JFrog Xray vs The NodeZero Platform by Horizon3.ai comparison

JFrog Xray vs. The NodeZero Platform by Horizon3.ai

Download the complete report

Helped 885,311 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

ROI

Sentiment score

3.5

JFrog Xray improved efficiency, security, and compliance, reduced downtime, and sped up release cycles with enhanced vulnerability detection and reporting.

Sentiment score

3.2

NodeZero Platform enhances network security with automation, offering 99.9% improvement, reduced costs, and increased ROI over traditional methods.

No quotes available

For more quotes and insights, download the JFrog Xray report

A reduction in remediation time has been seen because it is finding things before they happen.

Brian Burnett

Director of Enterprise Security at a energy/utilities company with 51-200 employees

Being able to find them because there have been no eyes on that particular section so far ever, and fixing those potentially prevented those companies from getting breached.

Fabian Brandt

IT Security Consultant at Systemhaus for you GmbH

So far, I have seen a return on investment with The NodeZero Platform by Horizon3.ai, as we managed to save a lot of time and effort with this because this is an autonomous tool, and our manual effort is significantly reduced because of a product of this type.

Hussain Z

Senior Manager | Manager Security Services at RISK ASSOCIATES

For more quotes and insights, download the The NodeZero Platform by Horizon3.ai report

Customer Service

Sentiment score

4.0

JFrog Xray's customer service is generally well-received, with positive technical support, though not all users engage directly.

Sentiment score

6.9

NodeZero Platform is praised for exceptional customer service, with quick, effective responses and high user satisfaction ratings.

When we need clarifications, we contact our account manager, and they arrange demos.

Development Senior at a financial services firm with 5,001-10,000 employees

On a scale of 1 to 10, I would rate the technical support of JFrog Xray an eight because they are very knowledgeable.

For more quotes and insights, download the JFrog Xray report

DevSecOps Engineer at a tech services company with 501-1,000 employees

Overall, when it comes to The NodeZero Platform's tech support, you can reach them via a chat message on their website, and they respond almost immediately.

Brian W.

Director of IT Security at a manufacturing company with 1,001-5,000 employees

Previously, with time-sensitive engagements, I would worry about resolving issues before deadlines. That concern has diminished as they've become more responsive and require less escalation to engineering.

Jon I.

Principal Consultant at JTI Cybersecurity

The vast majority of times they are able to resolve the exact questions my team has on the first attempt, which is really good for customer or technical support.

Shaun Hunt

Chief Information Officer at a construction company with 1,001-5,000 employees

For more quotes and insights, download the The NodeZero Platform by Horizon3.ai report

Scalability Issues

Sentiment score

6.8

JFrog Xray is scalable and suitable for multiple applications, despite PostgreSQL limitations and some performance challenges.

Sentiment score

7.0

NodeZero by Horizon3.ai is highly scalable for enterprise environments, managing large networks and assets efficiently with minimal issues.

According to my use case, it is highly scalable.

For more quotes and insights, download the JFrog Xray report

DevOps Engineer at Syvora

We have conducted pen tests in environments with hundreds of thousands of IP addresses without any scalability issues.

Andi Heckel

CEO at cybovate

We currently scan approximately 1,500-2,000 assets and haven't encountered any scaling or throughput issues.

reviewer2759754

Information Security Manager at a non-profit with 51-200 employees

Anywhere you can put a VM, you can run another concurrent scan.

Brian W.

Director of IT Security at a manufacturing company with 1,001-5,000 employees

For more quotes and insights, download the The NodeZero Platform by Horizon3.ai report

Stability Issues

Sentiment score

7.6

JFrog Xray is praised for stability and security, compared favorably to competitors, with minor concerns about PostgreSQL support.

Sentiment score

8.0

Users rate the NodeZero Platform highly for stability, with no major disruptions, despite minor, easily resolved issues.

I use JFrog Xray primarily for security purposes, and I find it reliable.

DevOps Engineer at Syvora

We did experience crashes, downtimes, and performance issues with JFrog Xray.

