JFrog Xray vs NGINX App Protect comparison

JFrog and F5 are both solutions in the Container Security category. JFrog is ranked #20 with an average rating of 7.8, while F5 is ranked #21 with an average rating of 8.6. JFrog holds a 3.9% mindshare in Container Security, compared to F5’s 0.2% mindshare. Additionally, 100% of JFrog users are willing to recommend the solution, compared to 95% of F5 users who would recommend it.

JFrog Xray

Read 8 JFrog Xray reviews

3,038 Views
762 Comparison Views

100% willing to recommend

NGINX App Protect

Read 24 NGINX App Protect reviews

274 Views
84 Comparison Views

95% willing to recommend

JFrog Xray

NGINX App Protect

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 16, 2024

NGINX App Protect and JFrog Xray compete in application protection and artifact analysis, respectively. JFrog Xray has the upper hand with better user satisfaction regarding features and ease of deployment, though NGINX App Protect excels in specific security aspects and customer service.

Features: NGINX App Protect is recognized for its robust security measures, effective threat mitigation, and integration with existing infrastructure. JFrog Xray offers comprehensive artifact scanning, continuous security, and support for various programming languages. Users prefer JFrog Xray for its broader application and superior integration capabilities.

Room for Improvement: NGINX App Protect could benefit from improved documentation, enhanced reporting features, and user interface refinements. JFrog Xray needs better scalability, reduced false positives, and improved performance under large workloads. Users find JFrog Xray's issues less impactful compared to those of NGINX App Protect.

Ease of Deployment and Customer Service: NGINX App Protect offers a straightforward deployment process and excellent customer service with timely support. JFrog Xray, while slightly more complex to deploy, provides extensive support documentation and responsive customer service. Users feel JFrog Xray's deployment complexity is offset by its detailed guidance and support.

Pricing and ROI: NGINX App Protect users report moderate setup costs with a favorable ROI due to efficient threat management reducing security incidents. JFrog Xray’s costs are higher, with users perceiving an excellent ROI because of enhanced software quality and reduced vulnerabilities.

To learn more, read our detailed JFrog Xray vs. NGINX App Protect Report (Updated: June 2025).

Buyer's Guide

JFrog Xray vs. NGINX App Protect

June 2025

Download the complete report

Helped 859,129 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

JFrog Xray

Ranking in Container Security

20th

Average Rating

8.0

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Vulnerability Management (32nd), Software Composition Analysis (SCA) (6th), Software Supply Chain Security (2nd)

NGINX App Protect

Ranking in Container Security

21st

Average Rating

8.4

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Web Application Firewall (WAF) (15th), API Security (2nd)

Mindshare comparison

As of June 2025, in the Container Security category, the mindshare of JFrog Xray is 3.9%, up from 2.1% compared to the previous year. The mindshare of NGINX App Protect is 0.2%, down from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Container Security

Featured Reviews

Mokshi Pandita

DevOps Engineer at Rambøll Danmark A/S

An intelligent solution that prioritizes which vulnerability to target first in your project

We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.

Read full review

Tomaz Sobczak

Security System Engineer at Ascomp S.A.

Signature-based detection, DOS protection, and bot protection

NGINX App Protect is easier to automate and configure, or manage from an API. This is good for securing applications. However, it's not suitable for more complex tasks. NGINX App Protect positively impacted performance changes. There's a cache or it works like a proxy, so it can speed up applications. It can also offload some functions from servers, which NGINX can handle faster.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"JFrog Xray's reporting feature has a lot of options in it, including scanning."

"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."

"Good reporting functionalities."

"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."

"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."

"JFrog Xray shows us a list of vulnerabilities that can impact our code."

"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."

"The solution is stable and reliable."

More JFrog Xray pros

"The most valuable feature of NGINX App Protect is its open source."

"WAF is useful to track mitigation, inclusion, prevention, and the parametric firewall."

"The stability of the product is very impressive since it handles 60,000 to 70,000 requests or transactions per second."

"NGINX App Protect's best features are auto-learning, which creates a profile of applications that are deployed, bot protection, and force protection, which lets you configure your brute force policy and alert for and prevent brute force attacks."

"The most valuable feature of NGINX App Protect is its flexibility."

"The tool's most valuable feature is the OWASP certification. Additionally, the tool's ability to enforce strong passwords and OTP within minutes is impressive. With its analytics and recommendations, it is a very good solution."

"The initial setup was simple and took three to four days."

"NGINX App Protect has complete control over the HTTP session."

More NGINX App Protect pros

Cons

"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."

"JFrog Xray's documentation and error logging could be improved."

"The speed of JFrog Xray should improve. Other solutions have better performance."

"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."

"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."

"JFrog Xray does not have a dashboard."

"X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL."

"Lacks deeper reporting, the ability to compare things."

More JFrog Xray cons

"The setup of NGINX App Protect is complex. The full process took one week to complete. Additionally, we had to change the network infrastructure platform which took one month."

