We performed a comparison between SonarQube and Sonatype Repository Firewall based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices)."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"The most valuable function is its usability."
"The most valuable features are code scanning and Quality Gates."
"The product is simple."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"During the setup process, we only had one issue related to the number of available files. To perform the analysis, you have quite a lot of available file handles, so we had to increase that limit."
"SonarQube could improve its static application security testing as per the industry standard."
"Code security scanning could be improved."
"There could be better integration with other products."
"Lacks sufficient visibility and documentation."
"The exporting capabilities could be improved. Currently, exporting is fully dependent on the SonarQube environment."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"The tool needs to improve its file systems. The product should also include zero test feature."
SonarQube is ranked 1st in Application Security Tools with 111 reviews while Sonatype Repository Firewall is ranked 34th in Application Security Tools with 3 reviews. SonarQube is rated 8.0, while Sonatype Repository Firewall is rated 8.4. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk, whereas Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, Black Duck, GitHub and Veracode. See our SonarQube vs. Sonatype Repository Firewall report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.