• Home
  • Sonatype Repository Firewall vs. Veracode

Sonatype Repository Firewall vs Veracode comparison

Cancel
You must select at least 2 products to compare!
Sonatype Logo

Sonatype Repository Firewall

Read 3 Sonatype Repository Firewall reviews
826 views|405 comparisons
100% willing to recommend
Veracode Logo

Veracode

Read 194 Veracode reviews
26,359 views|17,613 comparisons
89% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Sonatype Repository Firewall vs. Veracode
March 2024
Executive Summary

We performed a comparison between Sonatype Repository Firewall and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Sonatype Repository Firewall vs. Veracode Report (Updated: March 2024).
Download the complete report
768,578 professionals have used our research since 2012.
Featured Review
Ashish Shukla
You will get clean code every time, and that's a great achievement
I believe this tool is being used by most of the product development team in the organization. It's part of the CI/CD pipeline. You can say it's a... Read more →
ShubhamSharma5
A very good tool for dynamic application testing, but its price is a little high
We have had challenges with security because developers come from different organizations and different backgrounds. They have different ways of... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you.""The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."

More Sonatype Repository Firewall Pros →

"It provides security of different Shadow IT activities in our environment, especially around application development and website hosting.""I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them.""The source composition analysis component is great because it gives our developers some comfort in using new libraries.""It has the ability to statically scan your source code before it goes to production. It can be scanned within your testing or development environment, and that is very useful. And good explanations of all the vulnerabilities in your source code help take care of those issues in future code implementation as well.""I like the way the flaws are reported in the system.""The pricing is worth it.""The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up.""It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security."

More Veracode Pros →

Cons
"The tool needs to improve its file systems. The product should also include zero test feature.""What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."

More Sonatype Repository Firewall Cons →

"They need to have a plug-in, a better integration with the development environment.""I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results.""Ideally, I would like better reporting that gives me a more concise and accurate description of what my pain points are, and how to get to them.""The training lab is not very user-friendly and takes a long time to set up.""The dynamic scanning feature works, but it doesn't work properly for some of our applications. It doesn't allow us to skip. They claim that we can do this, but it doesn't work when we're scanning the applications in real-time.""We use Ruby on Rails and we still don't have any support for that from Veracode.""Veracode's ease of use could be improved. I would also like to see more online videos and tutorials that could help us understand the product better. It would also be helpful if Veracode created a certification program for DevSecOps staff to learn about their product and get certified. This kind of training would raise the company's profile within the industry.""Third-party library scanning would be very useful to have. When I was researching this a year ago, there was not a third-party library scan available. This would be a nice feature to have because we are now running through some assessments and finding out which tool can do it since this information needs to be captured. Since Veracode is a security solution, this should be related."

More Veracode Cons →

Pricing and Cost Advice
  • "The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."

    • More Sonatype Repository Firewall Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    768,578 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Sonatype Nexus Firewall?
    Top Answer:The product's network and intrusion protection features are valuable. It also has rules and compliance features for security.
    Read all 2 answers   →
    What is your experience regarding pricing and costs for Sonatype Nexus Fi...
    Top Answer:The licensing is quite reasonable, I believe. I do see that it adds value. It means whatever part you want to use, you can just use that part and pay for that. I think the licensing is fair enough… more »
    Read all 2 answers   →
    What is your primary use case for Sonatype Nexus Firewall?
    Top Answer:The product helps with vulnerability and security assessment. It also helps with assessment at the configuration level.
    Read all 3 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    31st
    out of 74 in Application Security Tools
    Views
    826
    Comparisons
    405
    Reviews
    2
    Average Words per Review
    531
    Rating
    8.5
    2nd
    out of 74 in Application Security Tools
    Views
    26,359
    Comparisons
    17,613
    Reviews
    99
    Average Words per Review
    970
    Rating
    8.1
    Comparisons
    Also Known As
    Sonatype Nexus Firewall, Nexus Firewall
    Crashtest Security , Veracode Detect
    Learn More
    Sonatype
    Veracode
    Overview

    Sonatype Repository Firewall is a cloud-based security solution designed to safeguard your software supply chain against malicious components. It operates by meticulously scanning and evaluating each new component against customized governance policies, thereby effectively identifying and blocking potential threats before they infiltrate your development pipeline. What sets Sonatype Repository Firewall apart is its user-friendly setup, seamless integration with existing workflows, and remarkable scalability, making it suitable for software development environments of any size. Key features include blocking malicious components through behavioral analysis, malware scanning, and vulnerability assessment, as well as the ability to enforce custom governance policies. By utilizing this tool, organizations can enhance their software supply chain security, mitigate risks related to supply chain attacks, bolster compliance with industry standards, and ultimately reduce costs associated with security incidents. 

    Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

    Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

    Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

    Here are some of the benefits of using Veracode:

    • Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
    • Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application. 
    • Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.
    Sample Customers
    EDF, Tomitribe, Crosskey, Blackboard, Travel audience
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm33%
    Government8%
    Computer Software Company6%
    Insurance Company5%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise11%
    Large Enterprise75%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    Sonatype Repository Firewall vs. Veracode
    March 2024
    Free Report: Sonatype Repository Firewall vs. Veracode
    Find out what your peers are saying about Sonatype Repository Firewall vs. Veracode and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,578 professionals have used our research since 2012.

    Sonatype Repository Firewall is ranked 31st in Application Security Tools with 3 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Sonatype Repository Firewall is rated 8.4, while Veracode is rated 8.2. The top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, GitHub, Black Duck and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our Sonatype Repository Firewall vs. Veracode report.

    See our list of best Application Security Tools vendors and best Software Composition Analysis (SCA) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.