JFrog Xray vs Qualys CyberSecurity Asset Management comparison

JFrog Xray vs. Qualys CyberSecurity Asset Management

Download the complete report

Helped 881,665 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

ROI

Sentiment score

3.5

JFrog Xray improved efficiency, security, and compliance, reduced downtime, and sped up release cycles with enhanced vulnerability detection and reporting.

Sentiment score

4.9

Qualys CyberSecurity Asset Management boosts efficiency, reduces costs, enhances security, and delivers a 95% ROI with 35% cost reduction.

No quotes available

For more quotes and insights, download the JFrog Xray report

Improvements to our security infrastructure contributed to overall business growth of approximately 150 percent over the past year.

For more quotes and insights, download the Qualys CyberSecurity Asset Management report

Android Developer at Droidforge

By automating tasks, it significantly reduces the human resources required, leading to increased efficiency and productivity.

reviewer2590986

Senior Manager at a consultancy with 10,001+ employees

It has reduced the number of development and scripting hours along with maintenance hours.

Curtis Nielson

Security Operations Manager at Solventum

Customer Service

Sentiment score

4.0

JFrog Xray's customer service is generally well-received, with positive technical support, though not all users engage directly.

Sentiment score

7.5

Qualys CyberSecurity Asset Management's customer service is highly praised for its responsiveness, effectiveness, and swift problem resolution capabilities.

When we need clarifications, we contact our account manager, and they arrange demos.

Development Senior at a financial services firm with 5,001-10,000 employees

On a scale of 1 to 10, I would rate the technical support of JFrog Xray an eight because they are very knowledgeable.

For more quotes and insights, download the JFrog Xray report

DevSecOps Engineer at a tech services company with 501-1,000 employees

The support team was knowledgeable and offered a variety of quick resolution options.

For more quotes and insights, download the Qualys CyberSecurity Asset Management report

Android Developer at Droidforge

Their SMEs have sufficient knowledge, and if they are not the right contact, they quickly redirect us to someone who can help resolve issues.

Ramachandran Sugumar

Senior Information Security Engineer at a consultancy with 10,001+ employees

I would rate their customer support a ten out of ten.

reviewer2590236

Information Security Lead at a consultancy with 10,001+ employees

Scalability Issues

Sentiment score

6.8

JFrog Xray is scalable and suitable for multiple applications, despite PostgreSQL limitations and some performance challenges.

Sentiment score

7.8

Qualys CyberSecurity Asset Management excels in scalability, supporting diverse environments with numerous users, networks, and large datasets efficiently.

According to my use case, it is highly scalable.

For more quotes and insights, download the JFrog Xray report

DevOps Engineer at Syvora

We have about 300,000 assets installed with agents worldwide.

reviewer2590236

Information Security Lead at a consultancy with 10,001+ employees

The scalability is excellent as we manage more than one hundred thousand assets, including over one hundred thousand endpoints, approximately 2,600 servers, and more than 1,200 network devices.

Arshad N. R.

Cyber Security Specialist at UBS Financial

Qualys Cybersecurity Asset Management has proven to be a highly scalable solution for us over the past couple of years.

reviewer2593263

Manager Information Security at a consultancy with 10,001+ employees

For more quotes and insights, download the Qualys CyberSecurity Asset Management report

Stability Issues

Sentiment score

7.6

JFrog Xray is praised for stability and security, compared favorably to competitors, with minor concerns about PostgreSQL support.

Sentiment score

7.5

Qualys CyberSecurity Asset Management is stable, highly rated, with minimal issues, and appreciated for its consistent enhancements and features.

I use JFrog Xray primarily for security purposes, and I find it reliable.

DevOps Engineer at Syvora

We did experience crashes, downtimes, and performance issues with JFrog Xray.

For more quotes and insights, download the JFrog Xray report

DevSecOps Engineer at a tech services company with 501-1,000 employees

I would rate the stability of Qualys CSAM a ten out of ten.

Bharawaj S

IT Engineer at a consultancy with 10,001+ employees

The product stability has notably declined over the last two months, and the performance to fulfill a page request is very slow compared to its previous performance.

Christopher Mateski

SENIOR MANAGER, CYBERSECURITY THREAT, RISK & ARCHITECTURE at a tech vendor with 1,001-5,000 employees

They are constantly adding capabilities.

Scott Frederick

Director of Vulnerability Management at a insurance company with 1,001-5,000 employees

For more quotes and insights, download the Qualys CyberSecurity Asset Management report

Room For Improvement

Users demand better reporting, documentation, UI, site performance, API limits, custom reports, vulnerability management, and integration support.

Qualys CyberSecurity Asset Management struggles with integration, configuration flexibility, tagging accuracy, and performance issues needing improvement.

When we have given a very long tag, it doesn't work as expected and requires excessive scrolling.

DevOps Engineer at Syvora

somehow you need to adapt your GitLab pipeline and turn them into JFrog pipeline, and this is something they don't really advertise at first—you're obliged to use the JFrog CLI.

DevSecOps Engineer at a tech services company with 501-1,000 employees

X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL.

