• Home
  • Coverity vs. Sonatype Repository Firewall

Coverity vs Sonatype Repository Firewall comparison

Cancel
You must select at least 2 products to compare!
Synopsys Logo
Coverity
Read 33 Coverity reviews
17,611 views|11,453 comparisons
88% willing to recommend
Sonatype Logo
Sonatype Repository Firewall
Read 3 Sonatype Repository Firewall reviews
793 views|390 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Coverity vs. Sonatype Repository Firewall
September 2022
Executive Summary

We performed a comparison between Coverity and Sonatype Repository Firewall based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Coverity vs. Sonatype Repository Firewall Report (Updated: September 2022).
Download the complete report
769,976 professionals have used our research since 2012.
Featured Review
Archana Verma
Provides software security and helps find potential security bugs or defects
Coverity has improved our functionality and efficiency.
Ashish Shukla
You will get clean code every time, and that's a great achievement
I believe this tool is being used by most of the product development team in the organization. It's part of the CI/CD pipeline. You can say it's a... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time.""The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent.""The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data.""The product is easy to use.""Coverity is quite stable and we haven’t had any issues or any downtime.""I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward.""The solution has improved our code quality and security very well.""We were very comfortable with the initial setup."

More Coverity Pros →

"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you.""The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."

More Sonatype Repository Firewall Pros →

Cons
"Sometimes, vulnerabilities remain unidentified even after setting up the rules.""Reporting engine needs to be more robust.""Its price can be improved. Price is always an issue with Synopsys.""The level of vulnerability that this solution covers could be improved compared to other open source tools.""We'd like it to be faster.""Coverity takes a lot of time to dereference null pointers.""We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues.""When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."

More Coverity Cons →

"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services.""The tool needs to improve its file systems. The product should also include zero test feature."

More Sonatype Repository Firewall Cons →

Pricing and Cost Advice
  • "Coverity is quite expensive."
  • "The licensing fees are based on the number of lines of code."
  • "The price is competitive with other solutions."
  • "It is expensive."
  • "Coverity is very expensive."
  • "This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
  • "The pricing is very reasonable compared to other platforms. It is based on a three year license."
  • "The pricing is on the expensive side, and we are paying for a couple of items."

    • More Coverity Pricing and Cost Advice →

  • "The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."

    • More Sonatype Repository Firewall Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    See Recommendations
    769,976 professionals have used our research since 2012.
    Questions from the Community
    How would you decide between Coverity and Sonarqube?
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    What do you like most about Coverity?
    Top Answer:The solution has improved our code quality and security very well.
    Read all 23 answers   →
    What is your experience regarding pricing and costs for Coverity?
    Top Answer:The tool was fairly priced.
    Read all 20 answers   →
    What do you like most about Sonatype Nexus Firewall?
    Top Answer:The product's network and intrusion protection features are valuable. It also has rules and compliance features for security.
    Read all 2 answers   →
    What is your experience regarding pricing and costs for Sonatype Nexus Fi...
    Top Answer:The licensing is quite reasonable, I believe. I do see that it adds value. It means whatever part you want to use, you can just use that part and pay for that. I think the licensing is fair enough… more »
    Read all 2 answers   →
    What is your primary use case for Sonatype Nexus Firewall?
    Top Answer:The product helps with vulnerability and security assessment. It also helps with assessment at the configuration level.
    Read all 3 answers   →
    Ranking
    4th
    out of 67 in Application Security Testing (AST)
    Views
    17,611
    Comparisons
    11,453
    Reviews
    22
    Average Words per Review
    382
    Rating
    8.0
    34th
    out of 74 in Application Security Tools
    Views
    793
    Comparisons
    390
    Reviews
    1
    Average Words per Review
    105
    Rating
    8.0
    Comparisons
    Also Known As
    Synopsys Static Analysis
    Sonatype Nexus Firewall, Nexus Firewall
    Learn More
    Synopsys
    Sonatype
    Overview

    Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

    Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

    Sonatype Repository Firewall is a cloud-based security solution designed to safeguard your software supply chain against malicious components. It operates by meticulously scanning and evaluating each new component against customized governance policies, thereby effectively identifying and blocking potential threats before they infiltrate your development pipeline. What sets Sonatype Repository Firewall apart is its user-friendly setup, seamless integration with existing workflows, and remarkable scalability, making it suitable for software development environments of any size. Key features include blocking malicious components through behavioral analysis, malware scanning, and vulnerability assessment, as well as the ability to enforce custom governance policies. By utilizing this tool, organizations can enhance their software supply chain security, mitigate risks related to supply chain attacks, bolster compliance with industry standards, and ultimately reduce costs associated with security incidents. 

    Sample Customers
    MStar Semiconductor, Alcatel-Lucent
    EDF, Tomitribe, Crosskey, Blackboard, Travel audience
    Top Industries
    REVIEWERS
    Manufacturing Company36%
    Comms Service Provider20%
    Computer Software Company20%
    Retailer8%
    VISITORS READING REVIEWS
    Manufacturing Company28%
    Computer Software Company16%
    Financial Services Firm8%
    Government4%
    VISITORS READING REVIEWS
    Financial Services Firm32%
    Government8%
    Computer Software Company7%
    Insurance Company5%
    Company Size
    REVIEWERS
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise76%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise11%
    Large Enterprise75%
    Buyer's Guide
    Coverity vs. Sonatype Repository Firewall
    September 2022
    Free Report: Coverity vs. Sonatype Repository Firewall
    Find out what your peers are saying about Coverity vs. Sonatype Repository Firewall and other solutions. Updated: September 2022.
    DOWNLOAD NOW
    769,976 professionals have used our research since 2012.

    Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while Sonatype Repository Firewall is ranked 34th in Application Security Tools with 3 reviews. Coverity is rated 7.8, while Sonatype Repository Firewall is rated 8.4. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, Black Duck, GitHub and Veracode. See our Coverity vs. Sonatype Repository Firewall report.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.