Try our new research platform with insights from 80,000+ expert users

GitGuardian Platform vs Sonatype Repository Firewall comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

GitGuardian Platform
Ranking in Application Security Tools
13th
Average Rating
9.0
Reviews Sentiment
7.4
Number of Reviews
25
Ranking in other categories
Static Application Security Testing (SAST) (9th), Data Loss Prevention (DLP) (9th), Software Supply Chain Security (6th), DevSecOps (5th)
Sonatype Repository Firewall
Ranking in Application Security Tools
31st
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
Software Composition Analysis (SCA) (15th)
 

Mindshare comparison

As of June 2025, in the Application Security Tools category, the mindshare of GitGuardian Platform is 0.6%, up from 0.3% compared to the previous year. The mindshare of Sonatype Repository Firewall is 0.4%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Joan Ging - PeerSpot reviewer
It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation
While they do offer some basic reporting, more comprehensive reporting would be beneficial in the long run. This would allow me to demonstrate the value of the product over time to continue to effectively budget for this subscription, especially as they add features that may come at an additional cost. I appreciate the improvements made to reporting over the past year, but continued development in this area will be appreciated. We have encountered occasional difficulties with the Single Sign-On process. There is room for improvement in its current implementation. It works, but was not quite as smooth as the rest of the GitGuardian experience.
Ashish Shukla - PeerSpot reviewer
You will get clean code every time, and that's a great achievement
For the QA team, it's a really good tool. For those who are not on the QA team, it is also a good tool to use for SDL in the SDLC. It plays a very critical role of doing the automatic quality check recommendation. Meaning, when using this tool, people can easily rectify the issues in the environment itself, instead of going to a higher environment and identifying them. This tool is quite easy to use and learn. We decided that there was no need to hire anyone new who would specialize in this. We had a team of about five to ten people who learned how to use this tool. There are some other automation tools like Jenkins, for example, that require a lot of effort to configure and write out the code, but you do not need to do such for this tool. I thought outside of the box and saw that there are many options available to us when using this tool. The plugins are there, you can download and use the tool at ease and you do not need to do any kind of development. Overall, it’s quite easy to use.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I like that GitGuardian automatically notifies the developer who committed the change. The security team doesn't need to act as the intermediary and tell the developer there is an alert. The alert goes directly to the developer."
"GitGuardian has also helped us develop a security-minded culture. We're serious about shift left and getting better about code security. I think a lot of people are getting more mindful about what a secret is."
"GitGuardian Internal Monitoring has helped increase our secrets detection rate by several orders of magnitude. This is a hard metric to get. For example, if we knew what our secrets were and where they were, we wouldn't need GitGuardian or these types of solutions. There could be a million more secrets that GitGuardian doesn't detect, but it is basically impossible to find them by searching for them."
"Presently, we find the pre-commit hooks more useful."
"The entire GitGuardian solution is valuable. The product is doing its job and showing us many things. We get many false positives, but the ability to automatically display potential leaks when developers commit is valuable. The dashboards show you recent and historical commits, and we have a full scan that shows historical leaked secrets."
"The most valuable feature is its ability to automate both downloading the repository and generating a Software Bill of Materials directly from it."
"The most valuable feature is the general incident reporting system."
"The secrets detection and alerting is the most important feature. We get alerted almost immediately after someone commits a secret. It has been very accurate, allowing us to jump on it right away, then figure out if we have something substantial that has been leaked or whether it is something that we don't have to worry about. This general main feature of the app is great."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"The firewall is the only solution that supports Nexus Repository."
"The customer service is fantastic."
 

