• Home
  • Sonatype Repository Firewall vs. Veracode

Sonatype Repository Firewall vs Veracode comparison

Cancel
You must select at least 2 products to compare!
Sonatype Logo
Sonatype Repository Firewall
Read 3 Sonatype Repository Firewall reviews
753 views|384 comparisons
100% willing to recommend
Veracode Logo
Veracode
Read 194 Veracode reviews
24,547 views|16,538 comparisons
90% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Sonatype Repository Firewall vs. Veracode
May 2024
Executive Summary

We performed a comparison between Sonatype Repository Firewall and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Sonatype Repository Firewall vs. Veracode Report (Updated: May 2024).
Download the complete report
772,679 professionals have used our research since 2012.
Featured Review
Ashish Shukla
You will get clean code every time, and that's a great achievement
I believe this tool is being used by most of the product development team in the organization. It's part of the CI/CD pipeline. You can say it's a... Read more →
AkashKhurana
Easy to configure, stable, and good vulnerability detection
Veracode's ability to prevent vulnerable code from being deployed into production is crucial. Typically, if a dependency we use has security issues... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you.""The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."

More Sonatype Repository Firewall Pros →

"Veracode has a nice API that they provide to allow for custom things to be built, or automation. We actually have integrated Veracode into our software development cycle using their API. We actually are able to automatically, every time a new build of a software is completed, submit that application, kick off a scan, and we get results in a much more automated fashion.""The article scanning is excellent.""The installation was straightforward.""The visibility into application status helps reduce risk exposure for our software. Today, any findings provided by the DAST are reviewed by the developers and we have internal processes in place to correct those findings before there can be a release. So it absolutely does prevent us from releasing weak code.""We use Veracode static analysis during development to eliminate vulnerability issues""It does software composition analysis, discovering open source software weaknesses.""It has almost completely eliminated the presence of SQLi vulnerabilities.""The integration of static testing with our Azure DevOps CI pipeline was easy."

More Veracode Pros →

Cons
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services.""The tool needs to improve its file systems. The product should also include zero test feature."

More Sonatype Repository Firewall Cons →

"The runtime code analysis could be improved so that we can see every element in one place.""We have approximately 900 people using the solution. The solution is scalable, but there is a high cost attached to it.""The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved.""Veracode doesn't really help you so much when it comes to fixing things. It is able to find our vulnerabilities but the remediation activities it does provide are not a straight out-of-the-box kind of model. We need to work on remediation and not completely rely on Veracode.""The solution does take a bit more time when we use it for multiple processes.""The scanning process for records could be faster and there is room for improvement in Veracode's performance.""Third-party library scanning would be very useful to have. When I was researching this a year ago, there was not a third-party library scan available. This would be a nice feature to have because we are now running through some assessments and finding out which tool can do it since this information needs to be captured. Since Veracode is a security solution, this should be related.""The product has issues with scanning."

More Veracode Cons →

Pricing and Cost Advice
  • "The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."

    • More Sonatype Repository Firewall Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    772,679 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Sonatype Nexus Firewall?
    Top Answer:The product's network and intrusion protection features are valuable. It also has rules and compliance features for security.
    Read all 2 answers   →
    What is your primary use case for Sonatype Nexus Firewall?
    Top Answer:The product helps with vulnerability and security assessment. It also helps with assessment at the configuration level.
    Read all 3 answers   →
    What advice do you have for others considering Sonatype Nexus Firewall?
    Top Answer:I would rate the solution an eight out of ten.
    Read all 2 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    35th
    out of 75 in Application Security Tools
    Views
    753
    Comparisons
    384
    Reviews
    1
    Average Words per Review
    105
    Rating
    8.0
    2nd
    out of 75 in Application Security Tools
    Views
    24,547
    Comparisons
    16,538
    Reviews
    94
    Average Words per Review
    989
    Rating
    8.1
    Comparisons
    Also Known As
    Sonatype Nexus Firewall, Nexus Firewall
    Crashtest Security , Veracode Detect
    Learn More
    Sonatype
    Veracode
    Overview

    Sonatype Repository Firewall is a cloud-based security solution designed to safeguard your software supply chain against malicious components. It operates by meticulously scanning and evaluating each new component against customized governance policies, thereby effectively identifying and blocking potential threats before they infiltrate your development pipeline. What sets Sonatype Repository Firewall apart is its user-friendly setup, seamless integration with existing workflows, and remarkable scalability, making it suitable for software development environments of any size. Key features include blocking malicious components through behavioral analysis, malware scanning, and vulnerability assessment, as well as the ability to enforce custom governance policies. By utilizing this tool, organizations can enhance their software supply chain security, mitigate risks related to supply chain attacks, bolster compliance with industry standards, and ultimately reduce costs associated with security incidents. 

    Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

    Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

    Sample Customers
    EDF, Tomitribe, Crosskey, Blackboard, Travel audience
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm33%
    Government9%
    Computer Software Company6%
    Manufacturing Company6%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise11%
    Large Enterprise75%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise14%
    Large Enterprise69%
    Buyer's Guide
    Sonatype Repository Firewall vs. Veracode
    May 2024
    Free Report: Sonatype Repository Firewall vs. Veracode
    Find out what your peers are saying about Sonatype Repository Firewall vs. Veracode and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,679 professionals have used our research since 2012.

    Sonatype Repository Firewall is ranked 35th in Application Security Tools with 3 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Sonatype Repository Firewall is rated 8.4, while Veracode is rated 8.2. The top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, Black Duck, GitHub and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Sonatype Repository Firewall vs. Veracode report.

    See our list of best Application Security Tools vendors and best Software Composition Analysis (SCA) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.