For more quotes and insights, download the JFrog Xray report

Development Senior at a financial services firm with 5,001-10,000 employees

Qualys is currently not able to identify assets lacking DNS information.

reviewer2589096

Senior Information Security Engineer at a consultancy with 10,001+ employees

Features enhancing the interaction with IT or security teams should be added, such as a ticketing feature that, if an issue arises in the CSAM module, enables direct ticket creation in systems like ServiceNow.

SurajTripathi

Senior Security Consultant at CyberNxt Solutions LLP

If there's one key aspect to focus on, it's discovery—the ability to identify assets that you are not aware of, even when you can see they are present.

Nicki Møller

Information Security Engineer at a manufacturing company with 5,001-10,000 employees

For more quotes and insights, download the Qualys CyberSecurity Asset Management report

Setup Cost

Qualys offers high yet flexible pricing, valued for comprehensive features and cost-effectiveness, especially when bundled with other services.

JFrog Xray provides a free trial of 14 days.

DevOps Engineer at Syvora

The basic scanning capabilities come with Artifactory, however, curation requires additional licenses.

For more quotes and insights, download the JFrog Xray report

Development Senior at a financial services firm with 5,001-10,000 employees

A cost-effective solution.

Arshad Nr

Senior Security Consultant at CyberNxt Solutions LLP

I believe that the stability and reliability of Qualys offer great value for the money.

Nicki Møller

Information Security Engineer at a manufacturing company with 5,001-10,000 employees

A monthly subscription starting at approximately $72 per month, depending on the specific package and features included.

For more quotes and insights, download the Qualys CyberSecurity Asset Management report

Android Developer at Droidforge

Valuable Features

JFrog Xray offers deep scanning, seamless integration with Artifactory, robust vulnerabilities management, flexible deployment, and attractive pricing.

Qualys CyberSecurity Asset Management enhances security with real-time visibility, integration, TruRisk scoring, and simplified asset and patch management.

The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features.

Development Senior at a financial services firm with 5,001-10,000 employees

The policy-driven approach of JFrog Xray helped me maintain security standards by integrating it in the development pipeline.

DevSecOps Engineer at a tech services company with 501-1,000 employees

With other registries such as ECR, we can use the images only in the AWS cloud. With JFrog, we can use this registry from any cloud or work locally as well.

For more quotes and insights, download the JFrog Xray report

DevOps Engineer at Syvora

By correlating this with QDS scores, we can accurately assess the risk level of high or low QDS scores associated with each asset and monitor them accordingly.

reviewer2589096

Senior Information Security Engineer at a consultancy with 10,001+ employees

The most valuable feature is the real-time visibility Qualys CyberSecurity Asset Management provides into all assets across our development and operational environments.

For more quotes and insights, download the Qualys CyberSecurity Asset Management report

Android Developer at Droidforge

It also performs scans to identify any vulnerabilities, which helps to take proactive measures before those vulnerabilities are identified by any attacker.

reviewer2590236

Information Security Lead at a consultancy with 10,001+ employees

Categories and Ranking

JFrog Xray

Ranking in Vulnerability Management

39th

Ranking in Software Supply Chain Security

1st

Average Rating

7.8

Reviews Sentiment

6.3

Number of Reviews

Ranking in other categories

Container Security (14th), Software Composition Analysis (SCA) (5th)

Qualys CyberSecurity Asset ...

Ranking in Vulnerability Management

9th

Ranking in Software Supply Chain Security

3rd

Average Rating

9.0

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Patch Management (4th), Cyber Asset Attack Surface Management (CAASM) (2nd), Attack Surface Management (ASM) (2nd)

Mindshare comparison

As of February 2026, in the Vulnerability Management category, the mindshare of JFrog Xray is 1.4%, down from 1.5% compared to the previous year. The mindshare of Qualys CyberSecurity Asset Management is 1.3%, up from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Vulnerability Management Market Share Distribution
Product	Market Share (%)
Qualys CyberSecurity Asset Management	1.3%
JFrog Xray	1.4%
Other	97.3%

Vulnerability Management

Featured Reviews

Offers flexibility across clouds and easy credential management while interface improvements are needed

DevOps Engineer at Syvora

For JFrog Xray, the Artifactory and package repositories are valuable features. There are many benefits from JFrog Xray. For example, with other registries such as ECR, we can use the images only in the AWS cloud. With JFrog, we can use this registry from any cloud or work locally as well. JFrog can support multiple packages, such as NuGet package, pip, and other technologies. It can be used for Terraform as well. The credential management is very easy in JFrog. For instance, when using GitHub action as a CI/CD tool, I just need to create a token and set up JFrog CLI there and give access to the repository. With multiple repositories, I can generate a token for a specific repository, add that token in the GitHub secret, fetch from the CI/CD, run the command JFrog CLI, and authenticate through the token. Then we can push the images into JFrog.

Read full review

Arshad N. R.

