Try our new research platform with insights from 80,000+ expert users

Black Duck vs Sonatype Repository Firewall comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Black Duck
Ranking in Software Composition Analysis (SCA)
1st
Average Rating
7.6
Reviews Sentiment
7.4
Number of Reviews
22
Ranking in other categories
No ranking in other categories
Sonatype Repository Firewall
Ranking in Software Composition Analysis (SCA)
15th
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
Application Security Tools (31st)
 

Mindshare comparison

As of July 2025, in the Software Composition Analysis (SCA) category, the mindshare of Black Duck is 18.2%, down from 22.5% compared to the previous year. The mindshare of Sonatype Repository Firewall is 1.5%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
 

Featured Reviews

Saravanan_Radhakrishnan - PeerSpot reviewer
Enables applications to be secure, but it must provide more open APIs
The product enables other applications to be secure. We use it to onboard 400 to 500 applications into the DevOps platform, protect them, and have a secure environment. The tool integrates well with different technologies, application stacks, and databases. The APIs are available. We can read the blogs in the community for open-source compliance and security. The community feeds are important. Black Duck is a leader in Gartner. It is a reliable solution.
Ashish Shukla - PeerSpot reviewer
You will get clean code every time, and that's a great achievement
For the QA team, it's a really good tool. For those who are not on the QA team, it is also a good tool to use for SDL in the SDLC. It plays a very critical role of doing the automatic quality check recommendation. Meaning, when using this tool, people can easily rectify the issues in the environment itself, instead of going to a higher environment and identifying them. This tool is quite easy to use and learn. We decided that there was no need to hire anyone new who would specialize in this. We had a team of about five to ten people who learned how to use this tool. There are some other automation tools like Jenkins, for example, that require a lot of effort to configure and write out the code, but you do not need to do such for this tool. I thought outside of the box and saw that there are many options available to us when using this tool. The plugins are there, you can download and use the tool at ease and you do not need to do any kind of development. Overall, it’s quite easy to use.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The cloud option of the product is always available and a positive aspect of the solution."
"Policy management is a valuable feature."
"The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."
"Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it."
"The most valuable feature for me in Black Duck is its ability to scan binary files effectively."
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view."
"The installation is very easy."
"The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach."
"The firewall is the only solution that supports Nexus Repository."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"The customer service is fantastic."
 

Cons

"The documentation is quite scattered."
"The tool's documentation and support are areas of concern where improvements are required."
"The tool needs to improve its pricing. Its configuration is complex and can be improved."
"The initial setup could be simplified. It was somewhat complex."
"Black Duck does not have the SBOM management part. I would like to see this feature added in the future."
"It needs to be more user-friendly for developers and in general, to ensure compliance."
"The solution must provide more open APIs."
"The scanner client is limited by the size of software it can handle."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"The tool needs to improve its file systems. The product should also include zero test feature."
"There are several features lacking in the current offering, particularly concerning container support and AI packages, like humming phase support."
"There are several features lacking in the current offering, particularly concerning container support and AI packages."
 

Pricing and Cost Advice

"I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."
"The price is quite high because the behavior of the software during the scan is similar to competing products."
"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."
"The price charged by Black Duck is exorbitant."
"The pricing is a little high."
"Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."
"The price is low. It's not an expensive solution."
"It is expensive."
"The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
860,168 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Manufacturing Company
15%
Computer Software Company
13%
Insurance Company
4%
Financial Services Firm
25%
Government
12%
University
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
What do you like most about Black Duck?
The cloud option of the product is always available and a positive aspect of the solution.
What is your experience regarding pricing and costs for Black Duck?
The price charged by Black Duck is exorbitant. For the features provided by the product, I would not want to pay a high price. There are many other products in the market that offer better features...
What is your experience regarding pricing and costs for Sonatype Nexus Firewall?
Also, I consider it average. Some people might consider it expensive, however, since it supports many beautiful features, I would say it is worth it.
What is your primary use case for Sonatype Nexus Firewall?
Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the in...
What advice do you have for others considering Sonatype Nexus Firewall?
I would give the solution eight out of ten. I would look at the comparison of Sonatype to some other firewalls. There is room for improvement, especially mentioning container support and AI packages.
 

Also Known As

Blackduck Hub, Black Duck Protex, Black Duck Security Checker
Sonatype Nexus Firewall, Nexus Firewall
 

Overview

 

Sample Customers

Samsung, Siemens, ScienceLogic, BryterCX, Dynatrace
EDF, Tomitribe, Crosskey, Blackboard, Travel audience
Find out what your peers are saying about Black Duck vs. Sonatype Repository Firewall and other solutions. Updated: June 2025.
860,168 professionals have used our research since 2012.