• Home
  • GitGuardian Platform vs. JFrog Xray

GitGuardian Platform vs JFrog Xray comparison

Cancel
You must select at least 2 products to compare!
GitGuardian Logo
GitGuardian Platform
Read 22 GitGuardian Platform reviews
746 views|123 comparisons
100% willing to recommend
JFrog Logo
JFrog Xray
Read 7 JFrog Xray reviews
1,041 views|784 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
GitGuardian Platform vs. JFrog Xray
March 2024
Executive Summary

We performed a comparison between GitGuardian Platform and JFrog Xray based on real PeerSpot user reviews.

Find out in this report how the two Software Supply Chain Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed GitGuardian Platform vs. JFrog Xray Report (Updated: March 2024).
Download the complete report
770,616 professionals have used our research since 2012.
Featured Review
Joan Ging
It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation
GitGuardian helps us prioritize remediation quickly. The alerting component is helpful because it lets people know immediately when something... Read more →
Anonymous User
Solid watch policies; blocks vulnerabilities well
I would say that this solution has helped our organization by allowing us to automate a lot of the processes.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"GitGuardian has pretty broad detection capabilities. It covers all of the types of secrets that we've been interested in... [Yet] The "detector" concept, which identifies particular categories or types of secrets, allows an organization to tweak and tailor the configuration for things that are specific to its environment. This is highly useful if you're particularly worried about a certain type of secret and it can help focus attention, as part of early remediation efforts.""The secrets detection and alerting is the most important feature. We get alerted almost immediately after someone commits a secret. It has been very accurate, allowing us to jump on it right away, then figure out if we have something substantial that has been leaked or whether it is something that we don't have to worry about. This general main feature of the app is great.""The most valuable feature is the general incident reporting system.""GitGuardian has helped to increase our security team's productivity. Now, we don't need to call the developers all the time and ask what they are working on. I feel the solution bridged the gap between our team and the developers, which is really great. I feel that we need that in our company, since some of the departments are just doing whatever and you don't know what they are doing. I think GitGuardian does a good job of bridging the gap. It saves us about 10 hours per week.""The most valuable feature of GitGuardian is that it finds tokens and passwords. That's why we need this tool. It minimizes the possibility of security violations that we cannot find on our own.""Presently, we find the pre-commit hooks more useful.""GitGuardian has many features that fit our use cases. We have our internal policies on secret exposure, and our code is hosted on GitLab, so we need to prevent secrets from reaching GitLab because our customers worry that GitLab is exposed. One of the great features is the pre-receive hook. It prevents commits from being pushed to the repository by activating the hook on the remotes, which stops the developers from pushing to the remote. The secrets don't reach GitLab, and it isn't exposed.""GitGuardian has also helped us develop a security-minded culture. We're serious about shift left and getting better about code security. I think a lot of people are getting more mindful about what a secret is."

More GitGuardian Platform Pros →

"JFrog Xray shows us a list of vulnerabilities that can impact our code.""The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy.""The solution is stable and reliable.""JFrog Xray's reporting feature has a lot of options in it, including scanning.""Good reporting functionalities.""If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first.""I would say that this solution has helped our organization by allowing us to automate a lot of the processes."

More JFrog Xray Pros →

Cons
"It took us a while to get new patterns introduced into the pattern reporting process.""The main thing for me is the customization for some of the healthcare-specific identifiers that we want to validate. There should be some ability, which is coming in the near future, to have custom identifiers. Being in healthcare, we have pretty specific patterns that we need to match for PHI or PII. Having that would add a little bit extra to it.""One improvement that I'd like to see is a cleaner for Splunk logs. It would be nice to have a middle man for anything we send or receive from Splunk forwarders. I'd love to see it get cleaned by GitGuardian or caught to make sure we don't have any secrets getting committed to Splunk logs.""We have been somewhat confused by the dashboard at times.""Right now, we are waiting for improvement in the RBAC support for GitGuardian.""We'd like to request a new GitGuardian feature that automates user onboarding and access control for code repositories.""There are some features that are lacking in GitGuardian. The more we grow and the more engineers we have, the more it will become difficult to assign an incident because the assignment is not automatic. I know they are working on that and we are waiting for it.""They could give a developer access to a dashboard for their team's repositories that just shows their repository secrets. I think more could be exposed to developers."

More GitGuardian Platform Cons →

"The speed of JFrog Xray should improve. Other solutions have better performance.""I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images.""Since we have been using the solution via APIs, there are some limitations in the APIs.""Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool.""JFrog Xray does not have a dashboard.""Lacks deeper reporting, the ability to compare things.""JFrog Xray's documentation and error logging could be improved."

More JFrog Xray Cons →

Pricing and Cost Advice
  • "We don't have a huge number of users, but its yearly rate was quite reasonable when compared to other per-seat solutions that we looked at... Having a free plan for a small number of users was really great. If you're a small team, I don't see why you wouldn't want to get started with it."
  • "It's a little bit expensive."
  • "You get what you pay for. It's one of the more expensive solutions, but it is very good, and the low false positive rate is a really appealing factor."
  • "The pricing and licensing are fair. It isn't very expensive and it's good value."
  • "The internal side is cheap per user. It is annual pricing based on the number of users."
  • "We have seen a return on investment. The amount of time that we would have spent manually doing this definitely outpaces the cost of GitGuardian. It is saving us about $35,000 a year, so I would say the ROI is about $20,000 a year."
  • "It could be cheaper. When GitHub secrets monitoring solution goes to general access and general availability, GitGuardian might be in a little bit of trouble from the competition, and maybe then they might lower their prices. The GitGuardian solution is great. I'm just concerned that they're not GitHub."
  • "It's not cheap, but it's not crazy expensive either."

