FOSSA vs JFrog Xray comparison

Cancel
You must select at least 2 products to compare!
FOSSA Logo
3,152 views|1,893 comparisons
JFrog Logo
5,837 views|4,379 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between FOSSA and JFrog Xray based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed FOSSA vs. JFrog Xray Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I am impressed with the tool’s seamless integration and quick results.""Being able to know the licenses of the libraries is most valuable because we sell products, and we need to provide to the customers the licenses that we are using.""FOSSA provided us with contextualized, easily actionable intelligence that alerted us to compliance issues. I could tell FOSSA exactly what I cared about and they would tell me when something was out of policy. I don't want to hear from the compliance tool unless I have an issue that I need to deal with. That was what was great about FOSSA is that it was basically "Here's my policy and only send me an alert if there's something without a policy." I thought that it was really good at doing that.""The support team has just been amazing, and it helps us to have a great support team from FOSSA. They are there to triage and answer all our questions which come up by using their product.""Policies and identification of open-source licensing issues are the most valuable features. It reduces the time needed to identify open-source software licensing issues.""Their CLI tool is very efficient. It does not send your source code over to their servers. It just does fingerprinting. It is also very easy to integrate into software development practices.""The scalability is excellent.""One of the things that I really like about FOSSA is that it allows you to go very granular. For example, if there's a package that's been flagged because it's subject to a license that may be conflicts with or raises a concern with one of the policies that I've set, then FOSSA enables you to go really granular into that package to see which aspects of the package are subject to which licenses. We can ultimately determine with our engineering teams if we really need this part of the package or not. If it's raising this flag, we can make really actionable decisions at a very micro level to enable the build to keep pushing forward."

More FOSSA Pros →

"Good reporting functionalities.""If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first.""The solution is stable and reliable.""I would say that this solution has helped our organization by allowing us to automate a lot of the processes.""JFrog Xray shows us a list of vulnerabilities that can impact our code.""The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy.""JFrog Xray's reporting feature has a lot of options in it, including scanning."

More JFrog Xray Pros →

Cons
"The solution provides contextualized, actionable, intelligence that alerts us to compliance issues, but there is still a little bit of work to be done on it. One of the issues that I have raised with FOSSA is that when it identifies an issue that is an error, why is it in error? What detail can they give to me? They've improved, but that still needs some work. They could provide more information that helps me to identify the dependencies and then figure out where they originated from.""I want the product to include binary scanning which is missing at the moment. Binary scanning includes code and component matching through dependency management. It also includes the actual scanning and reverse engineering of the boundaries and finding out what is inside.""I wish there was a way that you could have a more global rollout of it, instead of having to do it in each repository individually. It's possible, that's something that is offered now, or maybe if you were using the CI Jenkins, you'd be able to do that. But with Travis, there wasn't an easy way to do that. At least not that I could find. That was probably the biggest issue.""On the dashboard, there should be an option to increase the column width so that we can see the complete name of the GitHub repository. Currently, on the dashboard, we see the list of projects, but to see the complete name, you have to hover your mouse over an item, which is annoying.""One thing that can sometimes be difficult with FOSSA is understanding all that it can do. One of the ways that I've been able to unlock some of those more advanced features is through conversations with the absolutely awesome customer success team at FOSSA, but it has been a little bit difficult to find some of that information separately on my own through FAQs and other information channels that FOSSA has. The improvement is less about the product itself and more about empowering FOSSA customers to know and understand how to unlock its full potential.""On the legal and policy sides, there is some room for improvement. I know that our legal team has raised complaints about having to approve the same dependency multiple times, as opposed to having them it across the entire organization.""For open-source management, FOSSA's out-of-the-box policy engine is easy to use, but the list of licenses is not as complete as we would like it to be. They should add more open-source licenses to the selection.""We have seen some inaccuracies or incompleteness with the distribution acknowledgments for an application, so there's certainly some room for improvement there. Another big feature that's missing that should be introduced is snippet matching, meaning, not just matching an entire component, but matching a snippet of code that had been for another project and put in different files that one of our developers may have created."

More FOSSA Cons →

"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool.""I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images.""Lacks deeper reporting, the ability to compare things.""The speed of JFrog Xray should improve. Other solutions have better performance.""JFrog Xray's documentation and error logging could be improved.""JFrog Xray does not have a dashboard.""Since we have been using the solution via APIs, there are some limitations in the APIs."

