JFrog Xray vs Red Hat Advanced Cluster Security for Kubernetes comparison

JFrog Xray vs. Red Hat Advanced Cluster Security for Kubernetes

Download the complete report

Helped 900,747 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Qualys TotalCloud

Mindshare comparison

As of June 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.4%, up from 0.9% compared to the previous year. The mindshare of JFrog Xray is 3.0%, down from 3.7% compared to the previous year. The mindshare of Red Hat Advanced Cluster Security for Kubernetes is 1.6%, down from 2.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Container Security Mindshare Distribution
Product	Mindshare (%)
Qualys TotalCloud	1.4%
JFrog Xray	3.0%
Red Hat Advanced Cluster Security for Kubernetes	1.6%
Other	94.0%

Container Security

Featured Reviews

Robert Orłowski

IT Security Expert at Alior Bank S.A.

Unified risk scoring has improved our cloud visibility and simplifies remediation priorities

Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.

Read full review

Anand Nanwana

DevOps Engineer at Syvora

Offers flexibility across clouds and easy credential management while interface improvements are needed

For JFrog Xray, the Artifactory and package repositories are valuable features. There are many benefits from JFrog Xray. For example, with other registries such as ECR, we can use the images only in the AWS cloud. With JFrog, we can use this registry from any cloud or work locally as well. JFrog can support multiple packages, such as NuGet package, pip, and other technologies. It can be used for Terraform as well. The credential management is very easy in JFrog. For instance, when using GitHub action as a CI/CD tool, I just need to create a token and set up JFrog CLI there and give access to the repository. With multiple repositories, I can generate a token for a specific repository, add that token in the GitHub secret, fetch from the CI/CD, run the command JFrog CLI, and authenticate through the token. Then we can push the images into JFrog.

Read full review

Daniel Stevens

Software Engineer at Galley

Offers easy management and container connection with HTTPS, but the support needs to improve

I have experience with the solution's setup in Rio de Janeiro, Brazil and our company has assisted in the development of a cluster in a research department, but we didn't start from scratch because we have IT professionals who have installed Kubernetes across 12 nodes of a cluster and a new environment can be created for a new platform. I also had another setup experience of Red Hat Advanced Cluster Security for Kubernetes in Portugal where I had to implement the solution in a cluster of 22 computer servers, which was completed with assistance from the IT department of the company. The initial setup process of the solution can be considered as difficult. The setup process involves using the permissions, subnets and range of IPs, which makes it complex. Deploying Red Hat Advanced Cluster Security for Kubernetes takes around eight to ten hours for new clusters. The solution's deployment can be divided into three parts. The first part involves OpenStack, where the cluster's resources need to be identified. The second part involves virtualizing assets and identifying other physical assets, for which OpenStack, Kubernetes, or OpenShift are used. The third part of the deployment involves dividing the networks into subnetworks and implementing automation to deploy the microservices using Helm. The number of professionals required for the solution's deployment depends upon the presence of automated scripts. Ideally, two or three professionals are required to set up Red Hat Advanced Cluster Security for Kubernetes.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."

"Qualys TotalCloud fulfills all these needs."

"It is a cloud-native app that integrates with both IaaS and SaaS. It seamlessly integrates with other platforms."

"The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans."

"Once you have your vulnerabilities fixed and your patches pushed out using Qualys TotalCloud, then you are able to eliminate threats and cyber risk."

"Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors."

"Qualys TotalCloud is an excellent platform, and the beauty of the platform is that we can get all the vulnerabilities, see all the reports in a single dashboard, view them segregated, and easily learn about critical, high, and medium findings with appropriately provided remediation steps."

"The best part I like is the on-demand scans."

More Qualys TotalCloud pros

"Good reporting functionalities."

"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."

"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."

"The solution is stable and reliable."

"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."

"JFrog Xray shows us a list of vulnerabilities that can impact our code."

"I would say the reporting functionalities are pretty good as are the policy watches."

"With JFrog, we can use this registry from any cloud or work locally as well, and it can support multiple packages such as NuGet, pip, and other technologies including Terraform, making credential management very easy."

