We performed a comparison between SonarQube and Sonatype Repository Firewall based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"We consider it a handy tool that helps to resolve our issues immediately."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"Strong code evaluation for budget-minded clients."
"I like that it has a better dashboard compared to Clockwork. It's also stable."
"We can create a Quality Gate in order to fail Jenkins jobs where the code coverage is lower than the set percentage."
"It provides the security that is required from a solution for financial businesses."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"The learning curve can be fairly steep at first, but then, it's not an entry-level type of application. It's not like an introduction to C programming. You should know not just C programming and how to make projects but also how to apply its findings to the bigger picture. I've had users who said that they wish it was easier to understand how to configure, but I don't know if that's doable because what it's doing is a very complicated thing. I don't know if it is possible to make a complicated thing trivially simple."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"Code security scanning could be improved."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"We did have some trouble with the LDAP integration for the console."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"There needs to be a shareable reporting piece or something we can click and generate easily."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"The tool needs to improve its file systems. The product should also include zero test feature."
SonarQube is ranked 1st in Application Security Tools with 110 reviews while Sonatype Repository Firewall is ranked 34th in Application Security Tools with 3 reviews. SonarQube is rated 8.0, while Sonatype Repository Firewall is rated 8.4. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk, whereas Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, Black Duck, GitHub and Veracode. See our SonarQube vs. Sonatype Repository Firewall report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.