No more typing reviews! Try our Samantha, our new voice AI agent.

DefectDojo vs Qualys VMDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
DefectDojo
Ranking in Vulnerability Management
44th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
1
Ranking in other categories
DevSecOps (13th)
Qualys VMDR
Ranking in Vulnerability Management
2nd
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
96
Ranking in other categories
IT Asset Management (3rd), Configuration Management Databases (3rd), Container Security (9th), Risk-Based Vulnerability Management (1st)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of DefectDojo is 0.8%, up from 0.6% compared to the previous year. The mindshare of Qualys VMDR is 3.9%, down from 7.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys VMDR3.9%
Qualys TotalCloud1.1%
DefectDojo0.8%
Other94.2%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
reviewer2267097 - PeerSpot reviewer
Integration and Solution Architect at a government with 501-1,000 employees
Easy to use with efficient vulnerability reporting and team collaboration
Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and we send this report to DefectDojo to have CVMs, Central Vulnerability Management. DefectDojo is Central Vulnerability Management. If you have a dashboard to set, we have…
Vaibhav Ghule - PeerSpot reviewer
Soc Lead & Edr Administration at Persistent Systems
Continuous risk-based monitoring has strengthened incident response and vulnerability prioritization
I haven't explored Qualys VMDR's vulnerability lifecycle automation yet. One of my analysts mentioned that queries lack grouping operators in Qualys VMDR. From my experience, I would appreciate improvements in the query options in Qualys VMDR, specifically in the query-building process where I would need more features and operators. Additionally, we have been facing issues with Qualys on the cloud level. We cannot download the configuration profile from the cloud agent, and it is showing a pending action for download. During 2025, we noticed outages of Qualys a couple of times. I want to mention that there is an issue with receiving timely RCA deliveries. While this is not necessarily about the tool, it relates to support. The support has not been very responsive, and we are receiving RCAs a little delayed whenever we raise support cases or communicate with the TAMs. Additionally, the UI has a slight latency, which I and my team have experienced. They have also reported this latency issue when navigating through different pages.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud's most valuable feature is its ability to link clusters of assets, providing a clear model of deployments, vulnerabilities, and statuses."
"It is a cloud-native app that integrates with both IaaS and SaaS. It seamlessly integrates with other platforms."
"The most valuable feature of Qualys TotalCloud is the visibility it provides."
"I would recommend Qualys TotalCloud to other users because it is cost-efficient and has a good return on investment."
"The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans."
"Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution."
"Its excellent graphical interface makes the scanning process simple."
"I highly recommend Qualys TotalCloud to other users."
"With the pipeline of detection and DefectDojo, we are able to see the real vulnerabilities, and we fix them."
"It is a stable solution."
"Qualys VM is a really good tool for vulnerability scanning, and it has different sets of profiles that can be utilized for your own requirements."
"Qualys VM's most valuable feature is automatic detection."
"Great web application security for scanning."
"This solution has provided information about existing vulnerabilities, and helped with quick remediation in case of global malware attacks."
"Provides great functionality."
"I would recommend Qualys because it is a reliable, affordable, and very safe product."
"The most valuable feature is automation."
 

Cons

"An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage."
"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."
"Areas that need improvement in every solution include the remediation part. The remediation steps should be simple enough for everyone to understand."
"I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually."
"The cost of Qualys TotalCloud is high and could be more competitive."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."
"Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."
"We need something to notify the team responsible for a product when vulnerabilities are found."
"As users of Qualys for the last three years, we have identified and shared many areas where Qualys needed to have improvements, including vulnerability database having some false positives, web scan module requiring authentication to access basic web forms, asset tagging being a complex technique, and for policy compliance they need to add more leading IT standards for leading IT service providers like Juniper, Cisco, and Microsoft."
"I would like to see this solution more developed and competitive in the Cloud space."
"Endpoint stability and fault resolution could be improved."
"The reporting in this solution can be improved."
"The support needs to improve a lot, their response is absolutely slow."
"Sometimes we face a problem with accessing the tool and not getting an expected result. From a technology point of view, they need to look into this."
"Qualys VM's vulnerability scan could be improved, especially the number of CVE numbers it can manage at a time."
"Integration could be better. When you think about scanning, it's not used just with this product alone but with other Qualys products. If you think about the bundle, the product itself is good. But integration with other products and packages has space for improvement. They should also offer a better price for bundles."
 

Pricing and Cost Advice

"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"The cost is high, but it meets our organizational needs."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"TotalCloud's price is about right where I would expect it to be."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
Information not available
"It is more expensive than other products on the market."
"Qualys is cheaper and more affordable than other solutions."
"There are no additional fees in addition to the standard licensing fees."
"We do see over $100,000 in terms of price, for mid-size programs. You likely will pay more than $100,000 without any discount. It is a bit pricey."
"There is a license for the use of this solution. We pay annually instead of monthly to receive a better discount on the price."
"We have an annual contract for Qualys VMDR. I believe it's for either two years or five years."
"They have recently changed the pricing model, which is now better than it was before."
"It is a high cost product. Compared to the other solutions, it is around 15 to 20% higher in cost."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
903,933 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
13%
Construction Company
8%
Comms Service Provider
7%
Comms Service Provider
14%
Financial Services Firm
11%
Computer Software Company
9%
Construction Company
8%
Financial Services Firm
15%
Manufacturing Company
7%
Computer Software Company
6%
Construction Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise12
Large Enterprise70
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for DefectDojo?
The pricing is great. It is much cheaper compared to other solutions. We don't want to pay for things we are able to ...
What needs improvement with DefectDojo?
We need something to notify the team responsible for a product when vulnerabilities are found. We are able to attach ...
What is your primary use case for DefectDojo?
Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and...
What is your experience regarding pricing and costs for Qualys VMDR?
My experience with pricing, setup cost, and licensing shows that we can consider both time and money saved.
What needs improvement with Qualys VMDR?
I haven't explored Qualys VMDR's vulnerability lifecycle automation yet. One of my analysts mentioned that queries la...
What advice do you have for others considering Qualys VMDR?
I have some understanding about PeerSpot, and I have visited the website. PeerSpot is similar to TrustRadius. It take...
 

Comparisons

 

Also Known As

Qualys TotalCloud with FlexScan
No data available
Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
Find out what your peers are saying about Wiz, Qualys, Tenable and others in Vulnerability Management. Updated: June 2026.
903,933 professionals have used our research since 2012.