For more quotes and insights, download the JFrog Xray report

DevSecOps Engineer at a tech services company with 501-1,000 employees

We have not encountered any issues on the platform regarding accessibility, performance, or stability.

Andi Heckel

CEO at cybovate

Regarding stability, it has never crashed, and there has not been any lagging from deployment or running.

Brian Burnett

Director of Enterprise Security at a energy/utilities company with 51-200 employees

I would rate the stability of The NodeZero Platform by Horizon3.ai as a ten.

Hussain Z

Senior Manager | Manager Security Services at RISK ASSOCIATES

For more quotes and insights, download the The NodeZero Platform by Horizon3.ai report

Room For Improvement

Users demand better reporting, documentation, UI, site performance, API limits, custom reports, vulnerability management, and integration support.

NodeZero Platform requires improvements in notifications, reporting, risk scoring, detection, customizability, scalability, automation, and affordability.

When we have given a very long tag, it doesn't work as expected and requires excessive scrolling.

DevOps Engineer at Syvora

somehow you need to adapt your GitLab pipeline and turn them into JFrog pipeline, and this is something they don't really advertise at first—you're obliged to use the JFrog CLI.

DevSecOps Engineer at a tech services company with 501-1,000 employees

X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL.

For more quotes and insights, download the JFrog Xray report

Development Senior at a financial services firm with 5,001-10,000 employees

This service reveals which credentials and email addresses are available on the deep web, as well as which domains have been set up using typo-squatting techniques.

reviewer2759754

Information Security Manager at a non-profit with 51-200 employees

The one thing that is very much asked from us as a service provider is DAST testing, so when a company is building a software, they could see their current security status while they are building the application.

Laura Halonen

Offensive Security Analyst at a tech services company with 201-500 employees

One of the areas where improvement is needed is in the visibility and reporting for large enterprises.

Andi Heckel

CEO at cybovate

For more quotes and insights, download the The NodeZero Platform by Horizon3.ai report

Setup Cost

NodeZero Platform offers cost-effective vulnerability scanning, cheaper than manual tests, with flexible licensing and minimal setup costs.

JFrog Xray provides a free trial of 14 days.

DevOps Engineer at Syvora

The basic scanning capabilities come with Artifactory, however, curation requires additional licenses.

For more quotes and insights, download the JFrog Xray report

Development Senior at a financial services firm with 5,001-10,000 employees

The pricing is much more affordable than traditional penetration tests.

Ken Dishon

Manager, Information Technology at a performing arts with 11-50 employees

It's a bit cheaper than manual penetration testing because manual testing typically allows you to scan only a few subnets.

reviewer2761140

Works at a hospitality company with 201-500 employees

Usually, manual penetration test scans take considerable time and money.

NishantKumar

Security Engineer at Herjavec Group

For more quotes and insights, download the The NodeZero Platform by Horizon3.ai report

Valuable Features

JFrog Xray offers deep scanning, seamless integration with Artifactory, robust vulnerabilities management, flexible deployment, and attractive pricing.

NodeZero Platform by Horizon3.ai enhances vulnerability management with quick remediation, automation, and user-friendly interface, reducing retest time.

The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features.

Development Senior at a financial services firm with 5,001-10,000 employees

The policy-driven approach of JFrog Xray helped me maintain security standards by integrating it in the development pipeline.

DevSecOps Engineer at a tech services company with 501-1,000 employees

With other registries such as ECR, we can use the images only in the AWS cloud. With JFrog, we can use this registry from any cloud or work locally as well.

For more quotes and insights, download the JFrog Xray report

DevOps Engineer at Syvora

When a new vulnerability, such as a zero-day exploit, is identified, they review your previous scans to determine if you might be vulnerable to it, and they proactively notify you.

Brian W.

Director of IT Security at a manufacturing company with 1,001-5,000 employees

The detailed reports not only list the vulnerabilities that matter, but they also include direct links to patches.

reviewer2759754

Information Security Manager at a non-profit with 51-200 employees

The NodeZero Platform's real attack capabilities help in identifying vulnerabilities on our on-prem systems because it provides actual vulnerabilities by attacking our systems.

