Try our new research platform with insights from 80,000+ expert users

JFrog Xray vs Sonatype Repository Firewall comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

JFrog Xray
Ranking in Software Composition Analysis (SCA)
6th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
8
Ranking in other categories
Vulnerability Management (32nd), Container Security (20th), Software Supply Chain Security (2nd)
Sonatype Repository Firewall
Ranking in Software Composition Analysis (SCA)
15th
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
Application Security Tools (31st)
 

Mindshare comparison

As of July 2025, in the Software Composition Analysis (SCA) category, the mindshare of JFrog Xray is 10.2%, up from 8.6% compared to the previous year. The mindshare of Sonatype Repository Firewall is 1.5%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
 

Featured Reviews

Mokshi Pandita - PeerSpot reviewer
An intelligent solution that prioritizes which vulnerability to target first in your project
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Ashish Shukla - PeerSpot reviewer
You will get clean code every time, and that's a great achievement
For the QA team, it's a really good tool. For those who are not on the QA team, it is also a good tool to use for SDL in the SDLC. It plays a very critical role of doing the automatic quality check recommendation. Meaning, when using this tool, people can easily rectify the issues in the environment itself, instead of going to a higher environment and identifying them. This tool is quite easy to use and learn. We decided that there was no need to hire anyone new who would specialize in this. We had a team of about five to ten people who learned how to use this tool. There are some other automation tools like Jenkins, for example, that require a lot of effort to configure and write out the code, but you do not need to do such for this tool. I thought outside of the box and saw that there are many options available to us when using this tool. The plugins are there, you can download and use the tool at ease and you do not need to do any kind of development. Overall, it’s quite easy to use.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"The solution is stable and reliable."
"Good reporting functionalities."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"The firewall is the only solution that supports Nexus Repository."
"The customer service is fantastic."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
 

Cons

"JFrog Xray does not have a dashboard."
"Lacks deeper reporting, the ability to compare things."
"JFrog Xray's documentation and error logging could be improved."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL."
"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."
"The tool needs to improve its file systems. The product should also include zero test feature."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"There are several features lacking in the current offering, particularly concerning container support and AI packages, like humming phase support."
"There are several features lacking in the current offering, particularly concerning container support and AI packages."
 

Pricing and Cost Advice

Information not available
"The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
861,034 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
25%
Computer Software Company
12%
Manufacturing Company
12%
Government
5%
Financial Services Firm
25%
Government
12%
University
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about JFrog Xray?
JFrog Xray shows us a list of vulnerabilities that can impact our code.
What needs improvement with JFrog Xray?
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support during troubleshooting sessions would also be beneficial.
What is your primary use case for JFrog Xray?
Our primary use case for X-ray includes multiple activities such as security and vulnerability scanning. We already use Black Duck for these purposes, and we are evaluating how JFrog Xray can offer...
What is your experience regarding pricing and costs for Sonatype Nexus Firewall?
Also, I consider it average. Some people might consider it expensive, however, since it supports many beautiful features, I would say it is worth it.
What is your primary use case for Sonatype Nexus Firewall?
Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the in...
What advice do you have for others considering Sonatype Nexus Firewall?
I would give the solution eight out of ten. I would look at the comparison of Sonatype to some other firewalls. There is room for improvement, especially mentioning container support and AI packages.
 

Also Known As

JFrog Security Essentials
Sonatype Nexus Firewall, Nexus Firewall
 

Overview

 

Sample Customers

google, amazon, cisco, netflix, oracle, vmware, facebook
EDF, Tomitribe, Crosskey, Blackboard, Travel audience
Find out what your peers are saying about JFrog Xray vs. Sonatype Repository Firewall and other solutions. Updated: June 2025.
861,034 professionals have used our research since 2012.