Try our new research platform with insights from 80,000+ expert users

Snyk vs Sonatype Repository Firewall comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 4, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Snyk
Ranking in Application Security Tools
5th
Ranking in Software Composition Analysis (SCA)
2nd
Average Rating
8.0
Reviews Sentiment
7.4
Number of Reviews
48
Ranking in other categories
Static Application Security Testing (SAST) (8th), Cloud Management (14th), Container Security (5th), Software Development Analytics (2nd), Cloud Security Posture Management (CSPM) (16th), DevSecOps (2nd), Application Security Posture Management (ASPM) (1st)
Sonatype Repository Firewall
Ranking in Application Security Tools
31st
Ranking in Software Composition Analysis (SCA)
15th
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Application Security Tools category, the mindshare of Snyk is 7.5%, down from 8.1% compared to the previous year. The mindshare of Sonatype Repository Firewall is 0.5%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

meetharoon - PeerSpot reviewer
Affordable tool boosts code scanning efficiency but faces integration hurdles
The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Check Point. It is easy to consolidate Snyk across multiple entities within a large organization. Additionally, our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.
Ashish Shukla - PeerSpot reviewer
You will get clean code every time, and that's a great achievement
For the QA team, it's a really good tool. For those who are not on the QA team, it is also a good tool to use for SDL in the SDLC. It plays a very critical role of doing the automatic quality check recommendation. Meaning, when using this tool, people can easily rectify the issues in the environment itself, instead of going to a higher environment and identifying them. This tool is quite easy to use and learn. We decided that there was no need to hire anyone new who would specialize in this. We had a team of about five to ten people who learned how to use this tool. There are some other automation tools like Jenkins, for example, that require a lot of effort to configure and write out the code, but you do not need to do such for this tool. I thought outside of the box and saw that there are many options available to us when using this tool. The plugins are there, you can download and use the tool at ease and you do not need to do any kind of development. Overall, it’s quite easy to use.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Provides clear information and is easy to follow with good feedback regarding code practices."
"Snyk helps me pinpoint security errors in my code."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"The valuable aspect is its security capabilities."
"The code scans on the source code itself were valuable."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"Static code analysis is one of the best features of the solution."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"The customer service is fantastic."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"The firewall is the only solution that supports Nexus Repository."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
 

Cons

"Generating reports and visibility through reports are definitely things they can do better."
"Compatibility with other products would be great."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"One area where Snyk could improve is in providing developers with the line where the error occurs."
"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"It would be ideal if there was customization with a focus on specific cybersecurity areas or capabilities."
"The tool needs to improve its file systems. The product should also include zero test feature."
"There are several features lacking in the current offering, particularly concerning container support and AI packages, like humming phase support."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"There are several features lacking in the current offering, particularly concerning container support and AI packages."
 

Pricing and Cost Advice

"You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it."
"We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon"
"Despite Snyk's coverage, scalability, reliability, and stability, it is available at a very competitive price."
"For what Snyk offers, it has the best cost-benefit I have ever seen because you're buying the license per user."
"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."
"Snyk is an expensive solution."
"I would rate the pricing of Snyk at two. I'm currently using the free version, which the company offers before buying the full version. So, the price is affordable, especially for an enterprise."
"We are using the open-source version for the scans."
"The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
14%
Manufacturing Company
9%
Insurance Company
7%
Financial Services Firm
24%
Government
11%
Insurance Company
11%
University
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.
What needs improvement with Snyk?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false positives would be beneficial. So far, I've not seen any AI features to enhance vuln...
What is your experience regarding pricing and costs for Sonatype Nexus Firewall?
Also, I consider it average. Some people might consider it expensive, however, since it supports many beautiful features, I would say it is worth it.
What is your primary use case for Sonatype Nexus Firewall?
Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the in...
What advice do you have for others considering Sonatype Nexus Firewall?
I would give the solution eight out of ten. I would look at the comparison of Sonatype to some other firewalls. There is room for improvement, especially mentioning container support and AI packages.
 

Also Known As

Fugue
Sonatype Nexus Firewall, Nexus Firewall
 

Overview

 

Sample Customers

StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
EDF, Tomitribe, Crosskey, Blackboard, Travel audience
Find out what your peers are saying about Snyk vs. Sonatype Repository Firewall and other solutions. Updated: July 2025.
861,390 professionals have used our research since 2012.