More JFrog Xray Cons →

Pricing and Cost Advice
  • "FOSSA is not cheap, but their offering is top-notch. It is very much a "you get what you pay for" scenario. Regardless of the price, I highly recommend FOSSA."
  • "Its price is reasonable as compared to the market. It is competitively priced in comparison to other similar solutions on the market. It is also quite affordable in terms of the value that it delivers as compared to its alternative of hiring a team."
  • "FOSSA is a fairly priced product. It is not either cheaper or expensive. The pricing lies somewhere in the middle. The solution is worth the money that we are spending to use it."
  • "The solution's cost is a five out of ten."
  • More FOSSA Pricing and Cost Advice →

    Information Not Available
    report
    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I am impressed with the tool’s seamless integration and quick results.
    Top Answer:FOSSA is a fairly priced product. It is not either cheaper or expensive. The pricing lies somewhere in the middle. The solution is worth the money that we are spending to use it.
    Top Answer:I want the product to include binary scanning which is missing at the moment. Binary scanning includes code and component matching through dependency management. It also includes the actual scanning… more »
    Top Answer:If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first.
    Top Answer:We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to… more »
    Top Answer:We use JFrog Xray mostly for container scanning.
    Ranking
    Views
    3,152
    Comparisons
    1,893
    Reviews
    1
    Average Words per Review
    282
    Rating
    8.0
    Views
    5,837
    Comparisons
    4,379
    Reviews
    5
    Average Words per Review
    466
    Rating
    8.2
    Comparisons
    Black Duck logo
    Compared 49% of the time.
    Snyk logo
    Compared 16% of the time.
    Mend.io logo
    Compared 10% of the time.
    Veracode logo
    Compared 3% of the time.
    Black Duck logo
    Compared 30% of the time.
    Snyk logo
    Compared 12% of the time.
    Veracode logo
    Compared 8% of the time.
    Mend.io logo
    Compared 8% of the time.
    GitLab logo
    Compared 2% of the time.
    Also Known As
    JFrog Security Essentials
    Learn More
    FOSSA
    Video Not Available
    Overview
    Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for legal teams to maintain license compliance, security to fix vulnerabilities, and engineering to improve code quality across the entire software supply chain. As the only developer-native open source management platform, FOSSA fully integrates with your existing CI/CD pipeline to provide complete visibility and context earlier in the software development lifecycle. For the first time, teams can collaboratively shift left and audit, analyze, control, and remediate license issues and vulnerabilities right in their existing workflows.

    JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

    If you are a team player and you care and you play to WIN, we have just the job you're looking for.

    As we say at JFrog: "Once You Leap Forward You Won't Go Back!"​

    Offer
    Learn more about FOSSA
    Try it Now

    Enjoy a free DevOps platform cloud subscription

    Sample Customers
    AppDyanmic, Uber, Twitter, Zendesk, Confluent
    google, amazon, cisco, netflix, oracle, vmware, facebook
    Top Industries
    REVIEWERS
    Computer Software Company45%
    Legal Firm9%
    Comms Service Provider9%
    Financial Services Firm9%
    VISITORS READING REVIEWS
    Manufacturing Company24%
    Computer Software Company19%
    Financial Services Firm12%
    Healthcare Company5%
    VISITORS READING REVIEWS
    Financial Services Firm23%
    Manufacturing Company14%
    Computer Software Company12%
    Insurance Company6%
    Company Size
    REVIEWERS
    Small Business45%
    Midsize Enterprise9%
    Large Enterprise45%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    REVIEWERS
    Midsize Enterprise29%
    Large Enterprise71%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise11%
    Large Enterprise76%
    Buyer's Guide
    FOSSA vs. JFrog Xray
    March 2024
    Find out what your peers are saying about FOSSA vs. JFrog Xray and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    FOSSA is ranked 9th in Software Composition Analysis (SCA) with 12 reviews while JFrog Xray is ranked 7th in Software Composition Analysis (SCA) with 7 reviews. FOSSA is rated 8.6, while JFrog Xray is rated 8.2. The top reviewer of FOSSA writes "Compatibility with a wide range of dev tools, web and "C-type", enables us to scan across our ecosystem, including legacy software". On the other hand, the top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". FOSSA is most compared with Black Duck, Snyk, Mend.io, Fortify Static Code Analyzer and Veracode, whereas JFrog Xray is most compared with Black Duck, Snyk, Veracode, Mend.io and GitLab. See our FOSSA vs. JFrog Xray report.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.