No more typing reviews! Try our Samantha, our new voice AI agent.

Aikido Security vs Trivy comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (8th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Aikido Security
Ranking in Container Security
30th
Average Rating
8.6
Reviews Sentiment
7.7
Number of Reviews
6
Ranking in other categories
Application Security Tools (20th), Static Application Security Testing (SAST) (15th), Web Application Firewall (WAF) (27th), Software Composition Analysis (SCA) (12th), Static Code Analysis (9th), Cloud Security Posture Management (CSPM) (23rd), Dynamic Application Security Testing (DAST) (9th), DevSecOps (9th), Application Security Posture Management (ASPM) (11th)
Trivy
Ranking in Container Security
5th
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
12
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of June 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.4%, up from 0.9% compared to the previous year. The mindshare of Aikido Security is 1.2%, up from 0.2% compared to the previous year. The mindshare of Trivy is 2.9%, down from 5.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Trivy2.9%
Qualys TotalCloud1.4%
Aikido Security1.2%
Other94.5%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
B Goswami - PeerSpot reviewer
Product Manager at Zidio development
Security has shifted left and now catches vulnerabilities early in our development workflow
There are a few areas for improvement. The first is scan speed. For large repositories, initial scans can be slow. Incremental scanning helps, but full scans still take considerable time. The second thing is the false positive rate. While Auto-Triage is good, it is not perfect. Occasionally, genuine issues get filtered out and real false positives slip through. The third one is remediation guidance. Aikido Security tells you what is vulnerable, but sometimes the fix suggestions are generic. More specific, actionable remediation steps would save developer time. The fourth one is IDE integrations. It currently works best in CI/CD pipelines. A proper VS Code or JetBrains plugin for real-time scanning while coding would be a significant improvement. From a customer point of view, the following things could change. The first thing is documentation for custom rules. Aikido Security allows you to create custom scanning rules, but the documentation for this feature is surprisingly thin. I spent considerable time in community forums and with trial and error just to configure basic custom rules. Step-by-step guides with real-world examples would make this feature much more accessible. The second thing is better Slack and communication integrations. Currently, security alerts come through email and dashboard notifications, but our team lives in Slack. A more configurable Slack integration that sends contextual alerts directly to the relevant developer, not just a generic channel notification, would dramatically improve response time. The third one is historical trend reporting. While Aikido Security shows current vulnerability status well, generating historical reports showing security posture improvement over time is limited. For presenting security progress to management or stakeholders, better exportable trend reports would be very valuable.
Utsav Sharma - PeerSpot reviewer
Senior Security Consultant at Ernst & Young
Maintain operational efficiency by detecting misconfigurations and vulnerabilities
The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma. It also offers repository scanning in the source code domain, allowing pre-push code scans. The misconfiguration detection works well for CloudFormation, Docker files, and Terraform. Its compliance support, like NIST, ensures that configurations align with standards. Trivy helps me significantly detect misconfigurations missed by the ops engineers or in Terraform by the naked eye. It ensures that my deployments are free of misconfigurations and vulnerabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Generally, Qualys is very good at detections, whether on cloud or on-prem, and the agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us."
"Qualys TotalCloud has significantly reduced our workload in terms of managing risks, helping us to be more efficient and save substantial resources."
"In my opinion, this is the best tool."
"While automatic inventory detection upon connection is a helpful feature, a truly valuable capability would be assessing an environment's security posture against Azure and CIS best practices."
"Its dashboards are brilliant. It provides in-depth insights."
"I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers."
"TotalCloud has been excellent in providing us with immediate access to all the products and features we need, such as CSPM, TruRisk Insights, and compliance reports, including CIS and HIPAA."
"Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities."
"Aikido Security saved me several hours each week by automating vulnerability scanning and security checks, reducing the need for manual review and helping me focus on more development."
"The biggest win with Aikido Security was reducing context switching, as developers previously received vulnerability reports from multiple tools and tried to figure out ownership manually, and now most findings are visible in one place."
"Aikido Security offers the best features including being very easy to use, allowing even a normal tech person with some hands-on experience to use this tool and clearly get the results they want."
"Since switching to Aikido Security, I have noticed a positive impact on my team's productivity with measurable results, as we now have measurements."
"Aikido Security has positively impacted my organization significantly because initially we were thinking it would take a month for us to achieve SOC 2 compliance again, and with Aikido Security, we were able to get all codebase vulnerability fixes within a week for all our 13 or 14 repositories that we had."
"Aikido Security nests directly in our development workflow and it catches security issues before they reach production."
"Overall, I would rate Trivy a ten out of ten."
"I can see vulnerabilities in the images of any applications deployed in the Kubernetes environment or as container applications."
"Trivy's ability to scan files, images, GitHub repositories, Infrastructure as Code like Terraform, and Kubernetes is valuable."
"Trivy is most valuable for its ability to scan all repository files and dependencies."
"I rate Trivy a nine out of ten."
"I definitely recommend Trivy."
"It is open-source."
"It's customizable, allowing me to add any rules and format HTML templates as I wish."
 

