We performed a comparison between GitLab and Sonatype Nexus Firewall based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, Sonatype Nexus Firewall came out ahead of GitLab. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that GitLab's complexity is its main drawback, which some users find overwhelming and difficult to navigate.
"I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently."
"GitLab integrates well with other platforms."
"The most valuable functionality of GitLab, for me, is the DevOps. Besides the normal source control based on Git, I find the Auto DevOps features most important in the solution."
"It's a great toolbox where the CI/CD pipeline is the fundamental component, but there are so many other features that you can pull from, which makes it a very powerful tool. My current client is using AWS, and they can, of course, use AWS CodePipeline, but GitLab is much more mature than that, and it also gives you the freedom to decide to go to another platform or have a multi-cloud strategy and things like that. That freedom for me is also very valuable."
"The most valuable feature of GitLab is the automatic merging of code."
"The solution is stable."
"CI/CD and GitLab scanning are the most valuable features."
"The dashboard and interface make it easy to use."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package."
"Merge conflicts and repository maintenance could improve. If there is someone new to the system they would not know if there is a conflict."
"The integration could be slightly better."
"GitLab would be improved with the addition of templates for deployment on local PCs."
"Expand features to match other tools such as a static code analysis tool so third-party integrations are not required."
"There is a need to improve or adopt AI into the ecosystem like a co-pilot, which Microsoft has done with GitHub."
"We'd like to see better integration with the Atlassian ecosystem."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"The tool needs to improve its file systems. The product should also include zero test feature."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
GitLab is ranked 6th in Software Composition Analysis (SCA) with 70 reviews while Sonatype Repository Firewall is ranked 12th in Software Composition Analysis (SCA) with 3 reviews. GitLab is rated 8.6, while Sonatype Repository Firewall is rated 8.4. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, SonarQube and Tekton, whereas Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, GitHub, Black Duck and Sonatype Lifecycle. See our GitLab vs. Sonatype Repository Firewall report.
See our list of best Software Composition Analysis (SCA) vendors and best Application Security Tools vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