Timothy Rice

Chief Information Security Officer at a construction company with 1,001-5,000 employees

For more quotes and insights, download the The NodeZero Platform by Horizon3.ai report

Categories and Ranking

JFrog Xray

Ranking in Vulnerability Management

39th

Average Rating

7.8

Reviews Sentiment

6.3

Number of Reviews

Ranking in other categories

Container Security (14th), Software Composition Analysis (SCA) (5th), Software Supply Chain Security (2nd)

The NodeZero Platform by Ho...

Ranking in Vulnerability Management

16th

Average Rating

8.6

Reviews Sentiment

5.9

Number of Reviews

Ranking in other categories

Advanced Threat Protection (ATP) (11th), Penetration Testing Services (1st), Breach and Attack Simulation (BAS) (1st), Risk-Based Vulnerability Management (5th)

Mindshare comparison

As of March 2026, in the Vulnerability Management category, the mindshare of JFrog Xray is 1.4%, down from 1.6% compared to the previous year. The mindshare of The NodeZero Platform by Horizon3.ai is 1.5%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Vulnerability Management Mindshare Distribution
Product	Mindshare (%)
The NodeZero Platform by Horizon3.ai	1.5%
JFrog Xray	1.4%
Other	97.1%

Vulnerability Management

Featured Reviews

Offers flexibility across clouds and easy credential management while interface improvements are needed

DevOps Engineer at Syvora

For JFrog Xray, the Artifactory and package repositories are valuable features. There are many benefits from JFrog Xray. For example, with other registries such as ECR, we can use the images only in the AWS cloud. With JFrog, we can use this registry from any cloud or work locally as well. JFrog can support multiple packages, such as NuGet package, pip, and other technologies. It can be used for Terraform as well. The credential management is very easy in JFrog. For instance, when using GitHub action as a CI/CD tool, I just need to create a token and set up JFrog CLI there and give access to the repository. With multiple repositories, I can generate a token for a specific repository, add that token in the GitHub secret, fetch from the CI/CD, run the command JFrog CLI, and authenticate through the token. Then we can push the images into JFrog.

Read full review

Hussain Z

Senior Manager | Manager Security Services at RISK ASSOCIATES

Automated testing has transformed how we deliver fast, consistent security assessments

The key capabilities of the NodeZero platform by Horizon3.ai that I have found most valuable are its speed, scalability, and consistency. It is able to cover a broad scope in a relatively short period of time, which delivers significant efficiency gains when compared with traditional manual testing. It also provides a more consistent outcome, as the process is not influenced by human bias or variability. One of the most valuable features is the ability for security teams to remediate and retest vulnerabilities immediately. The one-click verification capability is particularly effective, as it allows fixes to be validated quickly without the need to rerun the entire assessment. This streamlines the remediation cycle and supports faster confirmation of security improvements. The platform’s real attack capabilities have also helped reduce false positives in the identification of vulnerabilities across our on-premises systems. Because the findings are evidence-based and validated prior to reporting, the results are more reliable and actionable. This enables us to focus our efforts on confirmed security issues that genuinely require attention, rather than spending time investigating theoretical or unverified exposures. The NodeZero platform also strengthens my understanding of potential security threats through its continuously updated capabilities. With new vulnerabilities emerging and being exploited in the wild on a regular basis, it is valuable to have a platform backed by a strong research and development function that continuously updates attack content to reflect the current threat landscape. This makes the platform effective not only as a point-in-time validation tool, but as part of an ongoing and continuous security assurance programme.

Read full review

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

885,311 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

25%

Manufacturing Company

11%

Computer Software Company

Government

Comms Service Provider

10%

Manufacturing Company

Government

Computer Software Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	1
Midsize Enterprise	3
Large Enterprise	6

By reviewers
Company Size	Count
Small Business	11
Midsize Enterprise	2
Large Enterprise	7

Questions from the Community

What do you like most about JFrog Xray?

JFrog Xray shows us a list of vulnerabilities that can impact our code.

What needs improvement with JFrog Xray?

I would assess the integration of JFrog Xray with CI/CD tools as the weak point. You have two means to do that: one is using the API, or the other is using the command line from JFrog. That part is...

