We performed a comparison between GitLab and Sonatype Nexus Firewall based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, Sonatype Nexus Firewall came out ahead of GitLab. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that GitLab's complexity is its main drawback, which some users find overwhelming and difficult to navigate.
"The most valuable features of GitLab are ease of use and highly intuitive UI and performance."
"The user interface is really good so that helps with huge teams who need to collaborate."
"I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently."
"I like that you can use GitLab as a double-sided solution for both DevOps and version management. It's a good product for working in these two areas, and the user interface makes it easy to understand."
"I have had no problem with the stability of the solution."
"It scales well."
"This product is always evolving, and they listen to the customers."
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package."
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors."
"The solution should be more cloud-native and have more cloud-native capabilities and features."
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"It is a little complex to set up the pipelines within the solution."
"I would like to see security increased in the future. A secure environment is very important."
"Expand features to match other tools such as a static code analysis tool so third-party integrations are not required."
"The tool needs to improve its file systems. The product should also include zero test feature."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
GitLab is ranked 6th in Software Composition Analysis (SCA) with 70 reviews while Sonatype Repository Firewall is ranked 12th in Software Composition Analysis (SCA) with 3 reviews. GitLab is rated 8.6, while Sonatype Repository Firewall is rated 8.4. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, SonarQube and Tekton, whereas Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, GitHub, Black Duck and Sonatype Lifecycle. See our GitLab vs. Sonatype Repository Firewall report.
See our list of best Software Composition Analysis (SCA) vendors and best Application Security Tools vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.