No more typing reviews! Try our Samantha, our new voice AI agent.

DefectDojo vs JFrog Xray comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
DefectDojo
Ranking in Vulnerability Management
44th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
1
Ranking in other categories
DevSecOps (13th)
JFrog Xray
Ranking in Vulnerability Management
43rd
Average Rating
7.8
Reviews Sentiment
6.3
Number of Reviews
10
Ranking in other categories
Container Security (16th), Software Composition Analysis (SCA) (7th), Software Supply Chain Security (3rd)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of DefectDojo is 0.8%, up from 0.6% compared to the previous year. The mindshare of JFrog Xray is 1.3%, down from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.1%
JFrog Xray1.3%
DefectDojo0.8%
Other96.8%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
reviewer2267097 - PeerSpot reviewer
Integration and Solution Architect at a government with 501-1,000 employees
Easy to use with efficient vulnerability reporting and team collaboration
Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and we send this report to DefectDojo to have CVMs, Central Vulnerability Management. DefectDojo is Central Vulnerability Management. If you have a dashboard to set, we have…
Anand Nanwana - PeerSpot reviewer
DevOps Engineer at Syvora
Offers flexibility across clouds and easy credential management while interface improvements are needed
For JFrog Xray, the Artifactory and package repositories are valuable features. There are many benefits from JFrog Xray. For example, with other registries such as ECR, we can use the images only in the AWS cloud. With JFrog, we can use this registry from any cloud or work locally as well. JFrog can support multiple packages, such as NuGet package, pip, and other technologies. It can be used for Terraform as well. The credential management is very easy in JFrog. For instance, when using GitHub action as a CI/CD tool, I just need to create a token and set up JFrog CLI there and give access to the repository. With multiple repositories, I can generate a token for a specific repository, add that token in the GitHub secret, fetch from the CI/CD, run the command JFrog CLI, and authenticate through the token. Then we can push the images into JFrog.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Generally, Qualys is very good at detections, whether on cloud or on-prem, and the agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"TotalCloud has been excellent in providing us with immediate access to all the products and features we need, such as CSPM, TruRisk Insights, and compliance reports, including CIS and HIPAA."
"Qualys TotalCloud fulfills all these needs."
"Qualys TotalCloud has improved our security posture."
"Qualys TotalCloud provides a single, prioritized view of risk, reducing the workload associated with consolidating multiple sources for risk prioritization."
"Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture."
"It is a cloud-native app that integrates with both IaaS and SaaS. It seamlessly integrates with other platforms."
"With the pipeline of detection and DefectDojo, we are able to see the real vulnerabilities, and we fix them."
"Good reporting functionalities."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"With JFrog, we can use this registry from any cloud or work locally as well, and it can support multiple packages such as NuGet, pip, and other technologies including Terraform, making credential management very easy."
"The solution is stable and reliable."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"I would say the reporting functionalities are pretty good as are the policy watches."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
 

Cons

"The downside is only in container security, but it has not been a long time since they introduced these models."
"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."
"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."
"Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures."
"Their support could be improved."
"I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools."
"We need something to notify the team responsible for a product when vulnerabilities are found."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"Lacks deeper reporting, the ability to compare things."
"JFrog Xray does not have a dashboard."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"JFrog Xray's documentation and error logging could be improved."
"I'd like to see deeper reporting, they're pretty basic and there are no categories for comparing things."
 

Pricing and Cost Advice

"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud is expensive."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
Information not available
Information not available
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
903,933 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
13%
Construction Company
8%
Comms Service Provider
7%
Comms Service Provider
14%
Financial Services Firm
11%
Computer Software Company
9%
Construction Company
8%
Financial Services Firm
26%
Manufacturing Company
11%
Computer Software Company
7%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business1
Midsize Enterprise3
Large Enterprise6
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for DefectDojo?
The pricing is great. It is much cheaper compared to other solutions. We don't want to pay for things we are able to ...
What needs improvement with DefectDojo?
We need something to notify the team responsible for a product when vulnerabilities are found. We are able to attach ...
What is your primary use case for DefectDojo?
Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and...
What needs improvement with JFrog Xray?
I would assess the integration of JFrog Xray with CI/CD tools as the weak point. You have two means to do that: one i...
What is your primary use case for JFrog Xray?
For JFrog Xray product, you can use it for two main goals: compliance and security. You can use it to check if your l...
What is your experience regarding pricing and costs for JFrog Xray?
It is affordable because JFrog Xray provides a free trial of 14 days. We can explore all the features of JFrog in the...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
JFrog Security Essentials
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
google, amazon, cisco, netflix, oracle, vmware, facebook
Find out what your peers are saying about Wiz, Qualys, Tenable and others in Vulnerability Management. Updated: June 2026.
903,933 professionals have used our research since 2012.