We performed a comparison between Contrast Security Protect and Sonatype Nexus Firewall based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use."
"My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous."
"In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application."
"Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers."
"It's comprehensive from a feature standpoint."
"The main feature that I have found valuable is the solution's ability to find issues in static analysis. Additionally, there are plenty of useful tools."
"It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
"Protect provides us with more in-depth visibility into ongoing attacks."
"The solution has excellent real-time capabilities."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results."
"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."
"I would like to see them provide more content in the developer training section. This field is really changing each day and there are flaws that are detected each day. Some sort of regular updates to the learning would help."
"When it comes to the speed of the pipeline scan, one of the things we have found with Veracode is that it's very fast with Java-based applications but a bit slow with C/C++ based applications. So we have implemented the pipeline scan only for Java-based applications not for the C/C++ applications."
"Third-party library scanning would be very useful to have. When I was researching this a year ago, there was not a third-party library scan available. This would be a nice feature to have because we are now running through some assessments and finding out which tool can do it since this information needs to be captured. Since Veracode is a security solution, this should be related."
"Veracode has plenty of data. The problem is the information on the dashboards of Veracode, as the user interface is not great. It's not immediately usable. Most of the time, the best way to use it is to just create issues and put them in JIRA... But if I were a startup, and only had products with a good user interface, I wouldn't use Veracode because the UI is very dated."
"The feature that allows me to read which mitigation answer was submitted, and to approve it, requires me to use do so in different screens. That makes it a little bit more complicated because I have to read and then I have to go back and make sure it falls under the same number ID number. That part is a little bit complicated from my perspective, because that's what I use the most."
"The policies you have, where you can tune the findings you get, don't allow you not to file tickets about certain findings. It will always report the findings, even if you know you're not that concerned about a library writing to a system log, for example. It will keep raising them, even though you may have a ticket about it. The integration will keep updating the ticket every time the scan runs."
"There's room for improvement in the initial setup."
"Protect's reporting GUI is very basic. To get all statuses from the APIs, we needed to write our own KPI dashboard to provide reports."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
Protect your applications from attacks by detecting and automatically fixing vulnerabilities. Get a quick, personalized demo to see how you can better protect your business with Contrast Security.
Contrast Security Protect is ranked 21st in Application Security Tools with 2 reviews while Sonatype Nexus Firewall is ranked 16th in Application Security Tools with 2 reviews. Contrast Security Protect is rated 8.6, while Sonatype Nexus Firewall is rated 8.6. The top reviewer of Contrast Security Protect writes "Stable with good real-time capabilities and excellent technical support". On the other hand, the top reviewer of Sonatype Nexus Firewall writes "Significantly decreases our time to market for secure apps by automating open source approval". Contrast Security Protect is most compared with SonarQube, Snyk, Micro Focus Fortify on Demand, Checkmarx and Coverity, whereas Sonatype Nexus Firewall is most compared with JFrog Xray, Black Duck, Cisco Secure Firewall, SonarQube and GitLab. See our Contrast Security Protect vs. Sonatype Nexus Firewall report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
