We performed a comparison between SonarQube and Sonatype Repository Firewall based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"If you want to have your code scanned and timed then this is a good tool."
"We are using the Community edition. So, we don't have to incur any licensing costs. This is the best part."
"It is very good at identifying technical debt."
"Any developer can easily identify issues using the process flow or steps provided by SonarQube. In terms of integration, SonarQube makes it quite easy, simplifying the steps for users."
"We consider it a handy tool that helps to resolve our issues immediately."
"Strong code evaluation for budget-minded clients."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"The learning curve can be fairly steep at first, but then, it's not an entry-level type of application. It's not like an introduction to C programming. You should know not just C programming and how to make projects but also how to apply its findings to the bigger picture. I've had users who said that they wish it was easier to understand how to configure, but I don't know if that's doable because what it's doing is a very complicated thing. I don't know if it is possible to make a complicated thing trivially simple."
"Currently requires multiple tools, lacking one overall tool."
"Lacks sufficient visibility and documentation."
"The pricing could be reduced a bit. It's a little expensive."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"The tool needs to improve its file systems. The product should also include zero test feature."
SonarQube is ranked 1st in Application Security Tools with 112 reviews while Sonatype Repository Firewall is ranked 34th in Application Security Tools with 3 reviews. SonarQube is rated 8.0, while Sonatype Repository Firewall is rated 8.4. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security, whereas Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, Black Duck, GitHub and Sonatype Lifecycle. See our SonarQube vs. Sonatype Repository Firewall report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.