Try our new research platform with insights from 80,000+ expert users

GitGuardian Platform vs Sonatype Repository Firewall comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

GitGuardian Platform
Ranking in Application Security Tools
13th
Average Rating
8.8
Reviews Sentiment
7.4
Number of Reviews
27
Ranking in other categories
Static Application Security Testing (SAST) (9th), Data Loss Prevention (DLP) (9th), Software Supply Chain Security (6th), DevSecOps (5th)
Sonatype Repository Firewall
Ranking in Application Security Tools
31st
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
Software Composition Analysis (SCA) (15th)
 

Mindshare comparison

As of June 2025, in the Application Security Tools category, the mindshare of GitGuardian Platform is 0.6%, up from 0.3% compared to the previous year. The mindshare of Sonatype Repository Firewall is 0.4%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Joan Ging - PeerSpot reviewer
It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation
While they do offer some basic reporting, more comprehensive reporting would be beneficial in the long run. This would allow me to demonstrate the value of the product over time to continue to effectively budget for this subscription, especially as they add features that may come at an additional cost. I appreciate the improvements made to reporting over the past year, but continued development in this area will be appreciated. We have encountered occasional difficulties with the Single Sign-On process. There is room for improvement in its current implementation. It works, but was not quite as smooth as the rest of the GitGuardian experience.
Ashish Shukla - PeerSpot reviewer
You will get clean code every time, and that's a great achievement
For the QA team, it's a really good tool. For those who are not on the QA team, it is also a good tool to use for SDL in the SDLC. It plays a very critical role of doing the automatic quality check recommendation. Meaning, when using this tool, people can easily rectify the issues in the environment itself, instead of going to a higher environment and identifying them. This tool is quite easy to use and learn. We decided that there was no need to hire anyone new who would specialize in this. We had a team of about five to ten people who learned how to use this tool. There are some other automation tools like Jenkins, for example, that require a lot of effort to configure and write out the code, but you do not need to do such for this tool. I thought outside of the box and saw that there are many options available to us when using this tool. The plugins are there, you can download and use the tool at ease and you do not need to do any kind of development. Overall, it’s quite easy to use.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"A high number of our exposures are remediated by developers before security needs to step in, as the self-healing playbook process engages them automatically. This results in issues being resolved within minutes, saving significant effort from the security team in tracking down or communicating with developers."
"The breadth of the solution detection capabilities is pretty good. They have good categories and a lot of different types of secrets... it gives us a great range when it comes to types of secrets, and that's good for us."
"It's fantastic. We have checked a couple of other vendors and seen their results, which are quite inferior to the amount of detail that the GitGuardian Platform provides. With instantaneous notifications connected to our Slack platform, it allows us to deal quickly with incidents."
"The most valuable feature is the alerts when secrets are leaked and we can look at particular repositories to see if there are any outstanding problems. In addition, the solution's detection capabilities seem very broad. We have no concerns there."
"I like that GitGuardian automatically notifies the developer who committed the change. The security team doesn't need to act as the intermediary and tell the developer there is an alert. The alert goes directly to the developer."
"GitGuardian has pretty broad detection capabilities. It covers all of the types of secrets that we've been interested in... [Yet] The "detector" concept, which identifies particular categories or types of secrets, allows an organization to tweak and tailor the configuration for things that are specific to its environment. This is highly useful if you're particularly worried about a certain type of secret and it can help focus attention, as part of early remediation efforts."
"You can also assign tasks to specific teams or people to complete, such as assigning something to the "blue team" or saying that this person needs to do this, and that person needs to do that. That is a great feature because you can actually manage your team internally in GitGuardian."
"It enables us to identify leaks that happened in the past and remediate current leaks as they happen in near real-time. When I say "near real-time," I mean within minutes. These are industry-leading remediation timelines for credential leaks. Previously, it might have taken companies years to get credentials detected or remediated. We can do it in minutes."
"The customer service is fantastic."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"The firewall is the only solution that supports Nexus Repository."
 

