Try our new research platform with insights from 80,000+ expert users

DefectDojo vs Wiz comparison

DefectDojo and Wiz are both solutions in the Vulnerability Management category. DefectDojo is ranked #42 with an average rating of 8.0, while Wiz is ranked #1 with an average rating of 8.9. DefectDojo holds a 0.9% mindshare in VM, compared to Wiz’s 6.4% mindshare. Additionally, 100% of DefectDojo users are willing to recommend the solution, compared to 97% of Wiz users who would recommend it.
DefectDojo
Read 1 DefectDojo review
  • 1,278 Views
  • 984 Comparison Views
100% willing to recommend
Wiz
Read 38 Wiz reviews
  • 27,125 Views
  • 11,664 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between DefectDojo and Wiz based on real PeerSpot user reviews.

Find out what your peers are saying about Wiz, Tenable, Qualys and others in Vulnerability Management.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Vulnerability Management Report (Updated: February 2026).
Buyer's Guide
Vulnerability Management
February 2026
Download the complete report
Helped 884,933 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

DefectDojo
Ranking in Vulnerability Management
42nd
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
1
Ranking in other categories
DevSecOps (10th)
Wiz
Ranking in Vulnerability Management
1st
Average Rating
8.8
Reviews Sentiment
7.1
Number of Reviews
38
Ranking in other categories
Container Security (1st), Cloud Workload Protection Platforms (CWPP) (3rd), Cloud Security Posture Management (CSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (1st), Data Security Posture Management (DSPM) (1st), Compliance Management (1st), Cloud Detection and Response (CDR) (1st)
 

Mindshare comparison

As of March 2026, in the Vulnerability Management category, the mindshare of DefectDojo is 0.9%, up from 0.4% compared to the previous year. The mindshare of Wiz is 6.4%, down from 11.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Wiz6.4%
DefectDojo0.9%
Other92.7%
Vulnerability Management
 

Featured Reviews

reviewer2267097 - PeerSpot reviewer
reviewer2267097
Integration and Solution Architect at a government with 501-1,000 employees
Easy to use with efficient vulnerability reporting and team collaboration
Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and we send this report to DefectDojo to have CVMs, Central Vulnerability Management. DefectDojo is Central Vulnerability Management. If you have a dashboard to set, we have…
Read full review
Peter Whelan - PeerSpot reviewer
Peter Whelan
CISO at a computer software company with 1,001-5,000 employees
Improved our security posture thanks to comprehensive visibility
I have contacted Wiz technical support frequently. The support is excellent. We contact via an in-application portal. We can see the support cases we personally open, and also the cases that other people have opened from our company. I appreciate that feature. Generally, support gets back to us within a few days with a good answer. There was one fellow in particular who has been knocking it out of the park. He is a great support person to deal with. We are happy with the support experience. If I were to put Wiz support on a scale from one to ten, I would give them a ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"With the pipeline of detection and DefectDojo, we are able to see the real vulnerabilities, and we fix them."
"For any organization who want to think of moving to Wiz, the Security Graph feature is amazing and awesome, giving you deeper information than any other tools does and allowing a small security team to manage a massive complex cloud environment without hiring dozens of additional users to look into it."
"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."
"Wiz is very effective and very advanced compared to other solutions."
"Wiz offers greater visibility and more in-depth findings in terms of configuration, misconfiguration, and vulnerabilities."
"The granularity of visibility that the platform provides is the most valuable aspect."
"Wiz has helped me consolidate some tools, as it is not just doing the job of the security tool alone, and we do not need to invest in multiple tools because all aspects such as infrastructure, application, vulnerabilities, and the regular security scoring patterns are in-built into Wiz along with the inventory manager."
"Wiz saves time by validating a network misconfiguration by not only looking at the cloud asset configuration but also by testing if a port that is stated to be open is actually open."
"What I appreciate most about Wiz is that the compliance and CSPM aspects of this cloud-native application protection offering are genuinely better than other products available in the market."
More Wiz pros
 