More JFrog Xray pros

"One of the most valuable features I found was the ability of this solution to map the network and show you the communication between your containers and your different nodes."

"It is easy to install and manage."

"I am impressed with the tool's visibility."

"I like virtualization and all those tools that come with OpenShift. I also like Advanced Cluster Management and the built-in security."

"Offers easy management with authentication and authorization features"

"Scalability-wise, I rate the solution a nine out of ten."

"The most valuable feature of the solution is its monitoring feature."

"The technical support is good."

More Red Hat Advanced Cluster Security for Kubernetes pros

Cons

"The price is very expensive, actually."

"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."

"We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments."

"There is room for improvement in the support."

"The support is not up to the mark and seems to be overburdened."

"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."

"Regarding technical support from Qualys, they respond, but the response time can be too long. Sometimes we need to wait weeks for solutions to simple questions."

"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."

More Qualys TotalCloud cons

"The speed of JFrog Xray should improve. Other solutions have better performance."

"I'd like to see deeper reporting, they're pretty basic and there are no categories for comparing things."

"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."

"JFrog Xray's documentation and error logging could be improved."

"X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL."

"The UI of JFrog Xray could be improved. There is a dialogue box in the Xray section that doesn't always work properly."

"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."

"JFrog Xray does not have a dashboard."

More JFrog Xray cons

"The solution's price could be better."

"The solution lacks features when compared to some of the competitors such as Prisma Cloud by Palo Alto Networks and has room for improvement."

"The initial setup is pretty complex. There's a learning curve, and its cost varies across different environments. It's difficult."

"The deprecation of APIs is a concern since the deprecation of APIs will cause issues for us every time we upgrade."

"The tool's command line and configuration are hard for us to understand and make deployment complex. It should also include zero trust, access control features and database connectivity."

"The testing process could be improved."

"The solution's visibility and vulnerability prevention should be improved."

"I do see that some features associated with the IAST part are not included in the tool, making it an area where improvements are required."

More Red Hat Advanced Cluster Security for Kubernetes cons

Pricing and Cost Advice

"Qualys TotalCloud is expensive."

"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."

"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."

"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."

"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."

"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."

"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."

"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."

More Qualys TotalCloud pricing and cost advice

Information not available

"The price of Red Hat Advanced Cluster Security for Kubernetes is better than Palo Alto Prisma."

"It's a costly solution"

"Red Hat offers two pricing options for their solution: a separate price, and a bundled price under the OpenShift Platform Plus."

"The pricing model is moderate, meaning it is not very expensive."

"We purchase a yearly basis license for the solution."

See which vendors are best for you

Use our free recommendation engine to learn which Container Security solutions are best for your needs.

See recommendations

900,747 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Manufacturing Company

18%

Financial Services Firm

14%

Construction Company

Comms Service Provider

Financial Services Firm

25%

Manufacturing Company

11%

Computer Software Company

Government

Financial Services Firm

28%

Government

Manufacturing Company

Computer Software Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	10
Midsize Enterprise	3
Large Enterprise	29

By reviewers
Company Size	Count
Small Business	1
Midsize Enterprise	3
Large Enterprise	6

By reviewers
Company Size	Count
Small Business	6
Midsize Enterprise	2
Large Enterprise	4

Questions from the Community

What is your experience regarding pricing and costs for Qualys TotalCloud?

The price is very expensive, actually.

What needs improvement with Qualys TotalCloud?

Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...

What is your primary use case for Qualys TotalCloud?

Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...

What needs improvement with JFrog Xray?

I would assess the integration of JFrog Xray with CI/CD tools as the weak point. You have two means to do that: one i...

What is your primary use case for JFrog Xray?

For JFrog Xray product, you can use it for two main goals: compliance and security. You can use it to check if your l...

What is your experience regarding pricing and costs for JFrog Xray?

It is affordable because JFrog Xray provides a free trial of 14 days. We can explore all the features of JFrog in the...

What needs improvement with Red Hat Advanced Cluster Security for Kubernetes?

From an improvement perspective, I would like to create new policies in the tool, especially if it is deployed for th...

What is your primary use case for Red Hat Advanced Cluster Security for Kubernetes?

I use the solution in my company for vulnerability management, configuration management, compliance, safety handling,...