"The dashboard could provide a more comprehensive view of the status of the connections."

"Areas for improvement would be if NGINX could scan for vulnerabilities and learn and update the signatures of DoS attacks."

"Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment."

"As far as scalability, it takes a long time for deployment."

"The price of NGINX App Protect could improve."

"Its technical support could be better."

"It's challenging if you need to go for a high throughput."

More NGINX App Protect cons

Pricing and Cost Advice

Information not available

"The price of NGINX App Protect is approximately $3,000 annually. All of our licenses are observed by a managed service partner."

"The licensing fees for this solution are pretty expensive for what it does, but there is no alternative."

"Really understand the licensing model, because we underestimated that."

"There is a monthly or annual subscription to use NGINX App Protect. There are not any additional costs to the subscription."

"NGINX is not expensive."

"There are not any additional costs we had to pay to use NGINX App Protect."

"NGINX App Protect is expensive."

"The price of NGINX App Protect is not much different from the products that fall under the leader category of Gartner Magic Quadrant."

More NGINX App Protect pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Container Security solutions are best for your needs.

See recommendations

859,129 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

25%

Computer Software Company

12%

Manufacturing Company

12%

Government

Computer Software Company

17%

Financial Services Firm

14%

Comms Service Provider

Retailer

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about JFrog Xray?

JFrog Xray shows us a list of vulnerabilities that can impact our code.

See all answers

What needs improvement with JFrog Xray?

X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support during troubleshooting sessions would also be beneficial.

See all answers

What is your primary use case for JFrog Xray?

Our primary use case for X-ray includes multiple activities such as security and vulnerability scanning. We already use Black Duck for these purposes, and we are evaluating how JFrog Xray can offer...

See all answers

What do you like most about NGINX App Protect?

It's very easy to deploy.

See all answers

What is your experience regarding pricing and costs for NGINX App Protect?

I don't know the pricing yet because in my other project, I was not part of the buying side and I was just starting to look at options.

See all answers

What needs improvement with NGINX App Protect?

It would be better if it were easier to implement and if there was more information from F5 regarding hardware requirements and specifications to deploy the service, to avoid disruptions after impl...

See all answers

Comparisons

Black Duck vs JFrog Xray

Compared 14% of the time

Trivy vs JFrog Xray

Compared 14% of the time

Veracode vs JFrog Xray

Compared 6% of the time

GitHub Dependabot vs JFrog Xray

Compared 6% of the time

Prisma Cloud by Palo Alto Networks vs JFrog Xray

Compared 6% of the time

More JFrog Xray Competitors

Azure Front Door vs NGINX App Protect

Compared 19% of the time

Microsoft Azure Application Gateway vs NGINX App Protect

Compared 18% of the time

Fortinet FortiWeb vs NGINX App Protect

Compared 14% of the time

F5 Advanced WAF vs NGINX App Protect

Compared 9% of the time

AWS WAF vs NGINX App Protect

Compared 7% of the time

More NGINX App Protect Competitors

Product Reports

Buyer's Guide

JFrog Xray

June 2025

Download JFrog Xray product report

Buyer's Guide

NGINX App Protect

June 2025

Download NGINX App Protect product report

Also Known As

JFrog Security Essentials

NGINX WAF, NGINX Web Application Firewall

Overview

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

If you are a team player and you care and you play to WIN, we have just the job you're looking for.

As we say at JFrog: "Once You Leap Forward You Won't Go Back!"

JFrog

NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:

Integrating security controls directly into the development automation pipeline
Applying and managing security for modern and distributed application environments such as containers and microservices
Providing the right level of security controls without impacting release and go-to-market velocity
Complying with security and regulatory requirements

NGINX App Protect offers:

Expanded security beyond basic signatures to ensure adequate controls
F5 app‑security technology for efficacy superior to ModSecurity and other WAFs
Confidently run in “blocking” mode in production with proven F5 expertise
High‑confidence signatures for extremely low false positives
Increases visibility, integrating with third‑party analytics solutions
Integrates security and WAF natively into the CI/CD pipeline
Deploys as a lightweight software package that is agnostic of underlying infrastructure
Facilitates declarative policies for “security as code” and integration with DevOps tools
Decreases developer burden and provides feedback loop for quick security remediation
Accelerates time to market and reduces costs with DevSecOps‑automated security

Sample Customers

google, amazon, cisco, netflix, oracle, vmware, facebook

Information Not Available

Buyer's Guide

JFrog Xray vs. NGINX App Protect

June 2025

Free Report: JFrog Xray vs. NGINX App Protect

Find out what your peers are saying about JFrog Xray vs. NGINX App Protect and other solutions. Updated: June 2025.

DOWNLOAD NOW

859,129 professionals have used our research since 2012.

See our JFrog Xray vs. NGINX App Protect report.

See our list of best Container Security vendors.

We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.