Try our new research platform with insights from 80,000+ expert users

Qualys VMDR vs Trivy comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys VMDR
Ranking in Container Security
10th
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
94
Ranking in other categories
IT Asset Management (6th), Vulnerability Management (1st), Configuration Management Databases (2nd), Risk-Based Vulnerability Management (1st)
Trivy
Ranking in Container Security
6th
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
12
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Container Security category, the mindshare of Qualys VMDR is 2.5%, down from 3.0% compared to the previous year. The mindshare of Trivy is 5.9%, up from 1.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security
 

Featured Reviews

Ankesh Raj - PeerSpot reviewer
Real-time responses and reporting streamline vulnerability management
Qualys VMDR provides a real-time response and reporting feature, which is excellent. It allows us to see real-time graphs and reports for every asset, server, and more, which is very user-friendly. Our clients have given good feedback, and they are satisfied with the tool. We use it daily to fix vulnerabilities by connecting with infrastructure to remediate. The feedback from the client side is very good.
Utsav Sharma - PeerSpot reviewer
Maintain operational efficiency by detecting misconfigurations and vulnerabilities
The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma. It also offers repository scanning in the source code domain, allowing pre-push code scans. The misconfiguration detection works well for CloudFormation, Docker files, and Terraform. Its compliance support, like NIST, ensures that configurations align with standards. Trivy helps me significantly detect misconfigurations missed by the ops engineers or in Terraform by the naked eye. It ensures that my deployments are free of misconfigurations and vulnerabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"What I like about Qualys VM is the dashboard presentation. It's very good."
"The most valuable features are vulnerability scanning, policy compliance scanning, and tablet for web application scanning."
"Qualys VM's best features are vulnerability management and customizable scoring."
"Technical support is great and we've never really had a problem."
"I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if tags aren't made."
"The product's patch management is excellent for keeping our critical servers and third-party applications updated efficiently."
"The most valuable feature is the QID part, especially of CentralList, which makes it easy to assess new critical vulnerabilities."
"The most valuable feature is the certificate management."
"Trivy is most valuable for its ability to scan all repository files and dependencies."
"Trivy is very reliable and always has an up-to-date database to scan images and identify vulnerabilities."
"Overall, I would rate Trivy a ten out of ten."
"The most valuable feature of Trivy is its easy integration with the CI/CD pipeline."
"It is open-source."
"I rate Trivy a nine out of ten."
"I appreciate Trivy for being open-source and not requiring any payment."
"It's customizable, allowing me to add any rules and format HTML templates as I wish."
 

Cons

"The customer support is very bad."
"The reporting needs improvement. It should generate much more stuff like field reports."
"It is a struggle to be able to pull our report and to be able to do onboarding using automated tools."
"One area of the product that could be improved is the management of vulnerabilities detected on disabled applications."
"They have integrated with other third parties, but it is still not viable."
"I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities."
"What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem."
"I would like to see this solution simplified to work more easily in a multi-cloud environment."
"In our CI/CD pipelines, Trivy lacks built-in functionality for report analysis."
"The reporting could be a little better. When integrating Trivy with CI, the interpretation of the reports could be improved."
"In our CI/CD pipelines, Trivy lacks built-in functionality for report analysis."
"Having little experience can hinder the ability to connect it to a user-friendly UI effectively."
"The main area for improvement is in differentiating between OS and application-based vulnerabilities."
"Trivy generates many false positives, flagging non-existent vulnerabilities. Improvements could include better contextual analysis or granular filtering."
"A dynamic scanning capability during runtime would be a significant advantage."
"One drawback I have observed with Trivy is the difficulty in building or integrating a UI, particularly for an operator in the NetSuite example."
 

Pricing and Cost Advice

"We do see over $100,000 in terms of price, for mid-size programs. You likely will pay more than $100,000 without any discount. It is a bit pricey."
"The solution is expensive."
"The license is on a yearly basis."
"We have an annual contract for Qualys VMDR. I believe it's for either two years or five years."
"Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly. On a scale from one to five, I would give their pricing a three. It's still expensive."
"The price is very reasonable."
"The solution is reasonably priced for the value it provides."
"The tool's pricing is expensive and I would rate the pricing a seven out of ten."
Information not available
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
860,592 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Educational Organization
12%
Computer Software Company
12%
Manufacturing Company
7%
Computer Software Company
15%
Financial Services Firm
13%
Manufacturing Company
11%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Qualys VMDR?
I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even ...
What is your experience regarding pricing and costs for Qualys VMDR?
Qualys offers better pricing and is feature-packed compared to other tools.
What needs improvement with Qualys VMDR?
There were some issues later with Qualys VMDR regarding security, specifically with numerous false positive reports.
What needs improvement with Trivy?
Trivy's marketing and awareness need improvement. Not everyone knows about it, which isn't ideal given its capabilities. There's potential to integrate AI and machine learning for enhanced function...
What is your primary use case for Trivy?
I use Trivy ( /products/trivy-reviews ) to scan code for vulnerabilities before deployment. Our projects, which are developed by different developers, involve various dependencies and third-party c...
What advice do you have for others considering Trivy?
I recommend Trivy to others due to its powerful and useful features. However, I suggest increasing its marketing to raise awareness. I rate Trivy an eight out of ten.
 

Comparisons

 

Also Known As

Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security
No data available
 

Overview

 

Sample Customers

Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
Information Not Available
Find out what your peers are saying about Qualys VMDR vs. Trivy and other solutions. Updated: June 2025.
860,592 professionals have used our research since 2012.