No more typing reviews! Try our Samantha, our new voice AI agent.

DefectDojo vs Nucleus Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 23, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
DefectDojo
Ranking in Vulnerability Management
44th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
1
Ranking in other categories
DevSecOps (13th)
Nucleus Security
Ranking in Vulnerability Management
40th
Average Rating
7.2
Reviews Sentiment
7.1
Number of Reviews
4
Ranking in other categories
Application Security Tools (28th), Risk-Based Vulnerability Management (14th), Continuous Threat Exposure Management (CTEM) (13th)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of DefectDojo is 0.8%, up from 0.6% compared to the previous year. The mindshare of Nucleus Security is 1.0%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.1%
Nucleus Security1.0%
DefectDojo0.8%
Other97.1%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
reviewer2267097 - PeerSpot reviewer
Integration and Solution Architect at a government with 501-1,000 employees
Easy to use with efficient vulnerability reporting and team collaboration
Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and we send this report to DefectDojo to have CVMs, Central Vulnerability Management. DefectDojo is Central Vulnerability Management. If you have a dashboard to set, we have…
reviewer2872923 - PeerSpot reviewer
Vulnerability And Compliance Manager at a insurance company with 5,001-10,000 employees
Unified vulnerability view has improved risk-based decisions but reporting still needs work
One of the main issues with Nucleus Security is its lack of reporting capability. The user interface resembles an early 2000s application style, and although its speed is decent, it could be improved as more data is ingested. The overall appearance and feel need work, especially compared to modern applications from Rapid7, Qualys, and Tenable, which have more engaging user interfaces. The reporting capability is severely lacking; not being able to filter to granularity or have custom built queries is an annoyance that needs an overhaul. Additionally, there are bugs that have not been resolved, such as when you create a report and remove an asset, the asset still appears in the report despite not being present in the system anymore, leading to issues that need to be addressed quickly. Nucleus Security can become a difficult investment because I already have a vulnerability management solution, and I question where Nucleus Security fits with its licensing model. While I acknowledge automation has been described, it would be amazing to control the entire vulnerability management workflow from Nucleus Security without needing to log onto other systems. Having controls or actions that can be sent from the console down to the scanner for rescans would be beneficial. If Nucleus Security is going down this path, it should ensure that it becomes a one-stop shop for vulnerability management across multiple applications.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"If I had to say something positive about the product that brings me the biggest benefit, I would say it has accurate reports, gets new update CVEs, zero-day attack detection, and is easy to manage with its GUI."
"TotalCloud has been excellent in providing us with immediate access to all the products and features we need, such as CSPM, TruRisk Insights, and compliance reports, including CIS and HIPAA."
"I like the web API security and IoT scanning features the most. The user-friendly design of TotalCloud's interface enables customers to navigate it and use its full potential easily"
"Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities."
"I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers."
"Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities."
"Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors."
"The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans."
"With the pipeline of detection and DefectDojo, we are able to see the real vulnerabilities, and we fix them."
"Nucleus Security has fundamentally changed how we manage our vulnerability lifecycle and made our entire incident response process much more proactive, organized, and reliable."
"The best features that Nucleus Security offers in my experience are the unified integrations with all of the different vulnerability management platforms."
"Nucleus Security has impacted my organization positively by providing a single pane view of vulnerabilities from different connectors and enabling the automation of reporting and alerting on findings that are out of due date or out of SLA."
"The best features Nucleus Security offers, in my opinion, are that it is really great in showcasing things and providing centralized vulnerability management."
 

Cons

"Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."
"TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments."
"Although TotalCloud is a helpful tool, some of its advanced features are still under development."
"To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution."
"Regarding technical support from Qualys, they respond, but the response time can be too long. Sometimes we need to wait weeks for solutions to simple questions."
"Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies."
"Enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage."
"Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems."
"We need something to notify the team responsible for a product when vulnerabilities are found."
"One of the main issues with Nucleus Security is its lack of reporting capability."
"On a scale of one to ten, I would rate Nucleus Security overall a six."
"Nucleus Security needs a better view into exposure management, as exposure management and attack path management are missing."
"While the platform is incredibly powerful, the initial configuration curve of Nucleus Security can be a bit steep."
 

Pricing and Cost Advice

"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"The cost is high, but it meets our organizational needs."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Qualys TotalCloud is expensive."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
Information not available
Information not available
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
904,680 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
13%
Outsourcing Company
8%
Comms Service Provider
7%
Comms Service Provider
14%
Financial Services Firm
11%
Computer Software Company
9%
Construction Company
8%
Computer Software Company
13%
Financial Services Firm
12%
Construction Company
8%
Healthcare Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
No data available
No data available
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for DefectDojo?
The pricing is great. It is much cheaper compared to other solutions. We don't want to pay for things we are able to ...
What needs improvement with DefectDojo?
We need something to notify the team responsible for a product when vulnerabilities are found. We are able to attach ...
What is your primary use case for DefectDojo?
Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and...
What is your experience regarding pricing and costs for Nucleus Security?
I have a good experience with that, so we don't have much problem dealing with pricing, setup, and licensing.
What needs improvement with Nucleus Security?
Nucleus Security needs a better view into exposure management, as exposure management and attack path management are ...
What is your primary use case for Nucleus Security?
My main use case for Nucleus Security is unifying the vulnerability management landscape, providing a single source o...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
No data available
 

Overview

Find out what your peers are saying about Wiz, Qualys, Tenable and others in Vulnerability Management. Updated: June 2026.
904,680 professionals have used our research since 2012.