Lacework FortiCNAPP vs Trivy comparison

Fortinet and Aqua Security are both solutions in the Container Security category. Fortinet is ranked #23 with an average rating of 8.7, while Aqua Security is ranked #7 with an average rating of 8.6. Fortinet holds a 1.7% mindshare in Container Security, compared to Aqua Security’s 5.8% mindshare. Additionally, 90% of Fortinet users are willing to recommend the solution, compared to 100% of Aqua Security users who would recommend it.

Lacework FortiCNAPP

Read 10 Lacework FortiCNAPP reviews

2,484 Views
111 Comparison Views

90% willing to recommend

Trivy

Read 12 Trivy reviews

3,821 Views
755 Comparison Views

100% willing to recommend

Lacework FortiCNAPP

Trivy

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Mar 16, 2025

Lacework FortiCNAPP and Trivy are products competing in cybersecurity. Trivy seems to have the upper hand with its comprehensiveness and flexibility.

Features: Lacework FortiCNAPP offers robust cloud-native application protection focusing on threat detection and compliance, with capabilities like security posture management, anomaly detection, and continuous monitoring. Trivy is renowned for its open-source vulnerability scanner, excels in ease of integration with CI/CD pipelines, and provides comprehensive scanning of containers and Kubernetes.

Room for Improvement: Lacework FortiCNAPP could enhance user interface simplicity, reduce alert noise, and provide more flexible pricing tiers. Trivy might expand customer support options, improve documentation for non-experts, and enhance scan performance for larger environments.

Ease of Deployment and Customer Service: Lacework FortiCNAPP ensures streamlined deployment with strong support and sophisticated onboarding. Trivy boasts straightforward deployment, though it lacks structured customer service, relying mainly on community support due to its open-source nature.

Pricing and ROI: Lacework FortiCNAPP presents a higher upfront cost justified by its features and potential ROI in complex settings. Trivy, being open-source, offers minimal initial expenses, providing significant value for container security-focused organizations.

To learn more, read our detailed Lacework FortiCNAPP vs. Trivy Report (Updated: June 2025).

Buyer's Guide

Lacework FortiCNAPP vs. Trivy

June 2025

Download the complete report

Helped 857,028 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Lacework FortiCNAPP

Ranking in Container Security

23rd

Average Rating

8.6

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Vulnerability Management (25th), Cloud Workload Protection Platforms (CWPP) (14th), Cloud Security Posture Management (CSPM) (20th), Cloud-Native Application Protection Platforms (CNAPP) (15th), Compliance Management (8th)

Trivy

Ranking in Container Security

7th

Average Rating

8.6

Reviews Sentiment

7.5

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of June 2025, in the Container Security category, the mindshare of Lacework FortiCNAPP is 1.7%, down from 3.0% compared to the previous year. The mindshare of Trivy is 5.8%, up from 1.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Container Security

Featured Reviews

Carlos Vitrano

Cloud security director at Medallia

Provides quick visibility and significantly reduces alerts

Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them. We have integrations, for instance, with Splunk. The data that we are receiving in Splunk is huge, and it is valid because Lacework has a bunch of data that they can provide to you. However, to be able to import the data and create alerts, we needed to do some work, so integration is one of the things that they can improve. For container security, how they scan images and how they provide results is something that they need to continue improving in terms of visibility. We already have visibility to several artifacts, but they can take that to the next level and see what else they can do. There can be better integrations with CI/CD pipelines. There can be improvements in terms of how we can take action or how we can report from the number of inventories they are providing to us.

Read full review

Utsav Sharma

Senior Security Consultant at Ernst & Young

Maintain operational efficiency by detecting misconfigurations and vulnerabilities

The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma. It also offers repository scanning in the source code domain, allowing pre-push code scans. The misconfiguration detection works well for CloudFormation, Docker files, and Terraform. Its compliance support, like NIST, ensures that configurations align with standards. Trivy helps me significantly detect misconfigurations missed by the ops engineers or in Terraform by the naked eye. It ensures that my deployments are free of misconfigurations and vulnerabilities.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The best feature, in my opinion, is the ease of use."

"The compliance reports are definitely most valuable because they save time and are accurate. So, instead of relying on a human going through and checking or providing me with a report, I could just log into Lacework and see for myself."

"The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine."

"I find the cloud configuration compliance scanning mature. It generates a lot of data and supports major frameworks like ISO 27001 or SOC 2, providing reports and datasets. Another feature I appreciate is setting custom alerts for specific events. Additionally, I value the agent-based monitoring and scanning for compute nodes. It gives us deeper insights into our workloads and helps identify vulnerabilities across our deployed assets."

"The most valuable aspects are identifying vulnerabilities—things that are out there that we aren't aware of—as well as finding what path of access attackers could use, and being able to see open SSL or S3 buckets and the like."

