JFrog Xray Reviews

We primarily use the solution for vulnerability scanning. We're looking for vulnerabilities in open-source components. 

The quality of scanning has been good. Its reporting is good. 

It's very clear and understandable.

The solution is stable and reliable.

We find the product the be easy to set up.

It is scalable.

The pricing is reasonable. 

Since we have been using the solution via APIs, there are some limitations in the APIs. 

We've only used it for six months, so we need to explore it more before commenting on any missing features. 

I've been using the solution for six months. 

The solution is stable and reliable. I'd rate it nine out of ten. The performance is good. There are no bugs or glitches.

We have less than 100 users on the solution right now. They are IT specialists and developers. 

The scalability is good. I'd rate it eight out of ten. It's hard to estimate how much it can scale.

I have not used technical support. 

We started with Sonatype and have switched over to JFrog. We were already using another JFrog solution and decided to focus on product synergy.

The implementation is rather straightforward. I was not involved with the team directly. They deployed it themselves, and I didn't hear about any issues, and there were no deployment delays. 

The deployment itself took a couple of weeks. 

In terms of maintenance, one or two people maintain it. They do not maintain it full-time. They manage other tools as well. It's relatively minimal maintenance. 

Our own internal team handled the setup. We did not need the help of consultants or integrators. 

It's too early to estimate the ROI. 

I don't handle the licensing. I don't know the exact cost of the solution. The pricing is likely fair. I've looked at competitive products and recall Xray being among the lower in terms of cost. I'd rate the pricing five out of ten. 

I'm an end-user. 

We're likely using a version that is the latest or close to the latest. 

I'd recommend the solution to others. There haven't been any disappointments so far. 

I'd rate the solution eight out of ten. It's done what is expected so far. 

I'm using this solution for scanning artifacts related to the Jfrog Artifactory. I'm scanning them, checking licenses and things like that. I'm a DevOps engineer intern and we are customers of JFrog. 

I would say the reporting functionalities are pretty good as are the policy watches. I like them a lot.

I'd like to see deeper reporting, they're pretty basic and there are no categories for comparing things. I'd also like to see an improvement with the documentation, there's not much available on their website. 

I've been using this solution for a couple of months. 

This solution is stable.

The solution is scalable.

I wasn't involved in the setup but I heard from my team that they faced some issues although I don't know what they were. We had a great consultant working with us and they solved the problems.