What is your primary use case for JFrog Xray?

For JFrog Xray product, you can use it for two main goals: compliance and security. You can use it to check if your licenses are compliant, and you can check if your dependencies you want to use ar...

What needs improvement with Horizon3.ai?

Improvements with The NodeZero Platform by Horizon3.ai are already underway; many people mention infrastructure testing is well-handled, but they seek better web application testing, which is curre...

What is your primary use case for Horizon3.ai?

My main use case for The NodeZero Platform by Horizon3.ai is to demo the platform to our channel partners and any end-user customers that they bring us, and also for my own benefit, as we look at o...

What advice do you have for others considering Horizon3.ai?

The way you find a vulnerability with The NodeZero Platform by Horizon3.ai, you can also fix and then verify if that vulnerability has been solved, which is the selling point itself, emphasizing ex...

Black Duck SCA vs JFrog Xray

Comparisons

Trivy vs JFrog Xray

Compared 10% of the time

Compared 7% of the time

Sonatype Lifecycle vs JFrog Xray

Compared 6% of the time

Snyk vs JFrog Xray

Compared 5% of the time

Wiz vs JFrog Xray

Compared 5% of the time

More JFrog Xray Competitors

Pentera vs The NodeZero Platform by Horizon3.ai

Compared 22% of the time

Cymulate vs The NodeZero Platform by Horizon3.ai

Compared 6% of the time

Tenable Security Center vs The NodeZero Platform by Horizon3.ai

Compared 5% of the time

Tenable Vulnerability Management vs The NodeZero Platform by Horizon3.ai

Compared 5% of the time

RidgeBot vs The NodeZero Platform by Horizon3.ai

Compared 4% of the time

More The NodeZero Platform by Horizon3.ai Competitors

Product Reports

JFrog Xray

Download JFrog Xray product report

The NodeZero Platform by Horizon3.ai

Download The NodeZero Platform by Horizon3.ai product report

The NodeZero Platform by Horizon3.ai report

Also Known As

JFrog Security Essentials

Horizon3.ai

Overview

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

If you are a team player and you care and you play to WIN, we have just the job you're looking for.

As we say at JFrog: "Once You Leap Forward You Won't Go Back!"

JFrog

NodeZero by Horizon3.ai is an offensive security platform that enables users to adopt an attacker’s perspective, reveal vulnerabilities, and verify defense effectiveness with evidence-backed insights.

NodeZero provides autonomous pentesting, showing how attackers exploit misconfigurations, credentials, and exposures into attack paths. It helps focus on real risks rather than hypothetical ones, integrating seamlessly into existing IT and security workflows to streamline processes. The platform drives risk-based vulnerability management and CTEM by validating vulnerabilities and measuring resilience.

What standout features improve your security?

Autonomous Pentesting at Scale: Executes extensive pentests across broad IT landscapes swiftly.
Hybrid Cloud Coverage: Navigates on-premises and cloud domains to find attack paths.
Proof of Exploitation: Offers evidence for every finding.
Fix Validation: Allows quick retesting to ensure vulnerabilities are resolved.
NodeZero Tripwires: Uses deception tokens for real adversary detection.

What benefits should you expect from reviews?

Reduced Vulnerability Noise: Prioritizes exploitable risks with ServiceNow integration.
Automated Workflows: MCP Server automates processes, reducing bottlenecks and enhancing efficiency.
Immediate Fix Validation: Ensures defenses work during attacks.
Real-Time Resilience Measurement: Helps schedule routine assessments without external help.

NodeZero assists in automated penetration testing and vulnerability management in industries like finance and healthcare. It enhances security processes by complementing or replacing existing solutions, enabling efficient testing, feedback, and control validation.

Horizon3.ai

Sample Customers

google, amazon, cisco, netflix, oracle, vmware, facebook

Government agencies, Defense Industrial Base organizations, and enterprises in regulated industries such as finance, healthcare, manufacturing, and criticalinfrastructure rely on NodeZero to meet rigorous security and compliance requirements with continuous, scheduled, and on-demand testing.

JFrog Xray vs. The NodeZero Platform by Horizon3.ai