Try our new research platform with insights from 80,000+ expert users

GitLab vs Sonatype Repository Firewall comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

GitLab
Ranking in Application Security Tools
10th
Ranking in Software Composition Analysis (SCA)
5th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
85
Ranking in other categories
Build Automation (1st), Release Automation (2nd), Static Application Security Testing (SAST) (7th), Rapid Application Development Software (11th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (1st)
Sonatype Repository Firewall
Ranking in Application Security Tools
31st
Ranking in Software Composition Analysis (SCA)
15th
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Application Security Tools category, the mindshare of GitLab is 2.7%, down from 2.8% compared to the previous year. The mindshare of Sonatype Repository Firewall is 0.5%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Improved agility and time to market with CI/CD enhancements
The CI/CD pipelines in GitLab ( /products/gitlab-reviews ) are highly valuable. Another important feature is the single source of repository, allowing efficient repository management and source code management. GitLab provides manageability by allowing us to manage source code effectively through separate repositories. Additionally, GitLab enables the creation of individual CI/CD pipelines for each repository, making software more agile. By integrating GitLab as a DevOps platform, we have enhanced agility, improved our time to market, and different teams can work collaboratively on various projects.
Ashish Shukla - PeerSpot reviewer
You will get clean code every time, and that's a great achievement
For the QA team, it's a really good tool. For those who are not on the QA team, it is also a good tool to use for SDL in the SDLC. It plays a very critical role of doing the automatic quality check recommendation. Meaning, when using this tool, people can easily rectify the issues in the environment itself, instead of going to a higher environment and identifying them. This tool is quite easy to use and learn. We decided that there was no need to hire anyone new who would specialize in this. We had a team of about five to ten people who learned how to use this tool. There are some other automation tools like Jenkins, for example, that require a lot of effort to configure and write out the code, but you do not need to do such for this tool. I thought outside of the box and saw that there are many options available to us when using this tool. The plugins are there, you can download and use the tool at ease and you do not need to do any kind of development. Overall, it’s quite easy to use.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I have found the most valuable feature is security control. I also like the branching and cloning software."
"The most valuable features of GitLab are the CI/CD pipeline and code management."
"This product is always evolving, and they listen to the customers."
"The code merging capability is something that we use very frequently."
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently."
"The most valuable feature of GitLab is its security."
"GitLab's best features are continuous integration and fast deployment."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"The customer service is fantastic."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"The firewall is the only solution that supports Nexus Repository."
 

Cons

"Atlassian offers more products than GitLab. GitLab offers source control management, version control and collaboration between developers. Atlassian offers features on top of this as well as more integration points for developers."
"It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain."
"We would like to have easier tutorials. Their tutorials are too technical for a user to understand. They should be more detailed but less technical."
"Technologies are always changing. Nowadays, new things like serverless computing and workload management have emerged. We have noticed a few gap items for faster service delivery. For example, we do user interface testing in the latest team and automate it using some tools. Recently, we integrated a tool with user interface testing, which can simulate a multi-user environment. So, we would like to see more integration with different platforms."
"The documentation is confusing."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
"As a partner, sometimes it's difficult to get support. They have a really complicated procedure for their support."
"GitLab could consider introducing a code-scanning tool. Purchasing such tools from external markets can incur charges, which might not be favorable. Integrating these features into GitLab would streamline the pipeline and make it more convenient for users."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"There are several features lacking in the current offering, particularly concerning container support and AI packages."
"There are several features lacking in the current offering, particularly concerning container support and AI packages, like humming phase support."
"The tool needs to improve its file systems. The product should also include zero test feature."
 

Pricing and Cost Advice

"GitLab is comparatively expensive, but it provides value because it's feature-rich."
"The solution is based on a licensing model that includes technical support and is paid annually."
"GitLab is an open-source solution."
"We are using the open-source version."
"There are different licensing options available, including a free limited-user license."
"We are using its free version, and we are evaluating its Premium version. Its Ultimate version is very expensive."
"I'm not sure if they have some kind of discount. I've been negotiating with them on prices before, and I believe they weren't too happy to give discounts, but list prices are $19 per user, per month for Premium and $99 per user, per month for Ultimate. So, the difference between Premium and Ultimate is a bit bigger, and in most companies, you need to build some type of business case."
"Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
"The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
860,168 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Computer Software Company
13%
Educational Organization
12%
Government
10%
Financial Services Firm
25%
Government
12%
University
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about GitLab?
I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
What is your experience regarding pricing and costs for GitLab?
The pricing and cost are on par with other tools and are neither too expensive nor cheap.
What needs improvement with GitLab?
One significant feature we lack is the configuration that enforces code reviews, which simplifies the development life cycle. Unfortunately, this is available only at a higher license level than we...
What is your experience regarding pricing and costs for Sonatype Nexus Firewall?
Also, I consider it average. Some people might consider it expensive, however, since it supports many beautiful features, I would say it is worth it.
What is your primary use case for Sonatype Nexus Firewall?
Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the in...
What advice do you have for others considering Sonatype Nexus Firewall?
I would give the solution eight out of ten. I would look at the comparison of Sonatype to some other firewalls. There is room for improvement, especially mentioning container support and AI packages.
 

Also Known As

Fuzzit
Sonatype Nexus Firewall, Nexus Firewall
 

Overview

 

Sample Customers

1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
EDF, Tomitribe, Crosskey, Blackboard, Travel audience
Find out what your peers are saying about GitLab vs. Sonatype Repository Firewall and other solutions. Updated: May 2025.
860,168 professionals have used our research since 2012.