We performed a comparison between JFrog Xray and Prisma Cloud by Palo Alto Networks based on real PeerSpot user reviews.
Find out in this report how the two Container Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The mean time to detect has been reduced."
"The most valuable feature of PingSafe is its integration with most of our technology stack, specifically all of our cloud platforms and ticketing software."
"All the features we use are equal and get the job done."
"It is pretty easy to integrate with this platform. When properly integrated, it monitors end-to-end."
"We like the platform and its response time. We also like that its console is user-friendly as well as modern and sleek."
"PingSafe's graph explorer is a valuable tool that lets us visualize all connected services."
"The most valuable features of PingSafe are the asset inventory and issue indexing."
"PingSafe offers security solutions for both Kubernetes and CI/CD pipelines."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"The solution is stable and reliable."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"Good reporting functionalities."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"What I found most valuable in Prisma Cloud by Palo Alto Networks is the VAS, such as the web application and API security. I feel that VAS adds a lot of value, mainly because it gives visibility through the application layer and threat detection features."
"It is a good solution. Each team should utilize it. Every good organization is now moving towards or trying to be provider agnostic, so if you are using multiple providers, you should at least give Prisma Cloud a try."
"Technical support is quite helpful."
"The client wasn't using all of the features, but the one that stood out was infrastructure-as-code (IaC). I built IaC use cases and was trying to get them to use it. I also liked cloud workload protection. I worked with the vulnerability management team to develop a process. It's a manual process, so it can be challenging to remediate many image or container issues. It was nice that we could build out a reporting process and download the reports. The reports are solid."
"The solution gives us a lot of visibility across all of our cloud solutions."
"What I like most about Prisma Cloud is its zero-day signatures, maximum security, minimal downtime, cloud visibility, control, and ease of deployment."
"The dynamic workload identity creation, attestation, and assignment is the best feature. In addition, the application dependency map across heterogeneous environments for compliance is a striking feature."
"Prisma scans things and shows all the vulnerabilities and packages that are vulnerable, and which layers, by default, have vulnerabilities. So developers can easily go into the package or a particular layer and make changes to their code. It's very transparent."
"We recently adopted a new ticket management solution, so we've asked them to include a connector to integrate that tool with Cloud Native Security directly. We'd also like to see Cloud Native Security add a scan for personally identifying information. We're looking at other tools for this capability, but having that functionality built into Cloud Native Security would be nice. Monitoring PII data is critical to us as an organization."
"We can customize security policies but lack auditing capabilities."
"Currently, we would have to export our vulnerability report to an .xlsx file, and review it in an Excel spreadsheet, and then we sort of compile a list from there. It would be cool if there was a way to actually toggle multiple applications for review and then see those file paths on multiple users rather than only one user at a time or only one application at a time."
"There is no break-glass account feature. They should implement this as soon as possible because we can't implement SSO without a break-glass feature."
"In addition to our telecom and Slack channels, it would be helpful to receive Cloud Native Security security notifications in Microsoft Teams."
"Scanning capabilities should be added for the dark web."
"We don't get any notifications from PingSafe when the clusters are down."
"I export CSV. I cannot export graphs. Restricting it to the CSV format has its own disadvantages. These are all machine IP addresses and information. I cannot change it to the JSON format. The export functionality can be improved."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"JFrog Xray does not have a dashboard."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"JFrog Xray's documentation and error logging could be improved."
"Lacks deeper reporting, the ability to compare things."
"In terms of securing cloud-native development at build time, a lot of improvement is needed. Currently, it's more a runtime solution than a build-time solution. For runtime, I would rate it at seven out of 10, but for build-time there is a lot of work to be done."
"The Palo Alto support needs to improve."
"When it comes to compliance, the issue is that when we are exporting the reports, there is only a single compliance option. If I need to report on multiple compliance requirements, that feature isn't available. For example, I made a single report for ISO 27000 but I can't correlate it with GDPR."
"While Prisma provides a lot of visibility, it also creates a ton of work. Most customers that implement Prisma Cloud have thousands of alerts that are urgent."
"The IM security has room for improvement."
"When it comes to protecting the full cloud-native stack, it has the right breadth. They're covering all the topics I would care about, like container, cloud configuration, and serverless. There's one gap. There could be a better set of features around identity management—native AWS—IAM roles, and service account management. The depth in each of those areas varies a little bit. While they may have the breadth, I think there's still work to do in flushing out each of those feature sets."
"The integration of the Compute function into the cloud monitoring function—because those are two different tools that are being combined together—could use some more work. It still feels a little bit disjointed."
"Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
JFrog Xray is ranked 19th in Container Security with 7 reviews while Prisma Cloud by Palo Alto Networks is ranked 1st in Container Security with 82 reviews. JFrog Xray is rated 8.2, while Prisma Cloud by Palo Alto Networks is rated 8.4. The top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". On the other hand, the top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". JFrog Xray is most compared with Black Duck, Snyk, Mend.io, Trivy and Sonatype Repository Firewall, whereas Prisma Cloud by Palo Alto Networks is most compared with Wiz, Microsoft Defender for Cloud, Aqua Cloud Security Platform, AWS Security Hub and CrowdStrike Falcon Cloud Security. See our JFrog Xray vs. Prisma Cloud by Palo Alto Networks report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
