No more typing reviews! Try our Samantha, our new voice AI agent.

NGINX App Protect vs Trivy comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
NGINX App Protect
Ranking in Container Security
28th
Average Rating
8.2
Reviews Sentiment
6.4
Number of Reviews
27
Ranking in other categories
Web Application Firewall (WAF) (19th), API Security (8th)
Trivy
Ranking in Container Security
5th
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
12
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of NGINX App Protect is 0.6%, up from 0.2% compared to the previous year. The mindshare of Trivy is 2.7%, down from 5.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Trivy2.7%
Qualys TotalCloud1.5%
NGINX App Protect0.6%
Other95.2%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Valerio Guaglianone - PeerSpot reviewer
Dev Ops Engineer at adesso AG
Long-term web protection has supported reliable traffic management but needs a simpler interface
NGINX App Protect is a good product. I have used both versions from F5 -also the free version- (I mean the NGINX/NGINX One/App Protect free trial period), and I think it is a good product. It's stable, affordable, and easy to manage. NGINX App Protect is a comprehensive security solution that combines advanced WAF, DoS protection, API security, and DevSecOps automation in a lightweight, scalable package ideal for modern cloud-native architectures. The adaptive machine learning capabilities are truly commendable, as the solution can establish traffic baselines and detect anomalies in real time. It automatically adjusts security policies, minimizing the need for manual intervention and reducing false positives. Additionally, it supports scalable deployment across diverse environments, including on-premises, cloud, Kubernetes, and containers, offering both flexibility and scalability I have experience with the web server, F5 load balancer, and similar products provided by Ergon, for eg. the web application firewall and the Microgateway for K8S. I'm also familiar with F5 BIG-IP products.
Utsav Sharma - PeerSpot reviewer
Senior Security Consultant at Ernst & Young
Maintain operational efficiency by detecting misconfigurations and vulnerabilities
The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma. It also offers repository scanning in the source code domain, allowing pre-push code scans. The misconfiguration detection works well for CloudFormation, Docker files, and Terraform. Its compliance support, like NIST, ensures that configurations align with standards. Trivy helps me significantly detect misconfigurations missed by the ops engineers or in Terraform by the naked eye. It ensures that my deployments are free of misconfigurations and vulnerabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The dashboards are particularly valuable as they offer a comprehensive view of the environment, highlighting any misconfigurations."
"The best features in Qualys TotalCloud include the total asset management of the cloud environment. It is very easy to export the report and see the vulnerabilities related to the cloud specifically."
"One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us."
"The best feature would be the ability to create policies. It is easy to control and update policies as required."
"Qualys TotalCloud has improved our security posture."
"TotalCloud's best feature is the integration of cloud accounts. It helps with the risk and security posture management of our cloud infrastructure."
"The scalability is good as well. I would rate it ten out of ten."
"The most valuable feature of Qualys TotalCloud is the visibility it provides."
"We have seen a return on investment using NGINX App Protect."
"It's very easy to deploy."
"NGINX App Protect is stable."
"The policies are flexible based on the technologies you use."
"NGINX App Protect's best features are auto-learning, which creates a profile of applications that are deployed, bot protection, and force protection, which lets you configure your brute force policy and alert for and prevent brute force attacks."
"It is a stable solution."
"This solution is very much stable."
"The most valuable feature is that there is a link in the system that will help to analyze the security of an application when something abnormal is found."
"Trivy is most valuable for its ability to scan all repository files and dependencies."
"Trivy is easy to integrate with CI/CD and can be installed on desktops to scan images."
"One of the great features of Trivy is that it helps me scan items such as AWS credentials and GCP service accounts."
"The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma."
"I definitely recommend Trivy."
"What I find valuable is the ease of setup with Trivy, including pre-defined operators that require minimal configuration."
"Trivy is particularly useful for checking if Docker images have critical vulnerabilities before they reach production."
"I rate Trivy a nine out of ten."
 

Cons

"The downside is only in container security, but it has not been a long time since they introduced these models."
"It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It w"
"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."
"There is a lack of data segregation according to criticality or inventory."
"The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."
"I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools."
"The cost of Qualys TotalCloud is high and could be more competitive."
"The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources."
"The solution needs to be improved in the e-commerce portal."
"The GUI and web GUI configuration could be improved to be easier to manage and use."
"The configuration needs to be more flexible because it is difficult to do things that are outside of the ordinary."
"The integration of NGINX App Protect could improve."
"Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment."
"The solution does well when there's low throughput but when we go for any high throughput, it's always a challenge."
"I think NGINX App Protect could be improved by having it come out of the box with NGINX."
"Right now, the tool doesn't provide an option revolving around update feeds, specifically the signature update option in the UI."
"Trivy's marketing and awareness need improvement."
"Currently, the container image scanning is static. A dynamic scanning capability during runtime would be a significant advantage."
"The main area for improvement is in differentiating between OS and application-based vulnerabilities."
"Having little experience can hinder the ability to connect it to a user-friendly UI effectively."
"Trivy generates many false positives, flagging non-existent vulnerabilities. Improvements could include better contextual analysis or granular filtering."
"Trivy can improve by providing an output in PDF format. Additionally, it takes longer to scan container images built with many layers."
"The reporting could be a little better."
"The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting."
 

Pricing and Cost Advice

"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"TotalCloud's price is about right where I would expect it to be."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"The cost is high, but it meets our organizational needs."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"The price of NGINX App Protect is not much different from the products that fall under the leader category of Gartner Magic Quadrant."
"NGINX is not expensive."
"The solution's price is reasonable."
"There are not any additional costs we had to pay to use NGINX App Protect."
"There are no additional fees."
"Really understand the licensing model, because we underestimated that."
"The price of NGINX App Protect is approximately $3,000 annually. All of our licenses are observed by a managed service partner."
"NGINX App Protect is expensive."
Information not available
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
13%
Comms Service Provider
13%
Computer Software Company
8%
Construction Company
8%
Financial Services Firm
13%
Manufacturing Company
11%
Computer Software Company
10%
Comms Service Provider
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise7
Large Enterprise13
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise9
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for NGINX App Protect?
I will not be able to answer about my experience with pricing, setup cost, and licensing for NGINX App Protect, as so...
What needs improvement with NGINX App Protect?
I did not face any issues with NGINX App Protect. The only issue that we had is that someone was trying to install th...
What is your primary use case for NGINX App Protect?
I have been dealing with NGINX App Protect and the WAF policy. I usually recommend NGINX App Protect for banking and ...
What needs improvement with Trivy?
Trivy's marketing and awareness need improvement. Not everyone knows about it, which isn't ideal given its capabiliti...
What is your primary use case for Trivy?
I use Trivy ( /products/trivy-reviews ) to scan code for vulnerabilities before deployment. Our projects, which are d...
What advice do you have for others considering Trivy?
I recommend Trivy to others due to its powerful and useful features. However, I suggest increasing its marketing to r...
 

Also Known As

Qualys TotalCloud with FlexScan
NGINX WAF, NGINX Web Application Firewall
No data available
 

Overview

Find out what your peers are saying about NGINX App Protect vs. Trivy and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.