What advice do you have for others considering Red Hat Advanced Cluster Security for Kubernetes?

The tool's policy management supports our company's compliance efforts since any corporate entity or enterprise must ...

Microsoft Defender for Cloud vs Qualys TotalCloud

Comparisons

Wiz vs Qualys TotalCloud

Compared 12% of the time

Compared 8% of the time

Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud

Compared 6% of the time

JupiterOne vs Qualys TotalCloud

Compared 5% of the time

Nucleus Security vs Qualys TotalCloud

Compared 5% of the time

More Qualys TotalCloud Competitors

Trivy vs JFrog Xray

Compared 8% of the time

Sonatype Lifecycle vs JFrog Xray

Compared 6% of the time

Snyk vs JFrog Xray

Compared 5% of the time

Black Duck SCA vs JFrog Xray

Compared 5% of the time

Docker vs JFrog Xray

Compared 5% of the time

More JFrog Xray Competitors

Prisma Cloud by Palo Alto Networks vs Red Hat Advanced Cluster Security for Kubernetes

Compared 11% of the time

Aqua Cloud Security Platform vs Red Hat Advanced Cluster Security for Kubernetes

Compared 10% of the time

Tenable.io Container Security vs Red Hat Advanced Cluster Security for Kubernetes

Compared 8% of the time

Microsoft Defender for Cloud vs Red Hat Advanced Cluster Security for Kubernetes

Compared 6% of the time

Qualys VMDR vs Red Hat Advanced Cluster Security for Kubernetes

Compared 5% of the time

More Red Hat Advanced Cluster Security for Kubernetes Competitors

Product Reports

Qualys TotalCloud

Download Qualys TotalCloud product report

JFrog Xray

Download JFrog Xray product report

Red Hat Advanced Cluster Security for Kubernetes

Download Red Hat Advanced Cluster Security for Kubernetes product report

Red Hat Advanced Cluster Security for Kubernetes report

Also Known As

Qualys TotalCloud with FlexScan

JFrog Security Essentials

StackRox

Overview

Qualys TotalCloud enhances security posture across cloud environments with continuous monitoring, vulnerability management, and risk visualization, ensuring efficient threat assessment and automated remediation for improved cyber risk reduction.

Qualys TotalCloud offers a robust suite of security tools essential for organizations managing multi-cloud infrastructures. By integrating cloud accounts and automating workflows, it supports AWS, Azure, and GCP, offering comprehensive vulnerability management and zero-day detection. The platform's user-friendly design, combined with its extensive risk management and unified threat assessment capabilities, enables organizations to prioritize and remediate vulnerabilities effectively. TruRisk Insights provides clear insights on cyber risks, while the automation options streamline patch management and scanning processes. API integration across IaaS and SaaS environments further enhances resource allocation efficiency and saves time, addressing misconfigurations across cloud environments.

What are the most important features of Qualys TotalCloud?

Accurate Vulnerability Reports: Delivers precise and actionable insights for risk mitigation.
Zero-Day Detection: Identifies and addresses zero-day vulnerabilities proactively.
Unified Threat Assessment: Offers comprehensive evaluation of threats across the environment.
Extensive Risk Management: Manages risks effectively with advanced insights and prioritization.
Continuous Monitoring: Provides non-stop surveillance for vulnerabilities and threats.
Cloud-Native Automation: Streamlines processes and reduces manual efforts using automation.
FlexScan for Internet-Facing VMs: Scans external VMs efficiently to detect vulnerabilities.
Dashboard Risk Visualization: Clear visualization helps prioritize vulnerabilities.

What benefits and ROI should users look for?

Improved Security Posture: Enhances threat detection and response across clouds.
Time Savings: Automation reduces time spent on manual vulnerability management.
Resource Efficiency: Better allocation of resources through streamlined workflows.
Enhanced Risk Prioritization: Focus on critical vulnerabilities for effective mitigation.
Integrated Cloud Accounts: Facilitates seamless cloud management and security.

Qualys TotalCloud is deployed in sectors needing rigorous vulnerability management, such as finance and healthcare. Companies utilize it to secure multi-cloud environments like AWS, Azure, and GCP, focus on compliance, and integrate security into CI/CD pipelines to detect and remedy threats pre-deployment.

