Try our new research platform with insights from 80,000+ expert users

SonarQube Server (formerly SonarQube) vs Sonatype Repository Firewall comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
116
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
Sonatype Repository Firewall
Ranking in Application Security Tools
31st
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
Software Composition Analysis (SCA) (15th)
 

Mindshare comparison

As of July 2025, in the Application Security Tools category, the mindshare of SonarQube Server (formerly SonarQube) is 22.7%, down from 26.7% compared to the previous year. The mindshare of Sonatype Repository Firewall is 0.5%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Sthembiso Zondi - PeerSpot reviewer
Consistent improvements in code quality and security with effective integration and reliable technical support
The features of SonarQube Server (formerly SonarQube) that I find most useful are the suggestions received from reviewing the code. When they review the code, they provide suggestions on how to fix it, and we find those very useful from a development perspective. We use SonarQube Server's (formerly SonarQube) centralized management and visualization of code quality metrics on the dashboard because that's the executive dashboard that we send to the executives to show where we are in terms of quality, security, and where the company can improve. We use that for organizational improvement purposes. The ability to tailor metrics tracking in SonarQube Server (formerly SonarQube) has been beneficial to my team. There are team-specific dashboards which are related to specific repositories they utilize, and we have that aggregative dashboard that shows the whole organization's performance. We can drill down per specific repository, which makes it easier for the team to improve specific things.
Ashish Shukla - PeerSpot reviewer
You will get clean code every time, and that's a great achievement
For the QA team, it's a really good tool. For those who are not on the QA team, it is also a good tool to use for SDL in the SDLC. It plays a very critical role of doing the automatic quality check recommendation. Meaning, when using this tool, people can easily rectify the issues in the environment itself, instead of going to a higher environment and identifying them. This tool is quite easy to use and learn. We decided that there was no need to hire anyone new who would specialize in this. We had a team of about five to ten people who learned how to use this tool. There are some other automation tools like Jenkins, for example, that require a lot of effort to configure and write out the code, but you do not need to do such for this tool. I thought outside of the box and saw that there are many options available to us when using this tool. The plugins are there, you can download and use the tool at ease and you do not need to do any kind of development. Overall, it’s quite easy to use.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know."
"The solution is stable."
"I like that it has a better dashboard compared to Clockwork. It's also stable."
"The static code analysis is very good."
"The most valuable features are the segregation containment and the suspension of product services."
"It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis."
"We consider it a handy tool that helps to resolve our issues immediately."
"The firewall is the only solution that supports Nexus Repository."
"The customer service is fantastic."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
 

Cons

"There are limitations to the free version that limit development options as far as languages."
"The security in SonarQube could be better."
"I would like to see dynamic code analysis in the next version of the software."
"It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts."
"The solution could improve by providing more advanced technologies."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"I am not very pleased with the technical debt computation."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"There are several features lacking in the current offering, particularly concerning container support and AI packages, like humming phase support."
"The tool needs to improve its file systems. The product should also include zero test feature."
"There are several features lacking in the current offering, particularly concerning container support and AI packages."
 

Pricing and Cost Advice

"This solution is free."
"It's a bit expensive for us. The currency rate of the dollar is a problem but it may be fine for other countries."
"I use the full trial version of SonarQube."
"We are using the community version of the solution and we plan on purchasing licenses for the upgraded version soon. There is a limitation on how many lines of code can be scanned and this is why we are going to purchase a license for an increased amount."
"I do not know about the pricing as I am using the community edition, which is free. But I compared the pricing with Sigma, and it is higher than SonarQube."
"We are using the Community edition of SonarQube."
"This is open source."
"Some of the plugins that were previously free are not free now."
"The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
861,170 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
Financial Services Firm
24%
Government
12%
Insurance Company
9%
University
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What is your experience regarding pricing and costs for Sonatype Nexus Firewall?
Also, I consider it average. Some people might consider it expensive, however, since it supports many beautiful features, I would say it is worth it.
What is your primary use case for Sonatype Nexus Firewall?
Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the in...
What advice do you have for others considering Sonatype Nexus Firewall?
I would give the solution eight out of ten. I would look at the comparison of Sonatype to some other firewalls. There is room for improvement, especially mentioning container support and AI packages.
 

Also Known As

Sonar
Sonatype Nexus Firewall, Nexus Firewall
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Information Not Available
EDF, Tomitribe, Crosskey, Blackboard, Travel audience
Find out what your peers are saying about SonarQube Server (formerly SonarQube) vs. Sonatype Repository Firewall and other solutions. Updated: July 2025.
861,170 professionals have used our research since 2012.