    • More GitGuardian Platform Pricing and Cost Advice →

    Information Not Available
    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Software Supply Chain Security solutions are best for your needs.
    See Recommendations
    770,616 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about GitGuardian Internal Monitoring ?
    Top Answer:It's also worth mentioning that GitGuardian is unique because they have a free tier that we've been using for the first twelve months. It provides full functionality for smaller teams. We're a smaller… more »
    Read all 15 answers   →
    What is your experience regarding pricing and costs for GitGuardian Inter...
    Top Answer:The purchasing process is convoluted compared to Snyk, the other tool we use. It's like night and day because you only need to punch in your credit card, and you're set. With GitGuardian, getting a… more »
    Read all 13 answers   →
    What needs improvement with GitGuardian Internal Monitoring ?
    Top Answer:GitGuardian had a really nice feature that allowed you to compare all the public GitHub repositories against your code base and see if your code leaked. They discontinued it for some reason about… more »
    Read all 15 answers   →
    What do you like most about JFrog Xray?
    Top Answer:JFrog Xray shows us a list of vulnerabilities that can impact our code.
    Read all 5 answers   →
    What needs improvement with JFrog Xray?
    Top Answer:There is a tool called DefectDojo for reporting. Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore… more »
    Read all 5 answers   →
    What is your primary use case for JFrog Xray?
    Top Answer:We use this solution to identify vulnerabilities in the dependency file. We have the Artifactory package which integrates with Xray-like plugins. We can automatically plug this tool into Xray to… more »
    Read all 5 answers   →
    Ranking
    4th
    out of 31 in Software Supply Chain Security
    Views
    746
    Comparisons
    123
    Reviews
    14
    Average Words per Review
    1,332
    Rating
    9.0
    3rd
    out of 31 in Software Supply Chain Security
    Views
    1,041
    Comparisons
    784
    Reviews
    6
    Average Words per Review
    495
    Rating
    8.2
    Comparisons
    Also Known As
    GitGuardian Internal Monitoring
    JFrog Security Essentials
    Learn More
    GitGuardian
    JFrog
    Overview

    GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.

    Widely adopted by developer communities, GitGuardian is used by more than 500,000 developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading companies, including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW: Pensions, and Stedi.

    GitGuardian Platform includes automated secrets detection and remediation. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.

    Its detection engine is trained against more than a billion public GitHub commits every year, and it covers 350+ types of secrets such as API keys, database connection strings, private keys, certificates, and more.

    GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents fast and in full. By pulling developers closer to the remediation process, organizations can achieve higher incident closing rates and shorter fix times.

    The platform integrates across the DevOps toolchain, including native support for continuously scanning VCS platforms like GitHub, Gitlab, Azure DevOps and Bitbucket or CI/CD tools like Jenkins, CircleCI, Travis CI, GitLab pipelines, and many more. It also integrates with ticketing and messaging systems like Splunk, PagerDuty, Jira and Slack to support teams with their incident remediation workflows. GitGuardian is offered as a SaaS platform but can also be hosted on-premise for organizations operating in highly regulated industries or with strict data privacy requirements.

    JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

    If you are a team player and you care and you play to WIN, we have just the job you're looking for.

    As we say at JFrog: "Once You Leap Forward You Won't Go Back!"​

    Sample Customers
    Automox, 66degrees (ex Cloudbakers), Iress, Now:Pensions, Payfit, Orange, BouyguesTelecom, Seequent, Stedi, Talend, Snowflake... 
    google, amazon, cisco, netflix, oracle, vmware, facebook
    Top Industries
    REVIEWERS
    Computer Software Company28%
    Insurance Company11%
    Wholesaler/Distributor11%
    Comms Service Provider11%
    VISITORS READING REVIEWS
    Comms Service Provider21%
    Computer Software Company15%
    Financial Services Firm9%
    Media Company8%
    VISITORS READING REVIEWS
    Financial Services Firm24%
    Manufacturing Company14%
    Computer Software Company12%
    Insurance Company5%
    Company Size
    REVIEWERS
    Small Business36%
    Midsize Enterprise28%
    Large Enterprise36%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise12%
    Large Enterprise62%
    REVIEWERS
    Midsize Enterprise29%
    Large Enterprise71%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise76%
    Buyer's Guide
    GitGuardian Platform vs. JFrog Xray
    March 2024
    Free Report: GitGuardian Platform vs. JFrog Xray
    Find out what your peers are saying about GitGuardian Platform vs. JFrog Xray and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    770,616 professionals have used our research since 2012.

    GitGuardian Platform is ranked 4th in Software Supply Chain Security with 22 reviews while JFrog Xray is ranked 3rd in Software Supply Chain Security with 7 reviews. GitGuardian Platform is rated 9.0, while JFrog Xray is rated 8.2. The top reviewer of GitGuardian Platform writes "It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation". On the other hand, the top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". GitGuardian Platform is most compared with SonarQube, Cycode, GitHub Advanced Security, Snyk and Microsoft Purview Data Loss Prevention, whereas JFrog Xray is most compared with Black Duck, Snyk, Mend.io, Veracode and Trivy. See our GitGuardian Platform vs. JFrog Xray report.

    See our list of best Software Supply Chain Security vendors.

    We monitor all Software Supply Chain Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.