Cons

"We need something to notify the team responsible for a product when vulnerabilities are found."
"The APIs are currently quite limited and not very mature, which makes integration with Splunk difficult."
"Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment."
"The solution's container security could be improved."
"Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes."
"An area that Wiz can still continue to improve is FinOps."
"Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform."
"Wiz can be improved with better maturity in code scanning and developer workflows, expanding secret detection to full lifecycle management, stronger IAM across multi-account environments, more transparent attack path scoring and risk modeling, improved AI and ML security scanning, reduced false positives in runtime threat detection, more fine-grained access control and tenant separation, and better integration for serverless workloads."
"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
More Wiz cons
 

Pricing and Cost Advice

Information not available
"The cost of the other solutions is comparable to Wiz."
"If one is cheap and ten is expensive, I rate the tool's price as a five out of ten."
"The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time."
"Wiz is a moderately priced solution, where it is neither cheap nor costly."
"Regarding pricing, it’s more than $100k because we have a very big infrastructure. Our environment supports around three thousand people, and we offer business-to-client financial services to around one million clients, so we rely heavily on Wiz."
"The pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select."
"The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing."
"Based on the features and capabilities, the product pricing seems reasonable."
More Wiz pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
See recommendations
884,933 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Comms Service Provider
12%
Financial Services Firm
12%
Manufacturing Company
9%
Financial Services Firm
15%
Computer Software Company
12%
Manufacturing Company
9%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise9
Large Enterprise22
 

Questions from the Community

What is your experience regarding pricing and costs for DefectDojo?
The pricing is great. It is much cheaper compared to other solutions. We don't want to pay for things we are able to do on our own.
See all answers
What needs improvement with DefectDojo?
We need something to notify the team responsible for a product when vulnerabilities are found. We are able to attach a team or a manager for a product, however, we are not able to send them a notif...
See all answers
What is your primary use case for DefectDojo?
Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and we send this report to DefectDojo to have CVMs, Central Vulnerability Managemen...
See all answers
What is your experience regarding pricing and costs for Wiz?
Wiz is expensive, but it offers good value for the money.
See all answers
What needs improvement with Wiz?
Our Technical Account Manager set up weekly meetings, but we have switched it to monthly. We dove into self-training with Wiz Academy so there wasn't much value for us in the meetings. Anytime we n...
See all answers
What is your primary use case for Wiz?
We are delighted to have Wiz Cloud revealing our cloud security posture across our development, QA and production systems for both Azure and AWS. We share access to the results widely with our tech...
See all answers
 

Comparisons

Faraday vs DefectDojo Logo
Faraday vs DefectDojo
Compared 27% of the time
Tenable Security Center vs DefectDojo Logo
Tenable Security Center vs DefectDojo
Compared 9% of the time
GitLab vs DefectDojo Logo
GitLab vs DefectDojo
Compared 9% of the time
Nucleus Security vs DefectDojo Logo
Nucleus Security vs DefectDojo
Compared 9% of the time
More DefectDojo Competitors
Prisma Cloud by Palo Alto Networks vs Wiz Logo
Prisma Cloud by Palo Alto Networks vs Wiz
Compared 8% of the time
Microsoft Defender for Cloud vs Wiz Logo
Microsoft Defender for Cloud vs Wiz
Compared 6% of the time
Orca Security vs Wiz Logo
Orca Security vs Wiz
Compared 5% of the time
SentinelOne Singularity Cloud Security vs Wiz Logo
SentinelOne Singularity Cloud Security vs Wiz
Compared 4% of the time
Upwind vs Wiz Logo
Upwind vs Wiz
Compared 4% of the time
More Wiz Competitors
 

Product Reports

Buyer's Guide
Vulnerability Management
February 2026
DefectDojo reportDownload DefectDojo product report
Buyer's Guide
Wiz
February 2026
Wiz reportDownload Wiz product report
 

Overview

DefectDojo is an open-source application vulnerability management tool designed for organizations aiming to enhance their security posture with a streamlined workflow for managing security findings.

DefectDojo supports security teams by facilitating the tracking, managing, and mitigation of vulnerabilities. It centralizes security findings, integrates with different tools, and automates security metrics reporting. Its automation capabilities reduce manual effort, making it indispensable for teams handling large volumes of vulnerabilities. While highly functional, some user feedback suggests there’s room for improvement in documentation and user interface.