Cyber Security Specialist at UBS Financial

Customized dashboards and quick deployment support comprehensive asset management

We use the True Risk Score for vulnerability prioritization, though we do not solely rely upon it since some assets may be decommissioned soon or not in use. From Qualys CyberSecurity Asset Management, we primarily focus on internet-facing assets. We have created separate tasks for internet-facing assets and track the True Risk dashboard specifically for these assets. If the True Risk Score is higher for any internet-facing assets, then we take action accordingly. The True Risk Score is very helpful for prioritization. The initial setup was straightforward and easy. We needed to create customized tags, group them twice, and validate whether the operating system detection was true positive or false positive. We encountered some false positives, which required coordination with the IT team for verification. In six months, we had approximately 20-25 machines that needed verification on a weekly basis. We coordinated with the IT team to identify the exact operating system specifications.

Read full review

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

881,665 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

25%

Manufacturing Company

12%

Computer Software Company

Government

Computer Software Company

12%

Financial Services Firm

12%

Manufacturing Company

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	1
Midsize Enterprise	3
Large Enterprise	6

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	2
Large Enterprise	23

Questions from the Community

What do you like most about JFrog Xray?

JFrog Xray shows us a list of vulnerabilities that can impact our code.

What needs improvement with JFrog Xray?

I would assess the integration of JFrog Xray with CI/CD tools as the weak point. You have two means to do that: one is using the API, or the other is using the command line from JFrog. That part is...

What is your primary use case for JFrog Xray?

For JFrog Xray product, you can use it for two main goals: compliance and security. You can use it to check if your licenses are compliant, and you can check if your dependencies you want to use ar...

What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?

I'm not entirely sure about the pricing; I don't know.

What needs improvement with Qualys CyberSecurity Asset Management?

I think the one thing Qualys CyberSecurity Asset Management can do better is the package management and the updating process. Knowing that you can't update any of the packages until you've done the...

What is your primary use case for Qualys CyberSecurity Asset Management?

I primarily use it for a small, single-site, multi-source setup with multi-WAN inputs. I have a main fiber connection and a couple of failovers while managing different networks across different se...

Black Duck SCA vs JFrog Xray

Comparisons

Trivy vs JFrog Xray

Compared 11% of the time

Compared 9% of the time

Wiz vs JFrog Xray

Compared 6% of the time

Sonatype Lifecycle vs JFrog Xray

Compared 5% of the time

Mend.io vs JFrog Xray

Compared 5% of the time

More JFrog Xray Competitors

Armis vs Qualys CyberSecurity Asset Management

Compared 7% of the time

CrowdStrike Falcon vs Qualys CyberSecurity Asset Management

Compared 5% of the time

Axonius vs Qualys CyberSecurity Asset Management

Compared 5% of the time

Amazon Inspector vs Qualys CyberSecurity Asset Management

Compared 4% of the time

Bitsight vs Qualys CyberSecurity Asset Management

Compared 4% of the time

More Qualys CyberSecurity Asset Management Competitors

Product Reports

JFrog Xray

Download JFrog Xray product report

Qualys CyberSecurity Asset Management

Download Qualys CyberSecurity Asset Management product report

Qualys CyberSecurity Asset Management report

Also Known As

JFrog Security Essentials

No data available

Overview

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

If you are a team player and you care and you play to WIN, we have just the job you're looking for.

As we say at JFrog: "Once You Leap Forward You Won't Go Back!"

JFrog

Qualys CyberSecurity Asset Management provides key features including asset inventory management, end-of-life tracking, dynamic tagging, and integration with CMDB, offering extensive visibility and support for proactive threat response.

Qualys offers comprehensive visibility across hardware and software assets, aiding in tracking unauthorized applications and facilitating automated vulnerability remediation. Its user-friendly interface and dynamic risk scoring enhance security posture management. Users leverage it for vulnerability management and compliance, benefiting from real-time risk identification and efficient operations in cloud and on-premises environments.

What are the key features of Qualys CyberSecurity Asset Management?

Asset Inventory Management: Provides detailed visibility over hardware and software assets.
End-of-Life Tracking: Helps identify technical debt by pinpointing outdated hardware and software.
Dynamic Tagging: Allows flexible classification and categorization of assets.
Real-Time Risk Identification: Detects risks as they arise, enhancing threat response capabilities.
CMDB Integration: Streamlines data integration for comprehensive asset insights.

What benefits should users look for in Qualys reviews?

Improved Security Posture: Enables proactive threat management and streamlined operations.
Efficient Remediation: Automates vulnerability management and patch deployment.
User-Friendly Operations: Simplifies cybersecurity operations with an intuitive interface.
Comprehensive Asset Visibility: Offers unparalleled insight into organizational assets.
Scalable Solutions: Facilitates asset tracking across cloud and on-premises environments.

Cybersecurity teams in various industries, such as financial services, healthcare, and manufacturing, utilize Qualys to manage technical debt through end-of-life tracking and facilitate robust patch management. It supports compliance and visibility initiatives, essential for maintaining data integrity and operational security in dynamic environments.

Qualys

Sample Customers

google, amazon, cisco, netflix, oracle, vmware, facebook

Information Not Available

JFrog Xray vs. Qualys CyberSecurity Asset Management