Coming October 25: PeerSpot Awards will be announced! Learn more

Sonatype Nexus Firewall vs Veracode Software Composition Analysis comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Sonatype Nexus Firewall and Veracode Software Composition Analysis based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Sonatype Nexus Firewall vs. Veracode Software Composition Analysis report (Updated: September 2022).
633,184 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."

More Sonatype Nexus Firewall Pros →

"The most valuable feature is the security and vulnerability parts of the solution. It shows medium to high vulnerabilities so we can find them, then upgrade our model before it is too late. It is useful because it automates security. Also, it makes things more efficient. So, there is no need for the security team to scan every time. The application team can update it whenever possible in development.""We have to look at it from the perspectives of how important it is to fix something and when it should be prioritized for fixing. The JSON output from the agent-based scans gives us the CVS core, and that makes things much easier.""It has given our management a view into issues with all of our product lines. We have three products and all of them were scanned. As a result, the project lead for each product has taken measures to improve things.""Considering that in my project, we are mostly using Software Composition Analysis as a part of Static Code Analysis, for me, the main part is reporting and highlighting necessary vulnerabilities. Veracode platform has a rather good database of different vulnerabilities in different libraries and different sources. So, finding vulnerabilities in third-party libraries is the main feature of Software Composition Analysis that we use. It is the most important feature for us.""There have been a lot of benefits gained from Veracode. Compared to other tools, Veracode has good flexibility with an easy way to run a scan. We get in-depth details on how to fix things and go through the process. They provide good process documents, community, and consultation for any issues that occur during the use of Veracode.""For use cases where our company buys a product with the source code, but only the final executables or the binaries, only Veracode is able to work on that type of tool.""It is a good product for creating secure software. The static code analysis is pretty good and useful.""The solution's ability to help create secure software is very valuable. We're a zero-trust networking company so we want to have the ability to say that we're practicing security seriously. Having something like Veracode allows us to have confidence when we're speaking to people about our product that we can back up what we're doing with a certification, with a reputable platform, and say, "This is what we're using to scan an application. Here's the number of vulnerabilities that are on an application. And here's the risk that we're accepting.""

More Veracode Software Composition Analysis Pros →

"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."

More Sonatype Nexus Firewall Cons →

"The JIRA integration automation aspect of it could be improved significantly. We want to have a way to create tickets that are going to allow people to work through those flaws that we're finding. We don't want people to feel like they're missing out on something or that they're not following directions in the right way.""Improving sorting through findings reports to filter by only what is critically relevant will help developers focus on issues.""The scanning could be improved, because some scans take a bit of time.""The results of agent-based software composition analysis are not connected to policy scanning. So, for me, the only thing that Veracode can improve in Software Composition Analysis is to connect it with the policy scan because, at present, it is a bit inconvenient for those in our organization who use agent-based Software Composition Analysis. In the end, they need to make a static scan with all those libraries in order to receive that report. If Veracode implemented a connection between agent-based static scan and static scanning itself, it would be great because it would lead to fewer operations in order to prepare release documentation and release reporting from Veracode. We recently had a conversation with Veracode about it.""From the usability perspective, it is not up to date with the latest trends. It looks very old. Tools such as Datadog, New Relic, or infrastructure security tools, such as AWS Cloud, seem very user-friendly. They are completely web-based, and you can navigate through them pretty quickly, whereas Veracode is very rigid. It is like an old-school enterprise application. It does the job, but they need to invest a little more on the usability front.""It could have better integration with our pipeline. If we could have better integration with our application pipeline, e.g., Jira, Bamboo, or Azure DevOps, then that will be very helpful. Right now, it is quite hard to integrate the solution into our existing pipeline.""It's problematic if you want to integrate it with your pipelines because the documentation is not so well written and it's full of typos. It is not presented in a structured way. It does not say, "If you want to achieve this particular thing, you have to do steps 1, 2, and 3." Instead, it contains bits of information in different parts, and you have to read everything and then understand the big picture.""Veracode doesn't really help you so much when it comes to fixing things. It is able to find our vulnerabilities but the remediation activities it does provide are not a straight out-of-the-box kind of model. We need to work on remediation and not completely rely on Veracode."