Cons

"One improvement that I'd like to see is a cleaner for Splunk logs. It would be nice to have a middle man for anything we send or receive from Splunk forwarders. I'd love to see it get cleaned by GitGuardian or caught to make sure we don't have any secrets getting committed to Splunk logs."
"GitGuardian's hook and dashboard scanners are the two entities. They should work together as one. We've seen several discrepancies where the hook is not being flagged on the dashboard. I still think they need to do some fine-tuning around that. We don't want to waste time."
"The purchasing process is convoluted compared to Snyk, the other tool we use. It's like night and day because you only need to punch in your credit card, and you're set. With GitGuardian, getting a quote took two or three weeks. We paid for it in December but have not settled that payment yet."
"If a developer commits code into their repo, it generates an alert. The alert comes into Slack, but by the time someone looks at it through the Slack alerting channel, the developer might have gone and already fixed or closed the issue. There's no sort of feedback loop to come back into the notification channel to show that it's been addressed."
"It would be nice if they supported detecting PII or had some kind of data loss prevention feature."
"GitGuardian encompasses many secrets that companies might have, but we are a Microsoft-only organization, so there are some limitations there in terms of their honey tokens. I'd like for it to not be limited to Amazon-based tokens. It would be nice to see a broader set of providers that you could pick from."
"It could be easier. They have a CLI tool that engineers can run on their laptops, but getting engineers to install the tool is a manual process. I would like to see them have it integrated into one of those developer tools, e.g., VS Code or JetBrains, so developers don't have to think about it."
"GitGuardian could have more detailed information on what software engineers can do. It only provides some highly generic feedback when a secret is detected. They should have outside documentation. We send this to our software engineers, who are still doing the commits. It's the wrong way to work, but they are accustomed to doing it this way. When they go into that ticket, they see a few instructions that might be confusing. If I see a leaked secret committed two years ago, it's not enough to undo that commit. I need to go in there, change all my code to utilize GitHub secrets, and go on AWS to validate my key."
"There are several features lacking in the current offering, particularly concerning container support and AI packages, like humming phase support."
"The tool needs to improve its file systems. The product should also include zero test feature."
"There are several features lacking in the current offering, particularly concerning container support and AI packages."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
 

Pricing and Cost Advice

"We have seen a return on investment. The amount of time that we would have spent manually doing this definitely outpaces the cost of GitGuardian. It is saving us about $35,000 a year, so I would say the ROI is about $20,000 a year."
"It could be cheaper. When GitHub secrets monitoring solution goes to general access and general availability, GitGuardian might be in a little bit of trouble from the competition, and maybe then they might lower their prices. The GitGuardian solution is great. I'm just concerned that they're not GitHub."
"It's fairly priced, as it performs a lot of analysis and is a valuable tool."
"The pricing for GitGuardian is fair."
"It's a little bit expensive."
"The pricing and licensing are fair. It isn't very expensive and it's good value."
"The pricing is reasonable. GitGuardian is one of the most recent security tools we've adopted. When it came time to renew it, there was no doubt about it. It is licensed per developer, so it scales nicely with the number of repos that we have. We can create new repositories and break up work. It isn't scaling based on the amount of data it's consuming."
"With GitGuardian, we didn't need any middlemen."
"The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
854,618 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
22%
Government
14%
Media Company
8%
Financial Services Firm
7%
Financial Services Firm
26%
Government
11%
University
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about GitGuardian Internal Monitoring ?
It's also worth mentioning that GitGuardian is unique because they have a free tier that we've been using for the first twelve months. It provides full functionality for smaller teams. We're a smal...
What needs improvement with GitGuardian Internal Monitoring ?
We'd like to request a new GitGuardian feature that automates user onboarding and access control for code repositories. Ideally, when a user contributes to a repository, they would be automatically...
What is your experience regarding pricing and costs for Sonatype Nexus Firewall?
Also, I consider it average. Some people might consider it expensive, however, since it supports many beautiful features, I would say it is worth it.
What is your primary use case for Sonatype Nexus Firewall?
Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the in...
What advice do you have for others considering Sonatype Nexus Firewall?
I would give the solution eight out of ten. I would look at the comparison of Sonatype to some other firewalls. There is room for improvement, especially mentioning container support and AI packages.
 

Also Known As

GitGuardian Internal Monitoring
Sonatype Nexus Firewall, Nexus Firewall
 

Overview

 

Sample Customers

Automox, 66degrees (ex Cloudbakers), Iress, Now:Pensions, Payfit, Orange, BouyguesTelecom, Seequent, Stedi, Talend, Snowflake... 
EDF, Tomitribe, Crosskey, Blackboard, Travel audience
Find out what your peers are saying about GitGuardian Platform vs. Sonatype Repository Firewall and other solutions. Updated: June 2025.
854,618 professionals have used our research since 2012.