We performed a comparison between JFrog Xray and Orca Security based on real PeerSpot user reviews.
Find out in this report how the two Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like CSPM the most. It captures a lot of alerts within a short period of time. When an alert gets triggered on the cloud, it throws an alert within half an hour, which is very reasonable. It is a plus point for us."
"When creating cloud infrastructure, Cloud Native Security evaluates the cloud security parameters and how they will impact the organization's risk. It lets us know whether our security parameter conforms to international industry standards. It alerts us about anything that increases our risk, so we can address those vulnerabilities and prevent attacks."
"We noted immediate benefits from using the solution."
"PingSafe's integration is smooth. They are highly customer-oriented, and the integration went well for us."
"Cloud Native Security's most valuable features include cloud misconfiguration detection and remediation, compliance monitoring, a robust authentication security engine, and cloud threat detection and response capabilities."
"It's helped free up staff time so that they can work on other projects."
"The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best features."
"The mean time to detect has been reduced."
"Good reporting functionalities."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"The solution is stable and reliable."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"Another valuable feature with Orca, something that's not talked about enough, is its ability to rank your gaps and your tasks... You can get visibility with agents and there are a lot of ways to do that. But the ranking and the context across the entire environment, that is what is unique about Orca."
"Orca's SideScanning is the biggest feature. It's the 'wow' factor... With Orca's SideScanning, they just need permissions for your account and that makes it so simple."
"Orca Security has patented technologies. It's an agentless solution, so you don't need to install an agent. Instead, it contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure."
"Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool."
"The reporting and automated remediation capabilities are valuable to me. They're real game-changers."
"Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. And most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation."
"Orca provides X-ray vision into everything within the cloud properties, whereas normally, this would require multiple tools."
"Orca's platform provides an agentless data collection facility that collects information directly from the cloud using APIs, with zero impact on performance."
"In some cases, the rules are strictly enforced but do not align with real-world use cases."
"There's room for improvement in the graphic explorer."
"PingSafe can be improved by developing a comprehensive set of features that allow for automated workflows."
"There is room for improvement in the current active licensing model for PingSafe."
"The main area for improvement I want to see is for the platform to become less resource-intensive. Right now, it can slow down processes on the machine, and it would be a massive improvement if it were more lightweight than it currently is."
"here is a bit of a learning curve. However, you only need two to three days to identify options and get accustomed."
"Scanning capabilities should be added for the dark web."
"They need more experienced support personnel."
"Lacks deeper reporting, the ability to compare things."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"JFrog Xray does not have a dashboard."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"JFrog Xray's documentation and error logging could be improved."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"It's not all clouds that they are currently onboarded with. For instance, they are not yet with public cloud and many other private clouds."
"In the future, I'd like to see Orca work better with third-party vendors. Specifically, being able to provide sanitized results from third parties."
"The solution could improve by making the dashboards more elaborative and more descriptive."
"I think Orca could give me more alerts. It could give me a dashboard with all the specific types of alerts I want to see for the day. It should just be one click."
"As with all software, the user interface can always be made simpler to use. It would be helpful for people with very little knowledge, like somebody sitting behind the SOC, to allow them to be able to drill down into things a little bit easier than it is currently."
"The presentation of the data in the dashboard is a little bit chaotic."
"The interface can be a bit cranky and sometimes takes a lot of time to load."
"I would like to see better customization options for security frameworks and better integration with reporting tools like Power BI or Grafana dashboards."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
JFrog Xray is ranked 17th in Vulnerability Management with 7 reviews while Orca Security is ranked 8th in Vulnerability Management with 15 reviews. JFrog Xray is rated 8.2, while Orca Security is rated 9.4. The top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". On the other hand, the top reviewer of Orca Security writes "Allows agentless data collection directly from the cloud". JFrog Xray is most compared with Black Duck, Snyk, Mend.io, Veracode and Trivy, whereas Orca Security is most compared with Wiz, Prisma Cloud by Palo Alto Networks, Microsoft Defender for Cloud, CrowdStrike Falcon Cloud Security and XM Cyber. See our JFrog Xray vs. Orca Security report.
See our list of best Vulnerability Management vendors and best Container Security vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.