"For the most part, out-of-the-box, it tells you right away about the things you need to work on. I like the fact that it prioritizes alerts based on severity, so that you can focus your efforts on anything that would be critical/high first, moderate second, and work your way down, trying to continue to improve your security posture."

"Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action."

"There are many valuable features that I use in my daily work. The first are alerts and the event dossier that it generates, based on the severity. That is very insightful and helps me to have a security cap in our infrastructure. The second thing I like is the agent-based vulnerability management, which is the most accurate information."

More Lacework FortiCNAPP pros

"Trivy's open source nature and wide functionality are incredibly valuable."

"The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma."

"Trivy's ability to scan files, images, GitHub repositories, Infrastructure as Code like Terraform, and Kubernetes is valuable."

"I definitely recommend Trivy."

"The most valuable feature of Trivy is its easy integration with the CI/CD pipeline."

"I rate Trivy a nine out of ten."

"I appreciate Trivy for being open-source and not requiring any payment."

More Trivy pros

Cons

"Visibility is lacking, and both compliance-related metrics and IAM security control could be improved."

"The biggest thing I would like to see improved is for them to pursue and obtain a FedRAMP moderate authorization... I don't believe they have any immediate plans to get FedRAMP moderate authorized, which is a bit of a challenge for us because we can only use Lacework in our commercial environment."

"I would like to see a remote access assistance feature. And the threat-hunting platform could be better."

"There are a couple of the difficulties we encounter in the realm of cybersecurity, or security as a whole, that relate to potentially limited clarity. Having the capacity to perceive the configuration aspect and having the ability to contribute to it holds substantial advantages, in my view. It ranks high, primarily due to its role in guaranteeing compliance and the potential to uncover vulnerabilities, which could infiltrate the system and introduce potential risks. I had been exploring a specific feature that captured my interest. However, just yesterday, I participated in a product update session that announced the imminent arrival of this feature. The feature involves real-time alerting. This was something I had been anticipating, and it seems that this capability is now being integrated, possibly as part of threat intelligence. While anomaly events consistently and promptly appear in the console, certain alerts tend to experience delays before being displayed. Yet, with the recent product update, this issue is expected to be resolved. Currently, a comprehensive view of all policies is available within the console. However, I want a more tailored display of my compliance posture, focusing specifically on policies relevant to me. For instance, if I'm not subject to HIPAA regulations, I'd prefer not to see the HIPAA compliance details. It's worth noting that even with this request, there exists a filtering mechanism to control the type of compliance information visible. This flexibility provides a workaround to my preference, which is why it's challenging for me to definitively state my exact request."

"A feature that I have requested from them is the ability to sort alerts and policies based on a security framework. Right now, when you go into alerts, you have hundreds and hundreds of them that you have to manually pick. It would be useful to have categories for CIS Benchmark or SOC 2 and be able to display all the alerts and policies for one security framework."

"The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement."

"The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems."

"Lacework has not reduced the number of alerts we get. We've actually had to add resources as a result of using it because the application requires a lot of people to understand it to get the value out of it properly."

More Lacework FortiCNAPP cons

"Trivy is not scalable; however, I have scanned very large projects with it. It is stable but not scalable according to my experience."

"Having little experience can hinder the ability to connect it to a user-friendly UI effectively."

"Trivy can improve by providing an output in PDF format."

"The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting."

"One drawback I have observed with Trivy is the difficulty in building or integrating a UI, particularly for an operator in the NetSuite example."

"A dynamic scanning capability during runtime would be a significant advantage."

"The reporting could be a little better. When integrating Trivy with CI, the interpretation of the reports could be improved."

"Trivy can improve by providing an output in PDF format. Additionally, it takes longer to scan container images built with many layers."

More Trivy cons

Pricing and Cost Advice

"My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz."

"The licensing fee was approximately $80,000 USD, per year."

"The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was... That was a problem until about a year or so ago. They have improved it and it has stabilized quite a bit."

"It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive."

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Container Security solutions are best for your needs.

See recommendations

857,028 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

19%

Financial Services Firm

12%

Manufacturing Company

University

Computer Software Company

15%

Financial Services Firm

14%

Manufacturing Company

11%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Lacework?

Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invalua...

See all answers

What is your experience regarding pricing and costs for Lacework?

My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.

See all answers

What needs improvement with Lacework?

The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modul...

See all answers

What needs improvement with Trivy?

Trivy's marketing and awareness need improvement. Not everyone knows about it, which isn't ideal given its capabilities. There's potential to integrate AI and machine learning for enhanced function...

See all answers

What is your primary use case for Trivy?

I use Trivy ( /products/trivy-reviews ) to scan code for vulnerabilities before deployment. Our projects, which are developed by different developers, involve various dependencies and third-party c...

See all answers

What advice do you have for others considering Trivy?

I recommend Trivy to others due to its powerful and useful features. However, I suggest increasing its marketing to raise awareness. I rate Trivy an eight out of ten.