Cons

"With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks."
"An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage."
"We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage."
"It is already perfect, but they can bring some newer dashboards and customization options for the dashboard. It would be great to be able to include on-prem assets on the dashboard."
"The response part of the Cloud Detection and Response (CDR) module can be improved."
"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."
"We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments."
"Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released."
"The biggest challenge with Aikido Security initially was the alert volume, as connecting everything could result in hundreds or thousands of findings."
"I think Aikido Security could be improved with more detailed remediation guidance, such as additional beginner-friendly tutorials and enhanced customization for alerts and reporting."
"I think Aikido Security could be improved by addressing its Jira integration, which I feel needs a bit of work."
"I think Aikido Security could improve by reducing some pricing model. Pricing is quite high for a normal user, and if they can make it a little less, it will be much better."
"However, there was one minor issue that I faced. When I had a UUID for an object in the code, Aikido Security was considering it as a secret key, which it was not."
"There are a few areas for improvement. The first is scan speed; for large repositories, initial scans can be slow, and while incremental scanning helps, full scans still take considerable time."
"Trivy is not scalable; however, I have scanned very large projects with it. It is stable but not scalable according to my experience."
"For malware detection, I need to use two tools: Trivy as my anomaly scanner and ClamAV. I am integrating these two tools into the CI pipeline. If both malware and anomaly detection could be managed by one tool, I would not need to depend on two tools. That would be my suggestion."
"Trivy can improve by providing an output in PDF format."
"The reporting could be a little better. When integrating Trivy with CI, the interpretation of the reports could be improved."
"Trivy generates many false positives, flagging non-existent vulnerabilities. Improvements could include better contextual analysis or granular filtering."
"Having little experience can hinder the ability to connect it to a user-friendly UI effectively."
"One drawback I have observed with Trivy is the difficulty in building or integrating a UI, particularly for an operator in the NetSuite example."
"The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting."
 

Pricing and Cost Advice

"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"The cost is high, but it meets our organizational needs."
Information not available
Information not available
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
900,747 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
18%
Financial Services Firm
14%
Construction Company
7%
Comms Service Provider
7%
Comms Service Provider
12%
Manufacturing Company
11%
Financial Services Firm
10%
Computer Software Company
8%
Financial Services Firm
13%
Manufacturing Company
11%
Computer Software Company
10%
Comms Service Provider
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise3
Large Enterprise29
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise2
Large Enterprise2
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise9
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What needs improvement with Aikido Security?
I think Aikido Security could be improved by addressing its Jira integration, which I feel needs a bit of work. For m...
What is your primary use case for Aikido Security?
My main use case for Aikido Security is to utilize it as part of our vulnerability management program, where we also ...
What advice do you have for others considering Aikido Security?
Since switching to Aikido Security, I have noticed a positive impact on my team's productivity with measurable result...
What needs improvement with Trivy?
Trivy's marketing and awareness need improvement. Not everyone knows about it, which isn't ideal given its capabiliti...
What is your primary use case for Trivy?
I use Trivy ( /products/trivy-reviews ) to scan code for vulnerabilities before deployment. Our projects, which are d...
What advice do you have for others considering Trivy?
I recommend Trivy to others due to its powerful and useful features. However, I suggest increasing its marketing to r...
 

Comparisons

 

Also Known As

Qualys TotalCloud with FlexScan
No data available
No data available
 

Overview

 

Sample Customers

Information Not Available
FinTech GoCardless ZIP CertifID HealthTech Dental Intelligence PE & Group Techstars Cronos Group Security Tech Human Security Tines HR Tech Simployer Recruitee Agency November Five Other Lighthouse (Hospitality Tech) Smokeball (LegalTech) Runna (B2C Tech) GEA Group (Manufacturing) Community fibre (Telecom) n8n (Software Development)
Information Not Available
Find out what your peers are saying about Aikido Security vs. Trivy and other solutions. Updated: June 2026.
900,747 professionals have used our research since 2012.