We performed a comparison between JFrog Xray and Wiz based on real PeerSpot user reviews.
Find out in this report how the two Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It saves time, makes your environment more secure, and improves compliance. PingSafe helps with audits, ensuring that you are following best practices for cloud security. You don't need to be an expert to use it and improve your security."
"Cloud Native Security offers attack path analysis."
"We've seen a reduction in resources devoted to vulnerability monitoring. Before PingSafe we spent a lot of time monitoring and fixing these issues. PingSafe enabled us to divert more resources to the production environment."
"Cloud Native Security is a tool that has good monitoring features."
"The offensive security where they do a fix is valuable. They go to a misconfiguration and provide detailed alerts on what could be there. They also provide a remediation feature where if we give the permission, they can also go and fix the issue."
"PingSafe has a dashboard that can detect the criticality of a particular problem, whether it falls under critical, medium, or low vulnerability."
"The UI is very good."
"It's positively affected the communication between cloud security, application developers, and AppSec teams."
"The solution is stable and reliable."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"Good reporting functionalities."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"The solution is very user-friendly."
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"Out of all the features, the one item that has been most valuable is the fact that Wiz puts into context all the pieces that create an issue, and applies a particular risk evaluation that helps us prioritize when we need to address a misconfiguration, vulnerability, or any issue that would put our environment into risk."
"With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"The security baseline and vulnerability assessments is the valuable feature."
"The first thing that stood out was the ease of installation and the quick value we got out of the solution."
"We recently adopted a new ticket management solution, so we've asked them to include a connector to integrate that tool with Cloud Native Security directly. We'd also like to see Cloud Native Security add a scan for personally identifying information. We're looking at other tools for this capability, but having that functionality built into Cloud Native Security would be nice. Monitoring PII data is critical to us as an organization."
"Bugs need to be disclosed quickly."
"With Cloud Native Security, we can't selectively enable or disable alerts based on our specific use case."
"We've found a lot of false positives."
"here is a bit of a learning curve. However, you only need two to three days to identify options and get accustomed."
"In some cases, the rules are strictly enforced but do not align with real-world use cases."
"I export CSV. I cannot export graphs. Restricting it to the CSV format has its own disadvantages. These are all machine IP addresses and information. I cannot change it to the JSON format. The export functionality can be improved."
"We wanted it to provide us with something like Claroty Hub in AWS for lateral movement. For example, if an EC2 instance or a virtual machine is compromised in a public subnet based on a particular vulnerability, such as Log4j, we want it to not be able to reach some of our databases. This kind of feature is not supported in PingSafe."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"JFrog Xray's documentation and error logging could be improved."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"Lacks deeper reporting, the ability to compare things."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"JFrog Xray does not have a dashboard."
"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."
"The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that."
"The only thing that needs to be improved is the number of scans per day."
"The remediation workflow within the Wiz could be improved."
"The solution's container security could be improved."
"We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."
"One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging."
"We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade... We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
JFrog Xray is ranked 17th in Vulnerability Management with 7 reviews while Wiz is ranked 4th in Vulnerability Management with 11 reviews. JFrog Xray is rated 8.2, while Wiz is rated 9.2. The top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". On the other hand, the top reviewer of Wiz writes "Multiple features help us prioritize remediation, and agentless implementation reduces overhead". JFrog Xray is most compared with Black Duck, Snyk, Mend.io, Veracode and FOSSA, whereas Wiz is most compared with Prisma Cloud by Palo Alto Networks, Orca Security, Microsoft Defender for Cloud, AWS Security Hub and Lacework. See our JFrog Xray vs. Wiz report.
See our list of best Vulnerability Management vendors and best Container Security vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
