No more typing reviews! Try our Samantha, our new voice AI agent.

Tenable Cloud Security vs Trivy comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Tenable Cloud Security
Ranking in Container Security
31st
Average Rating
8.4
Reviews Sentiment
6.5
Number of Reviews
12
Ranking in other categories
Identity and Access Management as a Service (IDaaS) (IAMaaS) (16th), Cloud Workload Protection Platforms (CWPP) (20th), Cloud Security Posture Management (CSPM) (24th), Cloud-Native Application Protection Platforms (CNAPP) (18th), Cloud Infrastructure Entitlement Management (CIEM) (3rd)
Trivy
Ranking in Container Security
5th
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
12
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of Tenable Cloud Security is 1.9%, up from 1.4% compared to the previous year. The mindshare of Trivy is 2.7%, down from 5.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Trivy2.7%
Qualys TotalCloud1.5%
Tenable Cloud Security1.9%
Other93.9%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
CD
Information Security Architect at WSP
Has significantly improved proactive monitoring through automated asset discovery and seamless integration with cloud environments
Making the system smarter would be beneficial. Adding modules for integration with AWS and Azure would be helpful. Adding capabilities for the scanner to automatically pick up changes and add assets automatically would be valuable. When discussing a big company, it is mandatory to have tools that will assist us rather than waiting for manual input to add hosts. Adding assets manually is prone to mistakes. Humans might forget to add an asset or make errors when adding multiple assets. Taking the human element out of the context and making it more streamlined is the future for security. The human should be involved where expertise is needed, such as analysis and decision-making. Currently, with resource constraints, we need tools to collect and aggregate data, eliminate false positives as much as possible, and present relevant information to employees for action.
Utsav Sharma - PeerSpot reviewer
Senior Security Consultant at Ernst & Young
Maintain operational efficiency by detecting misconfigurations and vulnerabilities
The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma. It also offers repository scanning in the source code domain, allowing pre-push code scans. The misconfiguration detection works well for CloudFormation, Docker files, and Terraform. Its compliance support, like NIST, ensures that configurations align with standards. Trivy helps me significantly detect misconfigurations missed by the ops engineers or in Terraform by the naked eye. It ensures that my deployments are free of misconfigurations and vulnerabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud's most valuable feature is its ability to link clusters of assets, providing a clear model of deployments, vulnerabilities, and statuses."
"One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us."
"The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans."
"Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities."
"Qualys TotalCloud provides a single, prioritized view of risk, reducing the workload associated with consolidating multiple sources for risk prioritization."
"Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes."
"I would definitely recommend Qualys TotalCloud to other customers."
"By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."
"Ermetic can provide super visibility for our cloud environment (we are using AWS)."
"Tenable Cloud Security has positively impacted my organization with risk reduction and compliance."
"If you have multi-cloud tenancy using AWS and Azure, you can have a single dashboard where you can onboard all the cloud infrastructure and have visibility into it."
"The product's visibility and remediation work fine for me."
"The solution’s vulnerability management feature has helped us identify and mitigate risks well."
"Tenable Cloud Security excels in vulnerability detection, one of its strongest features. Another valuable feature is software composition analysis, which highlights and automates the detection of security flaws. Additionally, their knowledge base is excellent; if anything goes wrong, they provide clear guidance on what needs to be done to address specific vulnerabilities."
"The key benefit lies in having the largest and most up-to-date database. When it comes to using any Tenable product, it excels in finding vulnerabilities and providing analytics."
"Scanning and reporting are the most valuable features of Tenable Cloud Security"
"I can see vulnerabilities in the images of any applications deployed in the Kubernetes environment or as container applications."
"Trivy is very reliable and always has an up-to-date database to scan images and identify vulnerabilities."
"I rate Trivy a nine out of ten."
"The most valuable feature of Trivy is its easy integration with the CI/CD pipeline."
"Trivy is particularly useful for checking if Docker images have critical vulnerabilities before they reach production."
"I definitely recommend Trivy."
"Overall, I would rate Trivy a ten out of ten."
"It is open-source."
 

Cons

"The cost of Qualys TotalCloud is high and could be more competitive."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."
"Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux."
"There is room for improvement in the support."
"Ermetic needs to improve its security scanning. I would like to see more dynamic graphical forms."
"I have faced several bug incidents with the solution"
"I didn't find anything that wasn't useful or needed to be added."
"If Tenable Cloud Security offers a complete Cnapp solution with CWP, CIEM, and Waap security, it will be able to compete with other competitors."
"There is a need for the support team to improve their response time since it is one of the areas where the product's technical team has certain shortcomings."
"The product must provide more features."
"In my experience, Tenable Cloud Security is not very stable."
"Due to its robust nature, the platform's adoption can be overwhelming initially. However, once organizations start using it, they tend to get used to it. I haven't had much direct interaction with the support team, but some partners have reported a desire for better support for the product."
"The reporting could be a little better."
"Trivy can improve by providing an output in PDF format. Additionally, it takes longer to scan container images built with many layers."
"In our CI/CD pipelines, Trivy lacks built-in functionality for report analysis."
"The reporting could be a little better. When integrating Trivy with CI, the interpretation of the reports could be improved."
"The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting."
"Trivy is not scalable; however, I have scanned very large projects with it. It is stable but not scalable according to my experience."
"For malware detection, I need to use two tools: Trivy as my anomaly scanner and ClamAV. I am integrating these two tools into the CI pipeline. If both malware and anomaly detection could be managed by one tool, I would not need to depend on two tools. That would be my suggestion."
"One drawback I have observed with Trivy is the difficulty in building or integrating a UI, particularly for an operator in the NetSuite example."
 

Pricing and Cost Advice

"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud is expensive."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"There is a need to opt for a subscription-based pricing model to use Tenable Cloud Security. I rate the product price an eight on a scale of one to ten, where one is low price and ten is high price."
"The tool's price is good compared to other brands. The tool's subscription is for a year."
"The tool's pricing is fair."
Information not available
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Government
11%
Financial Services Firm
10%
Manufacturing Company
9%
Construction Company
6%
Financial Services Firm
13%
Manufacturing Company
11%
Computer Software Company
10%
Comms Service Provider
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise2
Large Enterprise5
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise9
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What needs improvement with Tenable Cloud Security?
Making the system smarter would be beneficial. Adding modules for integration with AWS and Azure would be helpful. Ad...
What is your primary use case for Tenable Cloud Security?
We had other solutions that we used. One solution was that we did not have something exactly similar to what Element ...
What is your experience regarding pricing and costs for Ermetic CSPM?
I wasn't involved with the pricing, setup cost and licensing for Tenable Cloud Security.
What needs improvement with Trivy?
Trivy's marketing and awareness need improvement. Not everyone knows about it, which isn't ideal given its capabiliti...
What is your primary use case for Trivy?
I use Trivy ( /products/trivy-reviews ) to scan code for vulnerabilities before deployment. Our projects, which are d...
What advice do you have for others considering Trivy?
I recommend Trivy to others due to its powerful and useful features. However, I suggest increasing its marketing to r...
 

Also Known As

Qualys TotalCloud with FlexScan
Ermetic, Ermetic Identity Governance for AWS
No data available
 

Overview

 

Sample Customers

Information Not Available
Tyler Technologies, Bilfinger, BarkBox, MongoDB, airSlate, Adama, Latch, Cloudinary, Riskified, AppsFlyer, IntelyCare, Aidoc, 42Dot, and more.
Information Not Available
Find out what your peers are saying about Tenable Cloud Security vs. Trivy and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.