We performed a comparison between JFrog Xray and Tenable.io Container Security based on real PeerSpot user reviews.
Find out in this report how the two Container Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's positively affected the communication between cloud security, application developers, and AppSec teams."
"The UI is very good."
"The offensive security where they do a fix is valuable. They go to a misconfiguration and provide detailed alerts on what could be there. They also provide a remediation feature where if we give the permission, they can also go and fix the issue."
"Atlas security graph is pretty cool. It maps out relationships between components on AWS, like load balancers and servers. This helps visualize potential attack paths and even suggests attack paths a malicious actor might take."
"PingSafe offers three key features: vulnerability management notifications, cloud configuration assistance, and security scanning."
"The solution's most valuable features are its ability to detect vulnerabilities inside AWS resources and its ability to rescan after a specific duration set by the administrator."
"The ease of use of the platform is very nice."
"We use the infrastructure as code scanning, which is good."
"The solution is stable and reliable."
"Good reporting functionalities."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"Nessus scanner is very effective for internal penetration testing."
"Currently, I haven't implemented the solution due to its deprecation by the site. However, I can highlight some benefits of Tenable Cloud Security, a cybersecurity solution with various features for scanning vulnerabilities in both cloud environments and on-premises container security."
"It helps us secure our applications from the build phase and identify the weaknesses from scratch."
"It is a scalable solution. Scalability-wise, it is a good solution."
"The tool's most valuable feature is scanning, reporting, and troubleshooting."
"The strong security provided by the product in the container environment is its most valuable feature."
"Tenable.io detects misconfiguration when you deploy a Docker or Kubernetes container. It's much better to remedy these issues during deployment instead of waiting until the container is already in the production environment."
"When we get a new finding from PingSafe, I wish we could get an alert in the console, so we can work on it before we see it in the report. It would be very useful for the team that is actively working on the PingSafe platform, so we can close the issue the same day before it appears in the daily report."
"One of our use cases was setting up a firewall for our endpoints, specifically for our remote users... We were hoping to utilize SentinelOne's firewall capabilities, but there were limitations on how many URLs we could implement. Because of those limitations on the number of URLs, we weren't able to utilize that feature in the way we had hoped to."
"I export CSV. I cannot export graphs. Restricting it to the CSV format has its own disadvantages. These are all machine IP addresses and information. I cannot change it to the JSON format. The export functionality can be improved."
"We wanted it to provide us with something like Claroty Hub in AWS for lateral movement. For example, if an EC2 instance or a virtual machine is compromised in a public subnet based on a particular vulnerability, such as Log4j, we want it to not be able to reach some of our databases. This kind of feature is not supported in PingSafe."
"For vulnerabilities, they are showing CVE ID. The naming convention should be better so that it indicates the container where a vulnerability is present. Currently, they are only showing CVE ID, but the same CVE ID might be present in multiple containers. We would like to have the container name so that we can easily fix the issue."
"We recently adopted a new ticket management solution, so we've asked them to include a connector to integrate that tool with Cloud Native Security directly. We'd also like to see Cloud Native Security add a scan for personally identifying information. We're looking at other tools for this capability, but having that functionality built into Cloud Native Security would be nice. Monitoring PII data is critical to us as an organization."
"It would be really helpful if the solution improves its agent deployment process."
"When you find a vulnerability and resolve it, the same issue will not occur again. I want PingSafe to block the same vulnerability from appearing again. I want something like a playbook where the steps that we take to resolve an issue are repeated when that issue happens again."
"JFrog Xray's documentation and error logging could be improved."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"Lacks deeper reporting, the ability to compare things."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"JFrog Xray does not have a dashboard."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"The support is tricky to reach, so we would like better-oriented technical support enabled."
"They need to work on auto-remediation so it's easier for the security team to act quickly when certain assets or resources are deployed. The latest version has a CIS benchmark that you need to meet for containers in the cloud, but more automation is needed."
"The stability and setup phase of the product are areas with shortcomings where improvements are needed."
"I believe integration plays a crucial role for Tenable, particularly in terms of connecting with other products and various container solutions like Docker or Kubernetes. It seems that in future updates, enhanced integration is something I would appreciate. Currently, there is integration with Docker, but when it comes to Kubernetes or other container solutions, it appears to be a challenge, especially with on-prem scanners."
"The initial setup is highly complex."
"Tenable.io Container Security should improve integration modules. It should also improve stability."
"I feel that in certain areas this product has false positives which the company should work on. They should also try to include business logic vulnerabilities in the scanner testing. Finally, the vulnerability assessment feature should be increased to other hardware devices, apart from firewalls."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
More Tenable.io Container Security Pricing and Cost Advice →
JFrog Xray is ranked 18th in Container Security with 7 reviews while Tenable.io Container Security is ranked 21st in Container Security with 7 reviews. JFrog Xray is rated 8.2, while Tenable.io Container Security is rated 7.8. The top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". On the other hand, the top reviewer of Tenable.io Container Security writes "It helps you catch misconfigurations before they go into a production environment where they're harder to deal with". JFrog Xray is most compared with Black Duck, Snyk, Mend.io, Veracode and Trivy, whereas Tenable.io Container Security is most compared with Prisma Cloud by Palo Alto Networks, Aqua Cloud Security Platform, Wiz, Trivy and Qualys VMDR. See our JFrog Xray vs. Tenable.io Container Security report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.