Try our new research platform with insights from 80,000+ expert users

Qualys Web Application Scanning vs Sonatype Repository Firewall comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys Web Application Scan...
Ranking in Application Security Tools
13th
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
38
Ranking in other categories
Static Application Security Testing (SAST) (9th)
Sonatype Repository Firewall
Ranking in Application Security Tools
31st
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
Software Composition Analysis (SCA) (15th)
 

Mindshare comparison

As of July 2025, in the Application Security Tools category, the mindshare of Qualys Web Application Scanning is 2.1%, up from 2.0% compared to the previous year. The mindshare of Sonatype Repository Firewall is 0.5%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Kelvin Oladipo - PeerSpot reviewer
User-friendly scanning provides valuable vulnerability insights, but pricing improvements are needed
Qualys Web Application Scanning ( /products/qualys-web-application-scanning-reviews ) is user-friendly, easy to understand, easy to use, and easy to deploy. Credential scanning is very effective because it goes in-depth into the system, crawling the pages, and reporting on vulnerabilities. The product helps by providing options for remediating vulnerabilities it finds, making it really useful.
Ashish Shukla - PeerSpot reviewer
You will get clean code every time, and that's a great achievement
For the QA team, it's a really good tool. For those who are not on the QA team, it is also a good tool to use for SDL in the SDLC. It plays a very critical role of doing the automatic quality check recommendation. Meaning, when using this tool, people can easily rectify the issues in the environment itself, instead of going to a higher environment and identifying them. This tool is quite easy to use and learn. We decided that there was no need to hire anyone new who would specialize in this. We had a team of about five to ten people who learned how to use this tool. There are some other automation tools like Jenkins, for example, that require a lot of effort to configure and write out the code, but you do not need to do such for this tool. I thought outside of the box and saw that there are many options available to us when using this tool. The plugins are there, you can download and use the tool at ease and you do not need to do any kind of development. Overall, it’s quite easy to use.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is a cloud-based solution, so it is easy to scale."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"​This product is designed for easy scalability and can easily scale up ​without major challenges."
"It works with many different products."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"​We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues.​"
"The firewall is the only solution that supports Nexus Repository."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"The customer service is fantastic."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
 

Cons

"The product's pricing could be better."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"The software’s pricing could be improved."
"It is unclear how to build automation on Qualys. We do some automation, but not fully, because working is difficult."
"In certain cases, this product does have false positives, which the company should work on."
"It should have better automatic reporting."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"The reporting contains too many false positives."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"The tool needs to improve its file systems. The product should also include zero test feature."
"There are several features lacking in the current offering, particularly concerning container support and AI packages, like humming phase support."
"There are several features lacking in the current offering, particularly concerning container support and AI packages."
 

Pricing and Cost Advice

"The product has a very good licensing model."
"Qualys Web Application Scanning's pricing is a bit expensive compared to other solutions available in the market."
"There are different options available with respect to licensing."
"I rate the software’s pricing a six out of ten."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders​."
"We normally purchase an annual license."
"The product pricing is fair and reasonably priced."
"Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases, when we do the PCI scanning, the host will not like the scanning and we lose the IT license. So, this could be improved."
"The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
859,687 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
10%
Government
8%
Financial Services Firm
26%
Government
12%
University
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What needs improvement with Qualys Web Application Scanning?
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus ( /products/tenable-nessus-reviews ). After using the product for a year, I might have more s...
What is your experience regarding pricing and costs for Sonatype Nexus Firewall?
Also, I consider it average. Some people might consider it expensive, however, since it supports many beautiful features, I would say it is worth it.
What is your primary use case for Sonatype Nexus Firewall?
Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the in...
What advice do you have for others considering Sonatype Nexus Firewall?
I would give the solution eight out of ten. I would look at the comparison of Sonatype to some other firewalls. There is room for improvement, especially mentioning container support and AI packages.
 

Also Known As

Qualys WAS
Sonatype Nexus Firewall, Nexus Firewall
 

Overview

 

Sample Customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
EDF, Tomitribe, Crosskey, Blackboard, Travel audience
Find out what your peers are saying about Qualys Web Application Scanning vs. Sonatype Repository Firewall and other solutions. Updated: June 2025.
859,687 professionals have used our research since 2012.