See all answers

Comparisons

Wiz vs Lacework FortiCNAPP

Compared 21% of the time

Prisma Cloud by Palo Alto Networks vs Lacework FortiCNAPP

Compared 17% of the time

AWS GuardDuty vs Lacework FortiCNAPP

Compared 6% of the time

Tenable Cloud Security vs Lacework FortiCNAPP

Compared 5% of the time

Microsoft Defender for Cloud vs Lacework FortiCNAPP

Compared 4% of the time

More Lacework FortiCNAPP Competitors

Snyk vs Trivy

Compared 23% of the time

JFrog Xray vs Trivy

Compared 18% of the time

Wiz vs Trivy

Compared 8% of the time

Kubescape vs Trivy

Compared 7% of the time

Prisma Cloud by Palo Alto Networks vs Trivy

Compared 6% of the time

More Trivy Competitors

Product Reports

Buyer's Guide

Lacework FortiCNAPP

June 2025

Download Lacework FortiCNAPP product report

Buyer's Guide

Trivy

May 2025

Download Trivy product report

Also Known As

Polygraph, FortiCNP

No data available

Overview

Lacework FortiCNAPP provides robust cloud security, combining vulnerability management and multi-cloud insight with user-friendly controls, machine learning detection, and compliance support.

Lacework FortiCNAPP specializes in cloud security by merging machine learning anomaly detection with agent-based vulnerability management to offer detailed alerts and compliance reports. Its comprehensive approach allows continuous monitoring across AWS and Kubernetes, providing insights from an attacker's perspective. The platform offers automation and seamless Slack integration, facilitating collaborative and efficient cloud security management. Users value its ability to handle multi-cloud environments and scan IAC scripts, configurations, and compute nodes across AWS and GCP.

What are the key features?

Machine Learning Detection: Identifies anomalies effectively.
Compliance Reports: Provides precise compliance documentation.
Vulnerability Management: Supports agent-based vulnerability assessments.
Multi-Cloud Support: Manages and secures across multiple cloud providers.
Automation and Collaboration: Enables integration with Slack for streamlined communication.
Custom Alerts: Allows creation of personalized alerts for better focus.

What benefits do users expect?

Reduced Alert Noise: Minimizes distractions with filtered alerts.
Efficient Cloud Security: Automates processes for enhanced security management.
Collaboration Support: Integrates with tools like Slack.
Insightful Perspective: Provides insight from an attacker's viewpoint.

Organizations across sectors leverage Lacework FortiCNAPP for cloud security, focusing on compliance, security posture, and vulnerability management. It is widely used for monitoring AWS and Kubernetes environments, scanning IAC scripts, configurations, and securing compute nodes. It supports multi-cloud security posture management and log ingestion, enabling companies to maintain strong cloud infrastructures without dedicated security layers.

Fortinet

Trivy is a versatile tool for scanning container images and identifying vulnerabilities, favored for its integration with CI/CD pipelines and ease of use. It supports scanning both operating system packages and application dependencies.

Trivy is an efficient tool designed to automate security checks and ensure compliance. Its quick setup, detailed analysis capabilities, and support for multiple programming languages and environments make it a reliable choice for users. Trivy provides comprehensive scanning and integration with CI/CD pipelines, resulting in accurate vulnerability detection and a smoother workflow for developers.

What are the most important features?

Efficient vulnerability detection: Quickly identifies vulnerabilities in container images.
Comprehensive scanning: Supports scanning of both OS packages and application dependencies.
CI/CD pipeline integration: Seamlessly integrates with CI/CD tools for automated security checks.
Broad language support: Handles multiple programming languages and environments.
Ease of use: Simple setup and user-friendly interface.

What benefits or ROI should users look for?

Improved security: Regular and thorough vulnerability scanning enhances security posture.
Compliance maintenance: Helps in maintaining compliance with security policies and regulations.
Cost efficiency: Automation reduces the time and cost associated with manual security checks.
Integration flexibility: Efficiently integrates with existing CI/CD pipelines to streamline workflows.
Detailed reporting: Provides comprehensive reports for better decision-making.

Trivy is widely used in industries with a focus on maintaining high security standards such as finance, healthcare, and technology sectors. Its ability to detect vulnerabilities quickly and integrate with CI/CD pipelines makes it an essential tool for ensuring secure and compliant software development practices in these industries. Continuous improvements in speed, documentation, and integration could further enhance its value.

Aqua Security

Sample Customers

J.Crew, AdRoll, Snowflake, VMWare, Iterable, Pure Storage, TrueCar, NerdWallet, and more.

Information Not Available

Buyer's Guide

Lacework FortiCNAPP vs. Trivy

June 2025

Free Report: Lacework FortiCNAPP vs. Trivy

Find out what your peers are saying about Lacework FortiCNAPP vs. Trivy and other solutions. Updated: June 2025.

DOWNLOAD NOW

857,028 professionals have used our research since 2012.

See our Lacework FortiCNAPP vs. Trivy report.

See our list of best Container Security vendors.

We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.