Firm
15%
Computer Software Company
9%
Manufacturing Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise2
Large Enterprise23
 

Questions from the Community

What is your experience regarding pricing and costs for Cycode?
Cycode is aggressively priced across the board with respect to other tools when it comes to pricing, setup cost, and licensing.
What needs improvement with Cycode?
Regarding container scanning, Cycode can be improved as it does not have a CLI. As a DevSecOps professional, having a CLI is a must-have for any tool to integrate it into systems. Although Cycode d...
What is your primary use case for Cycode?
Cycode is used for multiple types of scanning including secrets, SAST scanning, and IAC misconfiguration scanning. Secret scanning was one of the first services launched using Cycode and is integra...
What needs improvement with Qualys CyberSecurity Asset Management?
I think the one thing Qualys CyberSecurity Asset Management can do better is the package management and the updating process. Knowing that you can't update any of the packages until you've done the...
What is your primary use case for Qualys CyberSecurity Asset Management?
I primarily use it for a small, single-site, multi-source setup with multi-WAN inputs. I have a main fiber connection and a couple of failovers while managing different networks across different se...
 

Overview

Find out what your peers are saying about Cycode vs. Qualys CyberSecurity Asset Management and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.