No more typing reviews! Try our Samantha, our new voice AI agent.

ExtraHop Reveal(x) 360 vs Trivy comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
ExtraHop Reveal(x) 360
Ranking in Container Security
35th
Average Rating
8.6
Reviews Sentiment
6.8
Number of Reviews
5
Ranking in other categories
Intrusion Detection and Prevention Software (IDPS) (17th), Network Traffic Analysis (NTA) (10th), Extended Detection and Response (XDR) (29th)
Trivy
Ranking in Container Security
5th
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
12
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of ExtraHop Reveal(x) 360 is 0.5%, up from 0.2% compared to the previous year. The mindshare of Trivy is 2.7%, down from 5.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Trivy2.7%
Qualys TotalCloud1.5%
ExtraHop Reveal(x) 3600.5%
Other95.3%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
reviewer2857197 - PeerSpot reviewer
Lead IT Service Analyst at a manufacturing company with 10,001+ employees
Cloud-native threat detection has improved incident investigations and now reduces breach risk
We have covered most of the features over the past three years and look forward to discovering more as we work closely with the ExtraHop technical team, who are open to sharing what they have developed. Pricing is on the higher side, typically based on load, volume of traffic, and deployment scale. The advanced detection capabilities provide significant value in reducing investigation time, making the licensing and pricing acceptable for larger organizations. ExtraHop Reveal(x) 360 has undeniably improved our security posture, reduced manual investigation efforts, and facilitated fast threat detection mechanisms, which all help prevent costly potential breaches in enterprise environments. ExtraHop Reveal(x) 360's SaaS environment is well-suited for cloud, on-premises, and hybrid environments, effectively addressing real-life scenarios involving east-west and north-south traffic. The platform is recommended for large organizations in need of comprehensive detection capabilities. I would rate this product overall as an 8 out of 10.
Utsav Sharma - PeerSpot reviewer
Senior Security Consultant at Ernst & Young
Maintain operational efficiency by detecting misconfigurations and vulnerabilities
The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma. It also offers repository scanning in the source code domain, allowing pre-push code scans. The misconfiguration detection works well for CloudFormation, Docker files, and Terraform. Its compliance support, like NIST, ensures that configurations align with standards. Trivy helps me significantly detect misconfigurations missed by the ops engineers or in Terraform by the naked eye. It ensures that my deployments are free of misconfigurations and vulnerabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud has significantly reduced our workload in terms of managing risks, helping us to be more efficient and save substantial resources."
"TotalCloud provides the easiest and the best approach for cloud infrastructure management."
"Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes."
"Its dashboards are brilliant. It provides in-depth insights."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"Qualys TotalCloud's most valuable feature is its ability to link clusters of assets, providing a clear model of deployments, vulnerabilities, and statuses."
"If someone were to ask me to review Qualys TotalCloud, I would summarize it as an end-to-end solution for cloud security with visibility and governance-grade controls without needing to manage multiple disconnected tools."
"The best part I like is the on-demand scans."
"ExtraHop Reveal(x) 360 has undeniably improved our security posture, reduced manual investigation efforts, and facilitated fast threat detection mechanisms, which all help prevent costly potential breaches in enterprise environments."
"Their technical support is more effective and of better quality than other competitors."
"It is very easy to collect and handle data in ExtraHop Reveal(X) Cloud. Integration with Big Data is also easy. Many of our customers integrate it with Big Data platforms like Splunk or Elastic. It is also easy to handle and easy to understand."
"ExtraHop Reveal(x) 360 has positively impacted my organization by helping us detect abnormal activity on our network that we could not detect through our SIEM or XDR platform."
"It is scalable."
"It stands out for its intuitive and efficient user interface, robust detection capabilities with minimal false positives, and the ability to handle encrypted traffic, making it a valuable asset for network security and management."
"I rate Trivy a nine out of ten."
"Trivy is very reliable and always has an up-to-date database to scan images and identify vulnerabilities."
"It's customizable, allowing me to add any rules and format HTML templates as I wish."
"What I find valuable is the ease of setup with Trivy, including pre-defined operators that require minimal configuration."
"One of the great features of Trivy is that it helps me scan items such as AWS credentials and GCP service accounts."
"Trivy's ability to scan files, images, GitHub repositories, Infrastructure as Code like Terraform, and Kubernetes is valuable."
"The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma."
"Trivy is most valuable for its ability to scan all repository files and dependencies."
 

Cons

"We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage."
"TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments."
"Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."
"There is room for improvement in vulnerability scanning, particularly for PaaS environments. Currently, Qualys does not have full access to these instances, which limits its effectiveness."
"Areas that need improvement in every solution include the remediation part. The remediation steps should be simple enough for everyone to understand."
"The price is very expensive, actually."
"In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"I would like to see ExtraHop Reveal(x) 360 improved by integrating XDR features with NDR."
"Their professional service can be improved."
"They can include integration with SAP. Currently, no vendor provides network performance monitoring in the SAP market. It is a very big market. We have around 400 customers for SAP in Korea. In the USA, there are more than 10,000 customers."
"There needs to be more support."
"One challenge with ExtraHop Reveal(x) 360 is its pricing, which tends to be comparatively high in the marketplace."
"A drawback includes bucket storage limitations for payload data, necessitating timely extraction for thorough investigations."
"Trivy is not scalable; however, I have scanned very large projects with it. It is stable but not scalable according to my experience."
"The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting."
"Trivy can improve by providing an output in PDF format."
"Trivy generates many false positives, flagging non-existent vulnerabilities. Improvements could include better contextual analysis or granular filtering."
"Trivy can improve by providing an output in PDF format. Additionally, it takes longer to scan container images built with many layers."
"The reporting could be a little better. When integrating Trivy with CI, the interpretation of the reports could be improved."
"For malware detection, I need to use two tools: Trivy as my anomaly scanner and ClamAV. I am integrating these two tools into the CI pipeline. If both malware and anomaly detection could be managed by one tool, I would not need to depend on two tools. That would be my suggestion."
"The main area for improvement is in differentiating between OS and application-based vulnerabilities."
 

Pricing and Cost Advice

"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"When compared to other solutions, it aligns with the market average, indicating a competitive pricing level."
Information not available
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
13%
Construction Company
9%
Manufacturing Company
8%
Comms Service Provider
7%
Financial Services Firm
13%
Manufacturing Company
11%
Computer Software Company
10%
Comms Service Provider
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise9
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
Ask a question
Earn 20 points
What needs improvement with Trivy?
Trivy's marketing and awareness need improvement. Not everyone knows about it, which isn't ideal given its capabiliti...
What is your primary use case for Trivy?
I use Trivy ( /products/trivy-reviews ) to scan code for vulnerabilities before deployment. Our projects, which are d...
What advice do you have for others considering Trivy?
I recommend Trivy to others due to its powerful and useful features. However, I suggest increasing its marketing to r...
 

Also Known As

Qualys TotalCloud with FlexScan
ExtraHop Reveal(X) Cloud, Reveal(X) Cloud
No data available
 

Overview

 

Sample Customers

Information Not Available
Wizards of the Coast
Information Not Available
Find out what your peers are saying about ExtraHop Reveal(x) 360 vs. Trivy and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.