Cons

"They could give a developer access to a dashboard for their team's repositories that just shows their repository secrets. I think more could be exposed to developers."
"One of our current challenges is that the GitGuardian platform identifies encrypted secrets and statements as sensitive information even though they're secured."
"GitGuardian encompasses many secrets that companies might have, but we are a Microsoft-only organization, so there are some limitations there in terms of their honey tokens. I'd like for it to not be limited to Amazon-based tokens. It would be nice to see a broader set of providers that you could pick from."
"There is room for improvement in its integration for bug-tracking. It should be more direct. They have invested a lot in user management, but they need to invest in integrations. That is a real lack."
"For some repositories, there are a lot of incidents. For example, one repository says 255 occurrences, so I assume these are 255 alerts and nobody is doing anything about them. These could be false positives. However, I cannot assess it correctly, because I haven't been closing these false positives myself. From the dashboard, I can see that for some of the repositories, there have been a lot of closing of these occurrences, so I would assume there are a lot of false positives. A ballpark estimate would be 60% being false positives. One of the arguments from the developers against this tool is the number of false positives."
"It took us a while to get new patterns introduced into the pattern reporting process."
"The analytics in GitGuardian Platform have a significant opportunity to better reflect the value provided to security teams and demonstrate actual activity occurring."
"Automated Jira tickets would be fantastic. At the moment, I believe we have to go in and click to create a Jira ticket. It would be nice to automate."
"The tool needs to improve its file systems. The product should also include zero test feature."
"There are several features lacking in the current offering, particularly concerning container support and AI packages."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"There are several features lacking in the current offering, particularly concerning container support and AI packages, like humming phase support."
 

Pricing and Cost Advice

"GitGuardian is on the pricier side."
"It's not cheap, but it's not crazy expensive either."
"I compared the solution to a couple of other solutions, and I think it is very competitively priced."
"The pricing for GitGuardian is fair."
"We have seen a return on investment. The amount of time that we would have spent manually doing this definitely outpaces the cost of GitGuardian. It is saving us about $35,000 a year, so I would say the ROI is about $20,000 a year."
"I am only aware of the base price. I do not know what happened with our purchasing team in discussions with GitGuardian. I was not privy to the overall contract, but in terms of the base MSRP price, I found it reasonable."
"With GitGuardian, we didn't need any middlemen."
"It's competitively priced compared to others. Overall, the secret detection sector is expensive, but we are very happy with the value we get."
"The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
857,162 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
23%
Government
15%
Media Company
7%
Financial Services Firm
7%
Financial Services Firm
26%
Government
12%
Manufacturing Company
8%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about GitGuardian Internal Monitoring ?
It's also worth mentioning that GitGuardian is unique because they have a free tier that we've been using for the first twelve months. It provides full functionality for smaller teams. We're a smal...
What is your experience regarding pricing and costs for GitGuardian Internal Monitoring ?
It's fairly priced, as it performs a lot of analysis and is a valuable tool.
What needs improvement with GitGuardian Internal Monitoring ?
We'd love to see notification updates in Slack, as the system does not provide feedback on updates to incidents, which can be problematic when developers resolve issues. ie. if a developer commits ...
What is your experience regarding pricing and costs for Sonatype Nexus Firewall?
Also, I consider it average. Some people might consider it expensive, however, since it supports many beautiful features, I would say it is worth it.
What is your primary use case for Sonatype Nexus Firewall?
Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the in...
What advice do you have for others considering Sonatype Nexus Firewall?
I would give the solution eight out of ten. I would look at the comparison of Sonatype to some other firewalls. There is room for improvement, especially mentioning container support and AI packages.
 

Also Known As

GitGuardian Internal Monitoring
Sonatype Nexus Firewall, Nexus Firewall
 

Overview

 

Sample Customers

Automox, 66degrees (ex Cloudbakers), Iress, Now:Pensions, Payfit, Orange, BouyguesTelecom, Seequent, Stedi, Talend, Snowflake... 
EDF, Tomitribe, Crosskey, Blackboard, Travel audience
Find out what your peers are saying about GitGuardian Platform vs. Sonatype Repository Firewall and other solutions. Updated: June 2025.
857,162 professionals have used our research since 2012.