What are DefectDojo's most important features?
  • Integration Capability: Seamlessly integrates with numerous security assessment tools to consolidate security findings.
  • Automation: Automates repetitive tasks like report generation and metrics calculation to save time.
  • Scalability: Handles large datasets efficiently, suitable for complex IT environments.
  • Customizable: Offers customization options for workflows and settings to match specific requirements.
What benefits or ROI should users look for in reviews?
  • Improved Efficiency: Streamlined processes enhance team productivity and speed up vulnerability management.
  • Enhanced Security: Comprehensive tracking and reporting improve the security posture of organizations.
  • Cost-Effective: Open-source nature minimizes costs compared to proprietary solutions.
  • Time-Saving: Reduces manual input with automated features, allowing teams to focus on high-priority tasks.

DefectDojo is commonly adopted in industries prioritizing cybersecurity, such as finance, healthcare, and technology, where it is utilized to manage ongoing security assessments and track external threats. Its ability to integrate with specialized tools makes it suitable for environments requiring robust security measures.

DefectDojo

Wiz is a highly efficient solution for data security posture management (DSPM), with a 100% API-based approach that provides quick connectivity and comprehensive scans of platform configurations and workloads. The solution allows companies to automatically correlate sensitive data with relevant cloud context, such as public exposure, user identities, entitlements, and vulnerabilities.This integration enables them to understand data accessibility, configuration, usage, and movement within their internal environments.

Wiz's Security Graph delivers automated alerts whenever risks emerge, allowing teams to prioritize and address the most critical issues before they escalate into breaches. Furthermore, Wiz ensures rapid and agentless visibility into critical data across various repositories, enabling organizations to easily determine the location of their data assets.

Wiz Features

Wiz provides various features in the following categories:

  • Agentless Scanning: The solution can scan every layer of a cloud environment without requiring agents, managing the entire process and providing comprehensive visibility.

  • Workflow Integration: Users can create customized workflows within Wiz to identify and assign actions based on urgency, integrating them with ticketing systems for quick and efficient remediation.

  • Vulnerability Management: Wiz's vulnerability management modules provide detailed analytics and visibility across cloud systems, streamlining the manual process of vulnerability discovery. The automated attack path analysis helps identify risks and trace potential points of exposure, allowing users to understand and mitigate them effectively and proactively.

  • CSPM (Cloud Security Posture Management): Wiz's CSPM module offers instant visibility into high-level risks to an enterprise’s cloud environment, covering all accounts without the need for agents.

  • Out-of-the-Box Reporting and Custom Queries: The service supports comprehensive reporting with asset context, allowing users to perform complex custom queries on the solution’s user-friendly interface.

  • Automation Roles and Dashboards: The solution facilitates automation by providing essential roles and dedicated dashboards that enable teams to understand security information quickly, even those with limited expertise.

  • Contextual Risk Evaluation: The service contextualizes the various components contributing to an issue, providing a risk evaluation framework that helps prioritize remediation efforts.

  • Security Graph and Visibility: Wiz's security graph offers visibility across the entire organization, even with multiple accounts, enabling users to understand their environment and assets effectively.

The Benefits of Wiz

Wiz offers the following benefits:


  • Comprehensive agentless scanning

  • Effective identification and mitigation of vulnerabilities

  • Streamlined vulnerability management

  • Robust reporting capabilities and customizable queries

  • Enhanced automation and role-based access control

  • Prioritized risk evaluation for efficient remediation

  • Security posture across multiple accounts

Reviews from Real Users

Kamran Siddique, VP Information Security at boxed.com, remarks his company has seen a ROI while using Wiz, as it simplifies the process by integrating multiple useful tools into one solution.

According to a Senior Security Architect at Deliveroo, Wiz has given their company a fresh approach to vulnerability management, as Wiz's native integrations are extremely useful and paramount to the operational success of their platform.



Get a demo | Wiz

Wiz
 

Sample Customers

Information Not Available
Wiz is the fastest growing software company ever - $100M ARR in 18 months: Wiz becomes the fastest-growing software company ever | Wiz Blog  Discover why companies, including Salesforce, Morgan Stanley, Fox, and Bridgewater choose Wiz as their cloud security partner. Read their success stories here: Customers | Wiz
Buyer's Guide
Vulnerability Management
February 2026
Download Free Report
Find out what your peers are saying about Wiz, Tenable, Qualys and others in Vulnerability Management. Updated: February 2026.
DOWNLOAD NOW
884,933 professionals have used our research since 2012.
See our list of best Vulnerability Management vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.