Qualys

JFrog Xray is a robust solution for managing artifacts and vulnerabilities, integrating with tools like Artifactory to streamline dependency management and ensure security compliance. Recognized for its scalability and stability, it facilitates advanced reporting and license compliance.

JFrog Xray provides a comprehensive approach to artifact security and management, seamlessly integrating with CI/CD pipelines. Its deep scanning capabilities are particularly valuable for containerized applications, offering insights into vulnerabilities and compliance. The tool's policy-driven approach enhances security, while its efficiency in handling multiple package types ensures broad applicability. Despite room for improvement in speed and performance, it's a critical asset for organizations prioritizing secure software delivery.

What are JFrog Xray's key features?

Internal Dependencies Hierarchy: Displays how dependencies are structured within projects.
Advanced Reporting: Detailed reports for better vulnerability management.
Policy Watches and Blocking: Automated checks against specific security policies.
Integration with Artifactory: Facilitates efficient dependency management.
Deep Scanning for Docker: Provides thorough scanning of Docker files.
License Compliance: Checks for adherence to licensing terms.
Scalability and Stability: Reliable performance for large-scale operations.

What benefits should users look for?

Enhanced Security: Offers comprehensive threat detection and policy enforcement.
Efficient Management: Integrated solution supports multiple package types and repositories.
Easy Setup: Quick to deploy, fitting seamlessly into existing infrastructure.
Cost Efficiency: Competitive pricing with favorable credentials management.

JFrog Xray finds application across industries where security and compliance are critical. In sectors reliant on container technology and open-source components, such as finance or technology, Xray aids in deploying secure applications. Through its deep scanning capabilities, companies can ensure that images and artifacts meet compliance standards, mitigating risks associated with dependencies and licenses.

JFrog

Red Hat Advanced Cluster Security for Kubernetes empowers organizations with robust capabilities in container security, vulnerability management, and workload transition, seamlessly integrated with OpenShift for optimal orchestration.

Red Hat Advanced Cluster Security for Kubernetes stands out with its comprehensive features like authentication, authorization, and API integration. Users appreciate resource sharing, segmentation, and virtualization capabilities, all facilitated by a user-friendly Cockpit web interface and command administration. The system's strengths are visible through effective security protocols, such as secure UPI images, container networking, and built-in security features. Its advanced cluster management and monitoring ensure efficiency, while focus on vulnerability and configuration management addresses key concerns. However, improvements in documentation, web UI, and API flexibility are needed, with challenges in command line configuration and deployment also noted. Stability issues due to API deprecation and the need for enhanced zero trust, access control, and database connectivity present room for growth.

What are the key features of Red Hat Advanced Cluster Security for Kubernetes?

API Integration: Seamless integration capabilities with APIs for enhanced automation.
Resource Sharing: Effective resource distribution within clustered environments.
Secure UPI Images: Encrypted images for heightened security and safety.
Container Networking: Modern networking protocols for efficient container communication.
Communication Mapping: Detailed network traffic visualization and analysis.

What benefits and ROI can users expect from Red Hat Advanced Cluster Security for Kubernetes?

Vulnerability Management: In-depth identification and mitigation of security threats.
Compliance Management: Ensures adherence to regulatory standards and practices.
Integration with OpenShift: Streamlined orchestration for enhanced deployment flexibility.
Threat Detection: Advanced capabilities for monitoring and responding to potential security breaches.

Red Hat Advanced Cluster Security for Kubernetes is implemented across various industries to facilitate the transition from traditional monolithic applications to dynamic containerized environments. Organizations in sectors such as finance, healthcare, and technology benefit from its robust segmentation, monitoring abilities, and behavior analysis. With the integration of Istio and GRPC, industries achieve secure microservices communication and improved visibility for comprehensive threat monitoring.

Red Hat

Sample Customers

Information Not Available

google, amazon, cisco, netflix, oracle, vmware, facebook

City National Bank, U.S. Department of Homeland Security

JFrog Xray vs. Red Hat Advanced Cluster Security for Kubernetes