More Veracode Software Composition Analysis Cons →

Pricing and Cost Advice
  • "The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."
  • More Sonatype Nexus Firewall Pricing and Cost Advice →

  • "The Veracode price model is based on application profiles, which is how you package your components for scanning."
  • "Compared to other similar products, the licensing and pricing are definitely competitive. If you see Checkmarx as the market leader, then we are talking about Veracode being a fraction of the cost. You also have to consider your hidden costs: you need a team to maintain it, a server, and resources. From that point of view, Veracode is great because the cost is really a fraction of many competitors."
  • "It's too expensive for the European market. That is why, in a big bank with 400 applications, we are able to use it only for 10 of them. But the other solutions are also expensive, so it wasn't a differentiator."
  • "It has good, fair licensing. If the price could depend on the scope of its scanning or the languages supported, then that would be better."
  • "Compared to the typical software composition analysis solutions, Veracode is not so costly, although the static analysis part of it is a little costlier."
  • "For enterprises, Veracode has done a fairly good job, but its pricing is not suitable for startups. The microservice distributed architecture for a startup is very small. I had to do a lot of discussions on the pricing initially. I previously worked in an enterprise organization where I used Veracode, and that's how I got to know about Veracode, but that was a big organization with more than a thousand employees. So, the cost is very different for them because the size of the application is different. Its pricing makes sense there, but when we try to onboard this solution for the startup ecosystem, pricing is not friendly. Because I knew the product and I knew its value, I onboarded it, but I don't think any other startup at our scale will onboard it."
  • "For our company, the price is reasonable for the benefits that we get."
  • More Veracode Software Composition Analysis Pricing and Cost Advice →

    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    633,184 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you.
    Top Answer:The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive. There are no costs in addition to the standard fees.
    Top Answer:With the security concerns around open source, the management and vulnerability scanning, it's relatively new. In today's world more and more people are going through the open source arena and… more »
    Top Answer:There have been a lot of benefits gained from Veracode. Compared to other tools, Veracode has good flexibility with an easy way to run a scan. We get in-depth details on how to fix things and go… more »
    Top Answer:Checkmarx is a very good solution and probably a better solution than Veracode, but it costs four times as much as Veracode. You need an entire team to maintain Checkmarx. You also need on-premise… more »
    Top Answer:The scanning could be improved, because some scans take a bit of time. Many developers have commented on the packaging. It is quite different compared to other tools, so the packaging of codes could… more »
    Average Words per Review
    Average Words per Review
    Also Known As
    Nexus Firewall
    Veracode SCA, SourceClear
    Learn More

    Nexus Firewall is a perimeter quality control for software development. Similar to a network firewall, it leverages rules you define that automatically shield you from unacceptable software components entering and another set for stopping them from exiting your application development.

    Veracode Software Composition detects open source vulnerabilities in the software development process with higher accuracy. Veracode SCA reduces false positives by prioritizing vulnerabilities in the execution path of the application. Its proprietary database contains significantly more vulnerabilities than the NVD because it datamines pull requests, bug reports, and release notes. It also looks for vulnerabilities in dependencies several layers deep. Veracode SCA is part of a comprehensive DevSecOps solution that covers multiple assessment types, enables developers, and helps organizations achieve AppSec governance.

    Learn more about Sonatype Nexus Firewall
    Learn more about Veracode Software Composition Analysis
    Sample Customers
    EDF, Tomitribe, Crosskey, Blackboard, Travel audience
    Blue Prism, Advantasure, Automation Anywhere, Cox Automotive
    Top Industries
    Financial Services Firm19%
    Computer Software Company18%
    Comms Service Provider8%
    Computer Software Company40%
    Comms Service Provider10%
    Non Profit10%
    Financial Services Firm10%
    Computer Software Company23%
    Financial Services Firm18%
    Comms Service Provider8%
    Manufacturing Company6%
    Company Size
    Small Business21%
    Midsize Enterprise9%
    Large Enterprise70%
    Small Business44%
    Midsize Enterprise19%
    Large Enterprise38%
    Small Business16%
    Midsize Enterprise15%
    Large Enterprise69%
    Buyer's Guide
    Sonatype Nexus Firewall vs. Veracode Software Composition Analysis
    September 2022
    Find out what your peers are saying about Sonatype Nexus Firewall vs. Veracode Software Composition Analysis and other solutions. Updated: September 2022.
    633,184 professionals have used our research since 2012.

    Sonatype Nexus Firewall is ranked 8th in Software Composition Analysis (SCA) with 2 reviews while Veracode Software Composition Analysis is ranked 5th in Software Composition Analysis (SCA) with 10 reviews. Sonatype Nexus Firewall is rated 8.6, while Veracode Software Composition Analysis is rated 8.2. The top reviewer of Sonatype Nexus Firewall writes "Significantly decreases our time to market for secure apps by automating open source approval". On the other hand, the top reviewer of Veracode Software Composition Analysis writes "The scanning process helps to significantly improve our standards and best practices". Sonatype Nexus Firewall is most compared with JFrog Xray, Black Duck, SonarQube, Cisco ASA Firewall and Snyk, whereas Veracode Software Composition Analysis is most compared with Black Duck, Snyk, JFrog Xray, Mend and Sonatype Nexus Lifecycle. See our Sonatype Nexus Firewall vs. Veracode Software Composition Analysis report.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.